我们更新了SSL协议以使用SSL_TLSv2(应该允许TLSv1,TLSv1.1和TLSv1.2),我们使用https://api.sandbox.paypal.com/2.0/端点URL连接到paypal。我们已将VeriSign Class 3公共主要证书颁发机构 - G5证书添加到我们的密钥库。但我们仍然在握手失败。 错误日志:
javax.xml.ws.soap.SOAPFaultException: javax.net.ssl.SSLException: Received fatal alert: handshake_failure". javax.xml.ws.soap.SOAPFaultException: javax.net.ssl.SSLException: Received fatal alert: handshake_failure
at org.apache.axis2.jaxws.marshaller.impl.alt.MethodMarshallerUtils.createSystemException(MethodMarshallerUtils.java:1363)
at org.apache.axis2.jaxws.marshaller.impl.alt.MethodMarshallerUtils.demarshalFaultResponse(MethodMarshallerUtils.java:1089)
at org.apache.axis2.jaxws.marshaller.impl.alt.DocLitBareMethodMarshaller.demarshalFaultResponse(DocLitBareMethodMarshaller.java:417)
at org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.getFaultResponse(JAXWSProxyHandler.java:626)
at org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.createResponse(JAXWSProxyHandler.java:566)
at org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.invokeSEIMethod(JAXWSProxyHandler.java:432)
at org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.invoke(JAXWSProxyHandler.java:213)
at com.sun.proxy.$Proxy62.setExpressCheckout(Unknown Source)
请查看下面的日志(启用SSL调试后)
[6/29/16 12:17:29:389 IST] 00000211 WSChannelFram A CHFW0019I: The Transport Channel Service has started chain HttpsOutboundChain:web-proxy.corp.hp.com:8088:706802748:api.sandbox.paypal.com:-1.
adding as trusted cert:
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Subject: CN=localhost, OU=Root Certificate, OU=localhost, OU=localhost, O=IBM, C=US
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Issuer: CN=localhost, OU=Root Certificate, OU=localhost, OU=localhost, O=IBM, C=US
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Algorithm: RSA; Serial number: 0x9256ccd0f74
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Valid from Mon Mar 28 18:05:23 IST 2016 until Tue Mar 25 18:05:23 IST 2031
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O adding as trusted cert:
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Valid from Wed Nov 08 05:30:00 IST 2006 until Mon Nov 08 05:29:59 IST 2021
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O adding as trusted cert:
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Subject: CN=Symantec Class 3 Secure Server CA - G4, OU=Symantec Trust Network, O=Symantec Corporation, C=US
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Algorithm: RSA; Serial number: 0x513fb9743870b73440418d30930699ff
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O Valid from Thu Oct 31 05:30:00 IST 2013 until Tue Oct 31 05:29:59 IST 2023
[6/29/16 12:17:30:016 IST] 00000211 SystemOut O
[6/29/16 12:17:30:019 IST] 00000211 SystemOut O ***
[6/29/16 12:17:30:019 IST] 00000211 SystemOut O found key for : default
[6/29/16 12:17:30:020 IST] 00000211 SystemOut O chain [0] = [
[
Version: V3
Subject: CN=localhost, OU=localhost, OU=localhost, O=IBM, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: IBMJCE RSA Public Key:
modulus:
26167541711086627791578871564616365051862711740169857710554547535189479149908374929516177090517001379910396688828760654542434329119238956286945379132186129759458751111248999650559731436488161569437501148312306505875762201215861268858168483037657932583161029509501700884430074843289607373839133072877375577360636060242737127872859949426685225542431385914834039901653766669062129732208534425904601424824899456065980585969976422194265319042002149984018361515399815820913269930221749561374832898783792638898537082727405570885654709258468168429473416388030507181343754356665510039104609297653873247510424200394843741361793
public exponent:
65537
Validity: [From: Mon Mar 28 18:05:24 IST 2016,
To: Tue Mar 28 18:05:24 IST 2017]
Issuer: CN=localhost, OU=Root Certificate, OU=localhost, OU=localhost, O=IBM, C=US
SerialNumber: [10056828754800]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: ProfileUUID:WCDE80_180144-BASE-8a713340-a4f8-4abe-ae41-aaedf50c06bd]]
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 41 79 84 39 4f 6c 37 6f Ay.9Ol7o
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 16 f9 9f a4 29 1d f4 17 7d 80 6e 34 e7 47 5b b2 ..........n4.G..
0010: 1c fd 5b 08 92 b8 24 e7 51 04 67 71 0a 91 1c 88 ........Q.gq....
0020: 63 c4 02 99 94 dd a2 21 93 0e 58 f0 5b 94 54 27 c.........X...T.
