gpt4 book ai didi

javax.net.ssl.SSLProtocolException : Handshake message sequence violation, 2

转载 作者:行者123 更新时间:2023-11-29 03:08:37 27 4
gpt4 key购买 nike

我正在尝试通过 XMPP 协议(protocol)建立 TLS 安全(使用客户端身份验证)连接。我使用的是标准端口而不是专用 SSL 端口,后者显然已被弃用。 startTLS 进程永远不会完成握手。

我收到:javax.net.ssl.SSLProtocolException:握手消息序列违规,2

调试摘录显示我的客户端收到来自服务器的意外消息。 CertificateRequest 已从服务器发送,但 CA 列表为空。

是否有很多事情会导致这种握手违规 (2)?什么可能导致服务器不发送在其信任库中配置的可接受权限?

感谢您的任何见解。

更新:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@ PROTOTYPE: TLS client authentication XMPP connection. @@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
USER: 111111
OS: Windows 7
Java: C:\Program Files (x86)\Java\jdk1.8.0_45\jre
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Loading trusted authorities from trust store...
adding as trusted cert:
...(trimmed)

Loading credentials from key store...
***
found key for : Signing Certificate - John K. Doe
chain [0] = [
...(trimmed)
***
Initializing SSL context for TLS...
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@ PROTOTYPE: Built XMPP connection configuration. @@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Connection instantiated.
10:17:24 AM SENT (0): <stream:stream xmlns='jabber:client' to='steerage.org' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
10:17:24 AM RECV (0): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="steerage.org" id="e7e393bd" xml:lang="en" version="1.0"><stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>EXTERNAL</mechanism></mechanisms></stream:features>
10:17:24 AM SENT (0): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls>
10:17:24 AM RECV (0): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1433793908 bytes = { 4, 180, 17, 97, 147, 6, 68, 124, 234, 40, 155, 145, 132, 27, 164, 29, 175, 239, 139, 23, 14, 133, 162, 215, 44, 220, 241, 2 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [type=host_name (0), value=steerage.org]
***
Smack Packet Reader (0), WRITE: TLSv1.2 Handshake, length = 239
Smack Packet Reader (0), READ: TLSv1.2 Handshake, length = 3708
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1433793908 bytes = { 238, 60, 108, 5, 104, 190, 219, 147, 215, 187, 195, 89, 114, 224, 165, 213, 141, 48, 112, 176, 129, 42, 78, 190, 196, 119, 143, 101 }
Session ID: {85, 118, 245, 116, 90, 98, 141, 24, 47, 246, 162, 187, 92, 255, 11, 153, 45, 237, 178, 52, 9, 196, 116, 50, 61, 190, 48, 63, 26, 70, 155, 58}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=steerage....(trimmed)

***
Found trusted certificate:
[
[
Version: V3
Subject: CN=TKT Root CA 2, ...(trimmed)

*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
public x coord: 16285061615265061295479758192758299168932729034919494399422438099012833644130
public y coord: 91712186275093768179410924600166089746856150468196826634149937267800342978949
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<Empty>
*** ServerHelloDone
matching alias: john.k.doe.1258700011
matching alias: Card Authentication Certificate
matching alias: Authentication Certificate - John K. Doe
matching alias: Encryption Certificate - John K. Doe (Archived) - 12/4/2013
matching alias: doe_john_k@some.com
matching alias: Signing Certificate - John K. Doe
matching alias: Encryption Certificate - John K. Doe
org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 5000ms (~5s). Used filter: No filter used or filter was 'null'.
at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackException.java:106)
at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackException.java:85)
at org.jivesoftware.smack.SynchronizationPoint.checkForResponse(SynchronizationPoint.java:192)
at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWait(SynchronizationPoint.java:114)
at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWaitOrThrow(SynchronizationPoint.java:97)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection.java:837)
at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.java:360)
at pke4chat.TestProtoType.main(TestProtoType.java:87)
10:17:29 AM SENT (0): <presence id='c06He-3' type='unavailable'><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.igniterealtime.org/projects/smack' ver='NfJ3flI83zSdUDzCEICtbypursw='/></presence>
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=John K. Doe, ...(trimmed)

