个人中心
文章发布
退出
作者热门文章
- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
25
4
配置
我正在使用来自 apache commons net 3.0.1 的 FtpsClient 与来自 apache ftpserver 1.0.6 的 FtpServer 对话。
客户端和服务器使用双方都安装了证书的 FTPS。失败的代码是在单独的线程中运行客户端和服务器的 junit 测试。生成证书并将其放入 junit 测试中的 keystore 中。
问题
运行java 6时通信成功,但切换到java 7后出现错误:
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
我已经尝试过的:
我升级到 apache commons net 3.3 和 apache mina 2.0.7,行为没有任何变化。
我也删除了那行
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
来自 JDK7 中的 java.security 文件。
我切换到 Java 1.6.20、Java 1.6.45(均成功)、Java 1.7.06 和 Java 1.7.45(均失败)。
我尝试将属性 sun.security.ssl.allowUnsafeRenegotiation 和 sun.security.ssl.allowLegacyHelloMessages 设置为 true
问题
您知道如何使用 Java 7 进行通信吗?
更多信息
这是与 java 7 通信失败的完整输出:
***
found key for : clientkey
chain [0] = [0] Version: 3
SerialNumber: 4712
IssuerDN: CN=Test Client CA
Start Date: Sat Dec 14 18:42:58 CET 2013
Final Date: Sun Dec 15 18:42:58 CET 2013
SubjectDN: CN=Test Client
Public Key: RSA Public Key
modulus: bc3ba4ad85d762c901a059ef55a82a1b5064a4d0f83de811a561f8ec5abf7dad4c1955434f091b3051eb37916cfbcaa293f547ed93b15e23991019ba500aee05e27d4810d56f216b685ee0f5209f77b1f500468d7e8746ffec3467f7b50004f93bc8e5a09be8871802b22d09a517ae5e543956f8475bad359391571815cb0d2d
public exponent: 3
Signature Algorithm: SHA256WithRSAEncryption
Signature: 1d1e107af090afb3806a81a1252d0714568cec43
3ea38f8600db1fc4409f0646b8b235ecf844b610
ed0c8110838ca8985bbcbe0176533fe051732958
2b834f4292f6503d1634cb3bfdcb5c70ca3da354
a92bbeb2fe02484b2c176b5e830116bdf2098353
35c95a3114c28dc248f85ac841406f400174779e
d194532d922dbc2d
***
***
found key for : serverkey
chain [0] = [0] Version: 3
SerialNumber: 4712
IssuerDN: CN=Test Server CA
Start Date: Sat Dec 14 18:42:57 CET 2013
Final Date: Sun Dec 15 18:42:57 CET 2013
SubjectDN: CN=Test Server
Public Key: RSA Public Key
modulus: bf7993e847452df221d9b018869d635260e3764543db9df97d03a6e99fb4dba4d91a991406c6cfcf2f5ec669e3bd0bb464ccd4691108c03d6d265c66bc2adfc521225ea766137abcdaa38cea6505af0f25155bceb15eceb9dd6c25e2e393c889b5a86b4fce91fafc759ec556c9544b07a58a9335ccd89c8b4320b814bbdc3561
public exponent: 3
Signature Algorithm: SHA256WithRSAEncryption
Signature: 8c75362adb73ed9797e0d11e13c73a24f715a772
76c8c12188a5e50cc7823ba36f4f8c3a0f6ee70d
6c55a1f78791c753d9820ea26bc127d87d5add17
5330a1015b45d5aad881b3f8e34e875622a277b1
4a9267ca8fade00d1dcdbc92fd50e711e59e11c1
e918a807479608f8f3cd475feb90c7bbc82cb15f
1eb119e2b899a3db
***
adding as trusted cert:
Subject: CN=Test Server
Issuer: CN=Test Server CA
Algorithm: RSA; Serial number: 0x1268
Valid from Sat Dec 14 18:42:57 CET 2013 until Sun Dec 15 18:42:57 CET 2013
adding as trusted cert:
Subject: CN=Test Client CA
Issuer: CN=Test Client CA
Algorithm: RSA; Serial number: 0x1267
Valid from Sat Dec 14 18:43:57 CET 2013 until Sun Dec 15 18:43:57 CET 2013
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
X509KeyManager passed to SSLContext.init(): need an X509ExtendedKeyManager for SSLEngine use
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1370200030 bytes = { 234, 58, 111, 82, 3, 147, 102, 163, 67, 234, 5, 39, 120, 1, 72, 181, 97, 205, 100, 87, 239, 22, 237, 213, 149, 131, 180, 33 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes: len = 163
0000: 01 00 00 9F 03 01 52 AC 98 DE EA 3A 6F 52 03 93 ......R....:oR..