0030: 02 d1 fe 65 8d 05 78 4d 35 02 c4 28 f9 d5 3b 11 ...e..xM5.......
0040: 95 28 d4 87 b2 2c e2 e5 77 f8 06 55 f4 f3 72 ec ........w..U..r.
0050: c9 95 6f 1e 9c a4 02 f5 41 8d 50 c0 c0 5c df 5f ..o.....A.P.....
0060: 2f dd 90 2f 8c a1 53 f3 8b a4 5f 25 37 30 06 b9 ......S.....70..
0070: 2d a2 24 7b 4c bb 60 56 0b a4 b3 6e 73 a0 71 12 ....L..V...ns.q.
0080: ab 30 df 4d 27 3c 2b 8c 66 c5 b1 b5 56 e5 3c 41 .0.M....f...V..A
0090: 65 42 d4 d6 c2 8a ec 4e ec cc c1 62 49 75 ed 1c eB.....N...bIu..
00a0: 1d c3 f6 d0 dd 79 d4 a0 9c 1e ce 1a a8 ac 0b 68 .....y.........h
00b0: b4 50 cb 6b 92 8b 9e 99 96 2c ff 5b f8 63 2e a4 .P.k.........c..
00c0: fa 4c 82 13 8d 6d 5c 49 6b 32 49 41 4d 3f 8a eb .L...m.Ik2IAM...
00d0: 16 77 60 3e 84 af 7d 38 ed 06 7d 7c b9 69 0c 50 .w.....8.....i.P
00e0: f6 59 10 d4 70 76 8c 0d 23 40 68 66 7c be d0 a7 .Y..pv....hf....
00f0: 5d 43 55 c7 5e 31 6c ef 25 cc ec 6b d3 05 4f e8 .CU..1l....k..O.
]
[6/29/16 12:17:30:020 IST] 00000211 SystemOut O chain [1] = [
[
Version: V3
Subject: CN=localhost, OU=Root Certificate, OU=localhost, OU=localhost, O=IBM, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: IBMJCE RSA Public Key:
modulus:
19904753990009309220640490407026050840230290478827945495559467830914675305969718816314697475824624971015421979520946317273041884889483490534710677359598087244263711680653006429506370864649858288482237624045812419537775828964539312096597139584695395163230244568608219831591052376071824331577827894488085049089178639843811986500484212726449214616765323493684584926518468131402057026630937301877109272783156174698101767247279976634672974959576739431097029244885330417865240554525368272023593234999310504632854754949649989504797724839753383392964247687587360456802376083021433419450872358735106842206689297528583371429329
public exponent:
65537
Validity: [From: Mon Mar 28 18:05:23 IST 2016,
To: Tue Mar 25 18:05:23 IST 2031]
Issuer: CN=localhost, OU=Root Certificate, OU=localhost, OU=localhost, O=IBM, C=US
SerialNumber: [10056343818100]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[2]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: ProfileUUID:WCDE80_180144-BASE-8a713340-a4f8-4abe-ae41-aaedf50c06bd]]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 40 c3 48 d5 8e 43 b9 e0 ..H..C..
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 87 17 da 78 ef 39 12 f0 d2 1b f0 11 70 9d 83 96 ...x.9......p...
0010: 00 70 6f bd 2d 19 6c 5b 64 3f 75 8b cf 61 ae b9 .po...l.d.u..a..
0020: 2c 6c b4 cd da b7 6e 6f 03 1b 9f f0 ff 07 6f ff .l....no......o.
0030: a1 79 a7 4a 08 e6 2a 1c 4e 5b 13 75 03 9d ab 88 .y.J....N..u....
0040: 79 be ca e3 e7 c5 66 ab f9 49 96 06 b4 81 2b 3a y.....f..I......
0050: 33 5b c1 bd c9 e4 c7 07 10 61 5c 38 0f 5d a6 b1 3........a.8....
0060: 40 93 bf ec 37 34 34 d2 ec 30 3d ae 9a 80 6b ca ....744..0....k.
0070: 1b 43 58 73 be ec 1b 41 70 3f 11 1c f3 42 a0 e6 .CXs...Ap....B..
0080: ce d5 a3 a5 37 a7 c9 46 34 3e ac a1 32 bd c3 6e ....7..F4...2..n
0090: 07 49 e0 e3 2e 85 f4 04 6b 68 80 58 a3 32 58 1c .I......kh.X.2X.
00a0: 06 90 e2 64 1a 8d 68 20 e4 a2 28 56 cf d6 06 76 ...d..h....V...v
00b0: eb 53 4f d1 90 3b 82 b0 fc 61 47 3d 3d 4b dd 03 .SO......aG..K..