***
*** ECDHClientKeyExchange
ECDH Public value: { 4, 183, 254, 13, 26, 104, 205, 105, 32, 193, 10, 62, 33, 82, 142, 4, 183, 231, 178, 204, 126, 170, 178, 111, 33, 155, 241, 187, 146, 182, 254, 138, 117, 145, 170, 80, 32, 176, 179, 113, 157, 193, 210, 75, 2, 195, 132, 111, 210, 183, 73, 98, 15, 201, 170, 127, 36, 15, 233, 126, 38, 225, 193, 6, 71 }
Smack Packet Reader (0), WRITE: TLSv1.2 Handshake, length = 5387
SESSION KEYGEN:
PreMaster Secret:
0000: D3 5B D2 C9 4A AD 9A E6 F4 DE 3C 3C 0B D5 A2 C2 .[..J.....<<....
0010: CA A3 BA BE 2A 50 BA 27 3F 1E D1 34 94 CD 84 A4 ....*P.'?..4....
CONNECTION KEYGEN:
Client Nonce:
0000: 55 76 F5 74 04 B4 11 61 93 06 44 7C EA 28 9B 91 Uv.t...a..D..(..
0010: 84 1B A4 1D AF EF 8B 17 0E 85 A2 D7 2C DC F1 02 ............,...
Server Nonce:
0000: 55 76 F5 74 EE 3C 6C 05 68 BE DB 93 D7 BB C3 59 Uv.t.<l.h......Y
0010: 72 E0 A5 D5 8D 30 70 B0 81 2A 4E BE C4 77 8F 65 r....0p..*N..w.e
Master Secret:
0000: 61 9B 54 1F AB B0 F6 B1 D4 3C F9 79 0E D8 E1 AD a.T......<.y....
0010: 29 3C E1 55 8D EF 2E 8D 13 3B 94 BB 32 5F C8 7F )<.U.....;..2_..
0020: 13 A8 48 B6 C5 0F 50 A4 B5 41 82 C6 A3 F0 41 95 ..H...P..A....A.
Client MAC write Secret:
0000: 42 1B F0 67 9E 1D 81 44 3A 76 8D D1 AD 4D 48 A4 B..g...D:v...MH.
0010: B6 27 70 12 08 FB CF 5D 39 7F 51 05 6D 08 61 F7 .'p....]9.Q.m.a.
Server MAC write Secret:
0000: DD 40 97 24 B0 96 00 A6 CD 49 02 7A 60 75 32 A2 .@.$.....I.z`u2.
0010: 80 41 FD 38 48 06 67 A7 51 E4 44 8E 72 AB 75 C4 .A.8H.g.Q.D.r.u.
Client write key:
0000: DE 5A B7 2D 9D 0F 2F C3 C9 82 D9 EA 88 0D 14 A3 .Z.-../.........
Server write key:
0000: A1 66 08 7C AB 23 56 B9 8F 09 2B 78 67 19 1F BF .f...#V...+xg...
... no IV derived for this protocol
Jun 09, 2015 10:17:34 AM org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketWriter shutdown
WARNING: shutdownDone was not marked as successful by the writer thread
org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 5000ms (~5s). Used filter: No filter used or filter was 'null'.
at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackException.java:106)
at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackException.java:85)
at org.jivesoftware.smack.SynchronizationPoint.checkForResponse(SynchronizationPoint.java:192)
at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWait(SynchronizationPoint.java:114)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketWriter.shutdown(XMPPTCPConnection.java:1265)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.shutdown(XMPPTCPConnection.java:494)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.shutdown(XMPPTCPConnection.java:476)
at org.jivesoftware.smack.AbstractXMPPConnection.disconnect(AbstractXMPPConnection.java:666)
at org.jivesoftware.smack.AbstractXMPPConnection.disconnect(AbstractXMPPConnection.java:646)
at pke4chat.TestProtoType.main(TestProtoType.java:105)

main, called close()
main, called closeInternal(true)
*** CertificateVerify
Signature Algorithm SHA512withRSA
Smack Packet Reader (0), WRITE: TLSv1.2 Handshake, length = 264
Smack Packet Reader (0), WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 49, 187, 92, 176, 21, 132, 60, 183, 10, 47, 235, 93 }
***
Smack Packet Reader (0), WRITE: TLSv1.2 Handshake, length = 80
main, SEND TLSv1.2 ALERT: warning, description = close_notify
main, WRITE: TLSv1.2 Alert, length = 64
main, called closeSocket(true)
Smack Packet Writer (0), handling exception: java.net.SocketException: Socket closed
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
Smack Packet Writer (0), called closeSocket()
Smack Packet Reader (0), handling exception: java.net.SocketException: Socket closed

最佳答案

根据我的经验,当客户端证书过期时会发生此异常。您可以通过

验证您的 JKS 客户端证书
keytool -list -keystore client.keystore.jks  -v

并检查 Valid from ... to ...

关于javax.net.ssl.SSLProtocolException : Handshake message sequence violation, 2,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30718245/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com