0010: 66 A3 43 EA 05 27 78 01 48 B5 61 CD 64 57 EF 16 f.C..'x.H.a.dW..
0020: ED D5 95 83 B4 21 00 00 38 C0 0A C0 14 00 35 C0 .....!..8.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 00 04 00 ................
0060: FF 01 00 00 3E 00 0A 00 34 00 32 00 17 00 01 00 ....>...4.2.....
0070: 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 18 00 ................
0080: 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 00 ................
0090: 02 00 12 00 04 00 05 00 14 00 08 00 16 00 0B 00 ................
00A0: 02 01 00 ...
main, WRITE: TLSv1 Handshake, length = 163
[Raw write]: length = 168
0000: 16 03 01 00 A3 01 00 00 9F 03 01 52 AC 98 DE EA ...........R...[Raw read]: length = 5
.
00100000: : 163A 0 6F3 52 01 03 0 930 66 A3 A3 43 EA 0 5 27 78 01 48 B 5 6.1. . .:oR..
.f.C[Raw read]: length = 163
..0'0x00.H: 01. 00a
002000: 9FCD 03 64 01 57 52 EF AC 16 ED 98 D5 DE 95 EA 3 83A B4 6F 21 5 002 00 03 38 93 C0 0A . ..d.W.....R........:oR.!....8
0010.: 66. A3
0030 43: C0 EA 14 05 00 27 35 78 C0 01 05 C 480 B5 0F 61 CD00 64 5739 EF 00 16 3 8 f .CC0. 09.'x C0. 13H .a ..d.W.5....
0020.: ED. D5.9 95.8 83. B4. 21. 00. 0
00400: 00 38 C02F 0A C C00 14 04 00 C0 35 0E C0 00 33 . .0.0..! 32. C0.8 07. C0. .1.1.5 .0
00300: 05 05 C0 0./F. .00. .3.39.2 .00. .3.8. .C0
0 050 09: C C00 13 02 00 C0 2F 0C C0 C0 04 08 C0 C0 12 . .0.0.9 .80A. .C.0. 03. C0/ .0D. .0
00400: 0 16E 00 .3.3. 00. 32. C0. 0.7. .C0. . 1.1. .0.0.
006005: C000 02 13 C0 00 0C 04 C0 00 F F. .301.2 .0.0. . .0.0. 3E. 00. 0A. 00.
005034: 0008 32 C0 1 2. .00. 0A. C.0. .0.3.> .C.0.4 .2
00700D: 0000 16 17 00 00 13 01 0000 03 0004 13 0 000 15 00 .0.6. 00. 07. 00. 09. . ................
.0060.: .FF.. 0.1. 00. 00
0080 : 003E 0A 00 00 0A 18 0 000 0B 00 34 0C 00 3 002 19 00 00 1 0D7 00 00 0E 01 00 00 0F .......>......4..2...........
.0070.: 03. 00
009 130 00: 00 15 10 00 00 06 11 00 0 0 07 02 00 0900 00 12 0A 0000 04 18 00 00 05 00 1.4. .00. .0.8. . ................
.0.0.8.0.: 0B.. 00. 0C
00 00A 190 00: 00 0D 16 00 00 0E0B 00 00 0F 02 00 01 10 00 00 11 00 . . . . . .................
..
0090: 02 00 12 00 04 00 05 00 14 00 08 00 16 00 0B 00 ................
00A0: 02 01 00 ...
NioProcessor-3, READ: TLSv1 Handshake, length = 163
*** ClientHello, TLSv1
RandomCookie: GMT: 1370200030 bytes = { 234, 58, 111, 82, 3, 147, 102, 163, 67, 234, 5, 39, 120, 1, 72, 181, 97, 205, 100, 87, 239, 22, 237, 213, 149, 131, 180, 33 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
[read] MD5 and SHA1 hashes: len = 163
0000: 01 00 00 9F 03 01 52 AC 98 DE EA 3A 6F 52 03 93 ......R....:oR..
