我通过Java连接腾讯企业邮箱(https://ex.qq.com/)上的ActiveSync服务,但获得了javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure。这是我的测试代码:
public static void main(String[] args) throws Exception {
Socket socket = SSLSocketFactory.getDefault().createSocket("ex.qq.com", 443);
socket.getOutputStream().write("GET / HTTP/1.1\r\nHost: ex.qq.com\r\n\r\n".getBytes());
}
但是,当我使用浏览器(IE / FireFox / Chrome)打开https://ex.qq.com/时,它们显示SSL连接和SSL证书没有问题。
为什么Java SSLSocket无法连接此站点,但浏览器可以?
解决:
ssllabs.com告诉我这个网站仅支持TLS_RSA_WITH_RC4_128_SHA(0x5)(参见https://www.ssllabs.com/ssltest/analyze.html?d=ex.qq.com&s=220.249.243.199)。所以我将代码更改为:
public static void main(String[] args) throws Exception {
Socket socket = SSLSocketFactory.getDefault().createSocket();
((SSLSocket) socket).setEnabledCipherSuites(new String[] {"SSL_RSA_WITH_RC4_128_SHA"});
socket.connect(new InetSocketAddress("ex.qq.com", 443));
socket.getOutputStream().write("GET / HTTP/1.1\r\nHost: ex.qq.com\r\n\r\n".getBytes());
}
起初我得到javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)。
当我从jdk.tls.disabledAlgorithms=...删除${JRE_HOME}/lib/security/java.security时,连接已成功建立: - )