个人中心
gpt4 book ai didi

openjdk 1.8 的 Java SSL 通信握手失败

转载 作者:行者123 更新时间:2023-11-30 12:02:55 24 4
gpt4 key购买 nike

我有一个使用 RESTTemplate 与服务对话的 java 程序。我正在使用客户端证书与服务器通信。出现以下错误

main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
19:53:13.851 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Shutdown connection
19:53:13.852 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection discarded
19:53:13.852 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://api.entrust.net:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
19:53:13.854 [main] ERROR com.x.y.z.provider.a.Client - exception I/O error on GET request for "https://api.entrust.net/enterprise/v2/application/version": Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
19:53:13.858 [main] DEBUG com.x.y.z.provider.a.Client - Map the failure exception {}
org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://api.entrust.net/enterprise/v2/application/version": Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:744)
        at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:670)

当我启用调试日志时,我看到初始握手已完成,但后来失败并出现以下错误

*** CertificateVerify
Signature Algorithm SHA256withRSA
update handshake state: certificate_verify[15]
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1.2 Handshake, length = 264
update handshake state: change_cipher_spec
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 101, 230, 249, 79, 106, 34, 167, 222, 44, 208, 111, 11 }
***

update handshake state: finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
**main, WRITE: TLSv1.2 Handshake, length = 40
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT:  fatal, handshake_failure
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]**
main, called closeSocket()

有趣的是,我在笔记本电脑上运行它没有问题,但是一旦我在容器上运行它,它就会给我握手错误

我在笔记本电脑上运行 oracle jdk,但在我的容器上运行 OpenJDK-1.8.0.212 版本。可能的问题是什么?

在容器中,我确实安装了信任库和 keystore ,我可以看到它正在被使用,因为它失败的地方是我在 SSL 调试日志中显示的地方。

最佳答案

选项 1。您需要将您的信任库/ keystore 添加到您正在测试它的容器或环境的 cacerts 中,以便握手成功通过。

选项 2。您可以让您的程序读取容器/沙箱/环境中 keystore 文件的位置。

关于openjdk 1.8 的 Java SSL 通信握手失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58107934/

24 4 0
文章推荐: javascript - object.create 和链接对象
文章推荐: javascript - 将 HTML 元素设置为可滚动
文章推荐: ios - 从 Sandbox 中的 DAE 模型加载 SCNScene 对象
文章推荐: java - 为什么这段代码在 Coderbyte 上编译而不是在本地编译?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com