个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
24
4
我在 netty 管道上使用证书时遇到问题。 Netty 管道由 Spring 执行,但 SSL 只是 Netty 部分的一部分。
对于依赖项,我使用的是 netty 和boringssl
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-all</artifactId>
<scope>compile</scope>
<version>4.1.70.Final</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>2.0.45.Final</version>
</dependency>
@Override
protected void initChannel(Channel ch) {
if (sslProperties.isSecured())
ch.pipeline().addLast("ssl-handler", getSslHandler(ch));
}
protected SslHandler getSslHandler(Channel ch) {
try {
final SslContext sslCtx = sslService.getSslContext();
return sslCtx.newHandler(ch.alloc());
} catch (IOException e) {
log.debug("Failed to establish Ssl Context", e);
ch.writeAndFlush("Failed to establish SSH Context");
ch.close();
}
return null;
}
public SslContext getSslContext() throws SSLException {
PrivateKey privateKey = getPrivateKey();
X509Certificate[] certChain = getCertificateChain();
try {
return SslContextBuilder.forClient()
.sslProvider(SslProvider.OPENSSL)
.protocols("TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3")
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.keyManager(privateKey, certChain)
.build();
} catch (IOException e) {
log.warn("Failed to establish Ssl Context");
log.debug("Failed to establish Ssl Context", e);
throw e;
}
}
2021-11-10 08:41:47,218 ERROR [nioEventLoopGroup-2-1] com.test.router.nio.pipeline.handler.InboundClientCompleteHandler: Exception Caught from inbound-client-complete-handler
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.handler.traffic.GlobalChannelTrafficShapingHandler.channelRead(GlobalChannelTrafficShapingHandler.java:573)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.needWrapAgain(ReferenceCountedOpenSslEngine.java:1334)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1351)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1296)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1383)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1426)
at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:222)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1342)
at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1246)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1286)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
... 25 common frames omitted
2021-11-10 08:41:47,218 DEBUG [nioEventLoopGroup-2-1] com.test.router.pipeline.handler.decoder.EventDecoder: Caught Exception in EventDecoder:
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.handler.traffic.GlobalChannelTrafficShapingHandler.channelRead(GlobalChannelTrafficShapingHandler.java:573)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.needWrapAgain(ReferenceCountedOpenSslEngine.java:1334)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1351)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1296)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1383)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1426)
at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:222)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1342)
at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1246)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1286)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
... 25 common frames omitted
最佳答案
您要连接的服务器是否使用服务器名称指示 (SNI)?如果您未在客户端上启用 SNI,您有时会收到 javax.net.ssl.SSLHandshakeException: error:100000f7:SSLroutines:OPENSSL_internal:WRONG_VERSION_NUMBER 和类似的堆栈跟踪。
要启用 SNI,您需要更改:
protected SslHandler getSslHandler(Channel ch) {
try {
final SslContext sslCtx = sslService.getSslContext();
return sslCtx.newHandler(ch.alloc());
} catch (IOException e) {
log.debug("Failed to establish Ssl Context", e);
ch.writeAndFlush("Failed to establish SSH Context");
ch.close();
}
return null;
}
protected SslHandler getSslHandler(Channel ch, String host, int port) {
try {
final SslContext sslCtx = sslService.getSslContext();
return sslCtx.newHandler(ch.alloc(), host, port);
} catch (IOException e) {
log.debug("Failed to establish Ssl Context", e);
ch.writeAndFlush("Failed to establish SSH Context");
ch.close();
}
return null;
}
关于java - Netty 套接字 SSLHandshakeException WRONG_VERSION_NUMBER,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69905690/
24
4
0
在日志中看到此错误消息,任何人都可以告诉发生了什么 “javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorExcep
我获得了一个 jar 文件,但无法访问代码(或无法修改)和一个 .cer ca 证书文件。 运行jar文件时;我收到此错误(我输入了 placeholder.hostname.com ): org.s
我需要忽略 PKIX 路径构建异常 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PK
我正在尝试使用 HttpsURLConnection 与网站建立 HTTPS 连接,然后执行 PUT 请求。当我尝试从 HttpsURLConnection.getOutputStream() 创建
我的 SSL 握手有一个小问题,当我尝试启动 GET 请求时,服务器返回 java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException
非常感谢您阅读这篇文章,我们将不胜感激! 我正在尝试使用服务帐户在云端硬盘中列出和创建一个文本文件。已经生成了一个服务帐户,下载了 p12 文件也为该帐户启用了 Drive api。但是我收到了 SS
我使用 Retrofit2。添加服务器端 SSL 后请求不会执行。 onFailure 方法获取下一个 Throwable - javax.net.ssl.SSLHandshakeException:
这个问题在这里已经有了答案: Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExce
我正在尝试使用自签名证书访问本地 https 站点。我修改了主机文件并为我的本地站点分配了一个 IP 地址;我用来访问网站的代码: String httpsURL = "https://test-s
我有一个服务到服务的连接,它间歇性地从 Jersey 客户端抛出 SSLHandshakeExceptions。 public static class MyClientFilter extends
我正在尝试创建端点以将我的谷歌应用引擎连接到我的 android 应用程序。我正在学习本教程 https://developers.google.com/eclipse/docs/endpoints-
使用这样的代码: val html = Source.fromURL("https://scans.io/json") 获取异常: Exception in thread "main" javax.n
我正在尝试从 Java 9 测试新的 HttpClient。出于测试目的,我正在使用 https://jsonplaceholder.typicode.com 提供的 api。 .但是,我收到握手异常
我正在寻找类似于 this answer 的解决方案,但更安全。我想禁用证书验证,但仅针对单个请求(这就是我所需要的)。所以它应该做以下一项或多项 完成一个请求后返回安全状态 仅对给定的 URL 禁用
当我访问 wsdl url 时,我在 android 中遇到异常 javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathVal
当我尝试使用 Java 代码以编程方式下载文件时,出现异常: Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.s
我们有一个 JavaFX 应用程序在 https 安全资源上调用我们的后端。该应用程序连续向同一个 url 发出数百个请求,以从服务器获取数据。 这通常没有问题,但现在我们有一个客户在连接到资源时报告
我正在尝试从 java 访问我的 api,但出现以下错误: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate
我最近在我的网站上添加了 SSL,可以通过 https 访问它。现在,当我的 Java 应用程序尝试向我的网站发出请求并使用缓冲读取器从中读取时,它会生成此堆栈跟踪 我没有使用自签名证书,该证书来自
我有两个代码示例,一个使用 Rest Template 和其他 Apache HttpClient 将 json 发布到我们的内部 https Web 服务。 我们的服务负载均衡器端存在这个已知的 S
我是一名优秀的程序员,十分优秀!