个人中心
gpt4 book ai didi

Java Web 服务检查 SSL 握手警报 : handshake_failure

转载 作者:太空宇宙 更新时间:2023-11-03 14:15:30 24 4
gpt4 key购买 nike

我已经使用 Apache Wink 为 Web 服务客户端编写了简单的方法。调用此方法时出现异常 javax.net.ssl.SSLProtocolException: handshake alert: handshake_failure

String serviceURL = "https://eval-cloud2.castiron.com/envq/Development/url?id=" + id + "&ciUser=user&ciPassword=pass";  


System.setProperty("https.protocols", "SSLv3");
RestClient client = new RestClient();

Resource resource = client.resource(serviceURL);

try {
    text = resource.accept("text/plain").get(String.class);         
    } catch (ClientWebException e) {
    e.printStackTrace();
    } catch (Exception e) {     
    e.printStackTrace();
   }

我已经添加了证书

keytool -import -alias castiron-trust -keystore "C:\Program Files\Java\jre7\lib\security\cacerts" -file "C:\Users\User1\Desktop\CastIron\castiron.cer" -storepass changeit

我已经打开了 ssl 调试

keyStore is : 
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4eb200670c035d4f
  Valid from Wed Oct 25 11:36:00 FEST 2006 until Sat Oct 25 11:36:00 FET 2036

adding as trusted cert:
  Subject: CN=*.castiron.com, OU=IT, O=IBM Corporation, L=San Jose, ST=CA, C=US
  Issuer:  CN=DigiCert Secure Server CA, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x2d2bd48d2e347446f4a70e23e38c539
  Valid from Wed Sep 18 03:00:00 FET 2013 until Wed Nov 23 15:00:00 FET 2016

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-apr-8080-exec-6, setSoTimeout(60000) called
%% No cached client session
*** ClientHello, SSLv3
RandomCookie:  GMT: 1370528261 bytes = { 248, 208, 114, 121, 205, 90, 4, 185, 164, 65, 92, 92, 105, 92, 32, 2, 25, 36, 246, 199, 196, 164, 41, 201, 136, 222, 122, 67 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: eval-cloud2.castiron.com]
***
http-apr-8080-exec-6, WRITE: SSLv3 Handshake, length = 182
http-apr-8080-exec-6, READ: SSLv3 Alert, length = 2
http-apr-8080-exec-6, RECV TLSv1 ALERT:  warning, handshake_failure
SSL - handshake alert: handshake_failure
http-apr-8080-exec-6, handling exception: javax.net.ssl.SSLProtocolException: handshake alert:  handshake_failure
http-apr-8080-exec-6, SEND TLSv1 ALERT:  fatal, description = unexpected_message
http-apr-8080-exec-6, WRITE: TLSv1 Alert, length = 2
http-apr-8080-exec-6, called closeSocket()

我不明白ServerHello在哪里。请帮助我了解问题所在。

最佳答案

我遇到了同样的错误,我在客户端服务器上安装了 jdk1.5,我调用的 api 有 jdk1.6。作为解决方案,我实现了以下可能有帮助的代码。我为此使用了两个 jar :

bcprov-ext-jdk15on-160.jar
bctls-jdk15on-1.57.jar

使用以下代码来支持 TLSV1.2,因为 jdk1.6 将其用于 ssl 连接。

    Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    Security.insertProviderAt(new BouncyCastleProvider(), 1);

    Security.removeProvider(BouncyCastleJsseProvider.PROVIDER_NAME);
    Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);

    TrustManager tm = new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            if (chain == null || chain.length < 1 || authType == null || authType.length() < 1) {
                throw new IllegalArgumentException();
            }
        }

        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }
    };
    SSLContext sslContext = SSLContext.getInstance("TLSv1.2", BouncyCastleJsseProvider.PROVIDER_NAME);
    sslContext.init(null, new TrustManager[] { tm }, new SecureRandom());

    HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());

现在 api 调用应该像下面这样发生。

URL url = new URL("https://yourURL.com");

HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setRequestMethod("GET");
if (conn.getResponseCode() != 200) {
                throw new RuntimeException("Failed : HTTP error code : " + conn.getResponseCode());
            }
conn.disconnect();

关于Java Web 服务检查 SSL 握手警报 : handshake_failure,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20659290/

24 4 0
文章推荐: c# - 如何在 C# 中判断 GPS 形状是否相交?
文章推荐: python - 当前上下文为空时如何处理sqlalchemy onupdate?
文章推荐: python - 如何将 @cache_page 装饰器与基于 Django 类的 View 一起使用?
文章推荐: python - Firestore .get() 导致超出截止日期
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com