00c0: 59 e4 03 7e 7e 00 47 51 2f f4 f2 17 f8 34 d1 bd Y.....GQ.....4..
00d0: 24 b9 12 8c 8e b9 18 32 4e 89 a3 fe 6e ec 3f 9b .......2N...n...
00e0: 33 0d a0 f3 45 4c 88 04 97 3d 31 07 33 81 5a 11 3...EL....1.3.Z.
00f0: e8 1d d1 68 2e 50 66 8a 4e f7 77 3c 64 82 60 a8 ...h.Pf.N.w.d...
]
[6/29/16 12:17:30:020 IST] 00000211 SystemOut O ***
[6/29/16 12:17:30:022 IST] 00000211 SystemOut O ***
[6/29/16 12:17:30:022 IST] 00000211 SystemOut O found key for : paypal
[6/29/16 12:17:30:022 IST] 00000211 SystemOut O chain [0] = [
[
Version: V3
Subject: C=US, ST=CA, L=Santa Clara, O=HP, CN=hpbiztest_api1.hp.com
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: IBMJCE RSA Public Key:
modulus:
167767787854827133772476094878602356419059997517346374275255466537187831576020199052607407432097460847863697600517067858769595716996015976450736236072075948148640801631718329787519229056273024787589358929246179803681154066413328089574908636575846498188850427968011672902341432046713914611785901831874548450751
public exponent:
65537
Validity: [From: Tue Jan 10 01:00:44 IST 2012,
To: Fri Jan 07 01:00:44 IST 2022]
Issuer: EMAILADDRESS=re@paypal.com, CN=sandbox_camerchapi, OU=sandbox_certs, O="PayPal, Inc.", L=San Jose, ST=California, C=US
SerialNumber: [1049731]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 2a 5c 68 2b fd 0a 5f 62 71 32 51 2b 25 66 cf 65 ..h....bq2Q..f.e
0010: a4 ca 06 2a d3 f1 ae 58 6d d0 bf a3 c4 e2 2e a4 .......Xm.......
0020: 98 5b 4a 01 c1 09 aa ba e9 d3 91 a0 09 d8 bf c1 ..J.............
0030: 28 17 b8 9c 7c 15 7a 08 1b ff 92 71 98 2c 28 11 ......z....q....
0040: c4 97 6f 23 fc d7 4f 3f 09 b1 5a c9 06 f2 49 6d ..o...O...Z...Im
0050: 11 d5 87 fc d4 3e 25 1d 91 fe ff 4d 67 a8 ec a4 ...........Mg...
0060: b2 4d 5e 39 5d ef 7e 6b e8 f7 86 b7 2b 35 d6 d5 .M.9...k.....5..
0070: f0 24 6c 7a 0f bc 15 9e e2 84 3c f5 80 81 d2 01 ..lz............
]
[6/29/16 12:17:30:022 IST] 00000211 SystemOut O ***
[6/29/16 12:17:30:023 IST] 00000211 SystemOut O SSLContextImpl: Using X509ExtendedKeyManager com.ibm.ws.ssl.core.WSX509KeyManager
[6/29/16 12:17:30:023 IST] 00000211 SystemOut O SSLContextImpl: Using X509TrustManager com.ibm.ws.ssl.core.WSX509TrustManager
[6/29/16 12:17:30:023 IST] 00000211 SystemOut O JsseJCE: Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.7
[6/29/16 12:17:30:023 IST] 00000211 SystemOut O trigger seeding of SecureRandom
[6/29/16 12:17:30:023 IST] 00000211 SystemOut O done seeding SecureRandom
[6/29/16 12:17:30:023 IST] 00000211 SystemOut O Using SSLEngineImpl.