0010: 66 A3 43 EA 05 27 78 01 48 B5 61 CD 64 57 EF 16 f.C..'x.H.a.dW..
0020: ED D5 95 83 B4 21 00 00 38 C0 0A C0 14 00 35 C0 .....!..8.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 00 04 00 ................
0060: FF 01 00 00 3E 00 0A 00 34 00 32 00 17 00 01 00 ....>...4.2.....
0070: 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 18 00 ................
0080: 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 00 ................
0090: 02 00 12 00 04 00 05 00 14 00 08 00 16 00 0B 00 ................
00A0: 02 01 00 ...
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: serverkey
%% Negotiating: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1370200030 bytes = { 235, 19, 174, 10, 126, 94, 2, 53, 13, 203, 115, 119, 217, 226, 248, 251, 141, 255, 72, 117, 214, 8, 178, 182, 69, 65, 74, 111 }
Session ID: {82, 172, 152, 222, 202, 68, 136, 188, 163, 83, 250, 80, 9, 33, 99, 223, 176, 113, 255, 245, 119, 35, 136, 114, 29, 204, 36, 7, 135, 58, 46, 58}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*** Certificate chain
chain [0] = [0] Version: 3
SerialNumber: 4712
IssuerDN: CN=Test Server CA
Start Date: Sat Dec 14 18:42:57 CET 2013
Final Date: Sun Dec 15 18:42:57 CET 2013
SubjectDN: CN=Test Server
Public Key: RSA Public Key
modulus: bf7993e847452df221d9b018869d635260e3764543db9df97d03a6e99fb4dba4d91a991406c6cfcf2f5ec669e3bd0bb464ccd4691108c03d6d265c66bc2adfc521225ea766137abcdaa38cea6505af0f25155bceb15eceb9dd6c25e2e393c889b5a86b4fce91fafc759ec556c9544b07a58a9335ccd89c8b4320b814bbdc3561
public exponent: 3
Signature Algorithm: SHA256WithRSAEncryption
Signature: 8c75362adb73ed9797e0d11e13c73a24f715a772
76c8c12188a5e50cc7823ba36f4f8c3a0f6ee70d
6c55a1f78791c753d9820ea26bc127d87d5add17
5330a1015b45d5aad881b3f8e34e875622a277b1
4a9267ca8fade00d1dcdbc92fd50e711e59e11c1
e918a807479608f8f3cd475feb90c7bbc82cb15f
1eb119e2b899a3db
***
*** ECDH ServerKeyExchange
Server key: Sun EC public key, 256 bits
public x coord: 104116730850349228150645500726559419876454110473705724347998613959037720473709
public y coord: 26531088832836488156715632939801149563569358316815609029138071362300859258679
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=Test Server>
<CN=Test Client CA>
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 785
0000: 02 00 00 4D 03 01 52 AC 98 DE EB 13 AE 0A 7E 5E ...M..R........^
...
0300: 65 73 74 20 43 6C 69 65 6E 74 20 43 41 0E 00 00 est Client CA...
0310: 00 .
NioProcessor-3, WRITE: TLSv1 Handshake, length = 785
[Raw write]: length = 790
0000: 16 03 01 03 11 02 00 00 4D 03 01 52 AC 98 DE EB ........M..R....
...
0310: 43 41 0E 00 00 00 CA....
[Raw read]: length = 5
0000: 16 03 01 03 11 .....
[Raw read]: length = 785
0000: 02 00 00 4D 03 01 52 AC 98 DE EB 13 AE 0A 7E 5E ...M..R........^
...
0300: 65 73 74 20 43 6C 69 65 6E 74 20 43 41 0E 00 00 est Client CA...
0310: 00 .
main, READ: TLSv1 Handshake, length = 785
*** ServerHello, TLSv1
RandomCookie: GMT: 1370200030 bytes = { 235, 19, 174, 10, 126, 94, 2, 53, 13, 203, 115, 119, 217, 226, 248, 251, 141, 255, 72, 117, 214, 8, 178, 182, 69, 65, 74, 111 }
Session ID: {82, 172, 152, 222, 202, 68, 136, 188, 163, 83, 250, 80, 9, 33, 99, 223, 176, 113, 255, 245, 119, 35, 136, 114, 29, 204, 36, 7, 135, 58, 46, 58}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[read] MD5 and SHA1 hashes: len = 81
0000: 02 00 00 4D 03 01 52 AC 98 DE EB 13 AE 0A 7E 5E ...M..R........^
0010: 02 35 0D CB 73 77 D9 E2 F8 FB 8D FF 48 75 D6 08 .5..sw......Hu..
0020: B2 B6 45 41 4A 6F 20 52 AC 98 DE CA 44 88 BC A3 ..EAJo R....D...
0030: 53 FA 50 09 21 63 DF B0 71 FF F5 77 23 88 72 1D S.P.!c..q..w#.r.
0040: CC 24 07 87 3A 2E 3A C0 14 00 00 05 FF 01 00 01 .$..:.:.........
0050: 00 .
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=Test Server
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 134458256579882064220947016566567368624577136695715707428147091640608842041866510673093630777095713870085907129388401306119592396574283986066972630278941051105347425734712257624841831029349568388389668729188279474954100040403593251094972500714160890077269266835643135286378058696831905023827534267451981968737
public exponent: 3
Validity: [From: Sat Dec 14 18:42:57 CET 2013,
To: Sun Dec 15 18:42:57 CET 2013]
Issuer: CN=Test Server CA
SerialNumber: [ 1268]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 8C 75 36 2A DB 73 ED 97 97 E0 D1 1E 13 C7 3A 24 .u6*.s........:$
0010: F7 15 A7 72 76 C8 C1 21 88 A5 E5 0C C7 82 3B A3 ...rv..!......;.
0020: 6F 4F 8C 3A 0F 6E E7 0D 6C 55 A1 F7 87 91 C7 53 oO.:.n..lU.....S
0030: D9 82 0E A2 6B C1 27 D8 7D 5A DD 17 53 30 A1 01 ....k.'..Z..S0..
0040: 5B 45 D5 AA D8 81 B3 F8 E3 4E 87 56 22 A2 77 B1 [E.......N.V".w.
0050: 4A 92 67 CA 8F AD E0 0D 1D CD BC 92 FD 50 E7 11 J.g..........P..
0060: E5 9E 11 C1 E9 18 A8 07 47 96 08 F8 F3 CD 47 5F ........G.....G_
0070: EB 90 C7 BB C8 2C B1 5F 1E B1 19 E2 B8 99 A3 DB .....,._........
]
***
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E [Raw read]: length = 5
000 0 : 15 03 01 00 02.......
main, called closeSocket()
...main, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: auth type not accepted
..
[Raw read]: length = 2
0000: 02 2E ..
NioProcessor-3, READ: TLSv1 Alert, length = 2
NioProcessor-3, RECV TLSv1 ALERT: fatal, certificate_unknown
NioProcessor-3, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
NioProcessor-3, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
NioProcessor-3, called closeInbound()
NioProcessor-3, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
NioProcessor-3, called closeOutbound()
NioProcessor-3, closeOutboundInternal()
NioProcessor-3, SEND TLSv1 ALERT: warning, description = close_notify
NioProcessor-3, WRITE: TLSv1 Alert, length = 2
[2013-12-14 18:43:58,286 (pool-3-thread-1) org.apache.mina.filter.logging.LoggingFilter.log(LoggingFilter.java:130) WARN] EXCEPTION :
javax.net.ssl.SSLHandshakeException: SSL handshake failed.
at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:487)
...
Caused by: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.mina.filter.ssl.SslHandler.unwrap(SslHandler.java:728)
at org.apache.mina.filter.ssl.SslHandler.unwrapHandshake(SslHandler.java:666)
at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:552)
at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:351)
at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:468)
... 15 more
最佳答案
问题是自制的。
我在内部使用了一个拒绝 authType“ECDHE_RSA”的 TrustManager,Java 7 默认使用它。
将“ECDHE_RSA”添加到接受的 authTypes 列表后,通信再次成功。
关于java - 自从切换到 Java 7 后,FTPS 客户端无法与 FTPS 服务器通信,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20586695/
25
4
0
我正在编写一个具有以下签名的 Java 方法。 void Logger(Method method, Object[] args); 如果一个方法(例如 ABC() )调用此方法 Logger,它应该
我是 Java 新手。 我的问题是我的 Java 程序找不到我试图用作的图像文件一个 JButton。 (目前这段代码什么也没做,因为我只是得到了想要的外观第一的)。这是我的主课 代码: packag
好的,今天我在接受采访,我已经编写 Java 代码多年了。采访中说“Java 垃圾收集是一个棘手的问题,我有几个 friend 一直在努力弄清楚。你在这方面做得怎么样?”。她是想骗我吗?还是我的一生都
我的 friend 给了我一个谜语让我解开。它是这样的: There are 100 people. Each one of them, in his turn, does the following
如果我将使用 Java 5 代码的应用程序编译成字节码,生成的 .class 文件是否能够在 Java 1.4 下运行? 如果后者可以工作并且我正在尝试在我的 Java 1.4 应用程序中使用 Jav
有关于why Java doesn't support unsigned types的问题以及一些关于处理无符号类型的问题。我做了一些搜索,似乎 Scala 也不支持无符号数据类型。限制是Java和S
我只是想知道在一个 java 版本中生成的字节码是否可以在其他 java 版本上运行 最佳答案 通常,字节码无需修改即可在 较新 版本的 Java 上运行。它不会在旧版本上运行,除非您使用特殊参数 (
我有一个关于在命令提示符下执行 java 程序的基本问题。 在某些机器上我们需要指定 -cp 。 (类路径)同时执行java程序 (test为java文件名与.class文件存在于同一目录下) jav
我已经阅读 StackOverflow 有一段时间了,现在我才鼓起勇气提出问题。我今年 20 岁,目前在我的家乡(罗马尼亚克卢日-纳波卡)就读 IT 大学。足以介绍:D。 基本上,我有一家提供簿记应用
我有 public JSONObject parseXML(String xml) { JSONObject jsonObject = XML.toJSONObject(xml); r
我已经在 Java 中实现了带有动态类型的简单解释语言。不幸的是我遇到了以下问题。测试时如下代码: def main() { def ks = Map[[1, 2]].keySet()
一直提示输入 1 到 10 的数字 - 结果应将 st、rd、th 和 nd 添加到数字中。编写一个程序,提示用户输入 1 到 10 之间的任意整数,然后以序数形式显示该整数并附加后缀。 public
我有这个 DownloadFile.java 并按预期下载该文件: import java.io.*; import java.net.URL; public class DownloadFile {
我想在 GUI 上添加延迟。我放置了 2 个 for 循环,然后重新绘制了一个标签,但这 2 个 for 循环一个接一个地执行,并且标签被重新绘制到最后一个。 我能做什么? for(int i=0;
我正在对对象 Student 的列表项进行一些测试,但是我更喜欢在 java 类对象中创建硬编码列表,然后从那里提取数据,而不是连接到数据库并在结果集中选择记录。然而,自从我这样做以来已经很长时间了,
我知道对象创建分为三个部分: 声明 实例化 初始化 classA{} classB extends classA{} classA obj = new classB(1,1); 实例化 它必须使用
我有兴趣使用 GPRS 构建车辆跟踪系统。但是,我有一些问题要问以前做过此操作的人: GPRS 是最好的技术吗?人们意识到任何问题吗? 我计划使用 Java/Java EE - 有更好的技术吗? 如果
我可以通过递归方法反转数组,例如:数组={1,2,3,4,5} 数组结果={5,4,3,2,1}但我的结果是相同的数组,我不知道为什么,请帮助我。 public class Recursion { p
有这样的标准方式吗? 包括 Java源代码-测试代码- Ant 或 Maven联合单元持续集成(可能是巡航控制)ClearCase 版本控制工具部署到应用服务器 最后我希望有一个自动构建和集成环境。
我什至不知道这是否可能,我非常怀疑它是否可能,但如果可以,您能告诉我怎么做吗?我只是想知道如何从打印机打印一些文本。 有什么想法吗? 最佳答案 这里有更简单的事情。 import javax.swin
我是一名优秀的程序员,十分优秀!