[6/29/16 12:17:30:023 IST] 00000211 SystemOut O SSLv3 protocol was requested but was not enabled
[6/29/16 12:17:30:025 IST] 00000211 SystemOut O SSLv3 protocol was requested but was not enabled
[6/29/16 12:17:30:027 IST] 00000211 SystemOut O IBMJSSE2 will not allow unsafe server certificate change during renegotiation per jdk.tls.allowUnsafeServerCertChange set to FALSE or default
[6/29/16 12:17:30:027 IST] 00000211 SystemOut O
Is initial handshake: true
[6/29/16 12:17:30:027 IST] 00000211 SystemOut O Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
[6/29/16 12:17:30:027 IST] 00000211 SystemOut O Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
[6/29/16 12:17:30:027 IST] 00000211 SystemOut O Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
[6/29/16 12:17:30:027 IST] 00000211 SystemOut O Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_CBC_SHA256
[6/29/16 12:17:30:027 IST] 00000211 SystemOut O Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
[6/29/16 12:17:30:027 IST] 00000211 SystemOut O Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
[6/29/16 12:17:30:027 IST] 00000211 SystemOut O Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_GCM_SHA256
[6/29/16 12:17:30:029 IST] 00000211 SystemOut O Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
[6/29/16 12:17:30:029 IST] 00000211 SystemOut O Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
[6/29/16 12:17:30:029 IST] 00000211 SystemOut O %% No cached client session
[6/29/16 12:17:30:030 IST] 00000211 SystemOut O *** ClientHello, TLSv1
[6/29/16 12:17:30:030 IST] 00000211 SystemOut O RandomCookie: GMT: 1467182850 bytes = { 165, 170, 151, 64, 41, 40, 119, 74, 254, 115, 32, 213, 78, 45, 52, 66, 73, 224, 116, 255, 176, 137, 93, 27, 30, 166, 193, 21 }
[6/29/16 12:17:30:030 IST] 00000211 SystemOut O Session ID: {}
[6/29/16 12:17:30:030 IST] 00000211 SystemOut O Cipher Suites: [SSL_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
[6/29/16 12:17:30:030 IST] 00000211 SystemOut O Compression Methods: { 0 }
[6/29/16 12:17:30:030 IST] 00000211 SystemOut O Extension renegotiation_info, ri_length: 0, ri_connection_data: { null }
[6/29/16 12:17:30:030 IST] 00000211 SystemOut O Extension server_name, server_name: [host_name: web-proxy.corp.hp.com]
[6/29/16 12:17:30:030 IST] 00000211 SystemOut O ***
[6/29/16 12:17:30:030 IST] 00000211 SystemOut O [write] MD5 and SHA1 hashes: len = 92
[6/29/16 12:17:30:031 IST] 00000211 SystemOut O 0000: 01 00 00 58 03 01 57 73 6f 02 a5 aa 97 40 29 28 ...X..Wso.......
0010: 77 4a fe 73 20 d5 4e 2d 34 42 49 e0 74 ff b0 89 wJ.s..N.4BI.t...
0020: 5d 1b 1e a6 c1 15 00 00 0c 00 2f 00 33 00 32 00 ............3.2.
0030: 0a 00 16 00 13 01 00 00 23 ff 01 00 01 00 00 00 ................
0040: 00 1a 00 18 00 00 15 77 65 62 2d 70 72 6f 78 79 .......web.proxy
0050: 2e 63 6f 72 70 2e 68 70 2e 63 6f 6d .corp.hp.com
[6/29/16 12:17:30:031 IST] 00000211 SystemOut O WebContainer : 4, WRITE: TLSv1 Handshake, length = 92
[6/29/16 12:17:30:031 IST] 00000211 SystemOut O [Raw write]: length = 97
[6/29/16 12:17:30:031 IST] 00000211 SystemOut O 0000: 16 03 01 00 5c 01 00 00 58 03 01 57 73 6f 02 a5 ........X..Wso..
0010: aa 97 40 29 28 77 4a fe 73 20 d5 4e 2d 34 42 49 .....wJ.s..N.4BI
0020: e0 74 ff b0 89 5d 1b 1e a6 c1 15 00 00 0c 00 2f .t..............
0030: 00 33 00 32 00 0a 00 16 00 13 01 00 00 23 ff 01 .3.2............
0040: 00 01 00 00 00 00 1a 00 18 00 00 15 77 65 62 2d ............web.
0050: 70 72 6f 78 79 2e 63 6f 72 70 2e 68 70 2e 63 6f proxy.corp.hp.co
0060: 6d m
[6/29/16 12:17:30:371 IST] 00000211 SystemOut O [Raw read]: length = 5
[6/29/16 12:17:30:371 IST] 00000211 SystemOut O 0000: 15 03 01 00 02 .....
[6/29/16 12:17:30:371 IST] 00000211 SystemOut O [Raw read]: length = 2
[6/29/16 12:17:30:371 IST] 00000211 SystemOut O 0000: 02 28 ..
[6/29/16 12:17:30:371 IST] 00000211 SystemOut O WebContainer : 4, READ: TLSv1 Alert, length = 2
[6/29/16 12:17:30:371 IST] 00000211 SystemOut O WebContainer : 4, RECV TLSv1 ALERT: fatal, handshake_failure
[6/29/16 12:17:30:373 IST] 00000211 SystemOut O WebContainer : 4, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
[6/29/16 12:17:30:373 IST] 00000211 SystemOut O WebContainer : 4, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure