在JDK 11下使用TLS 1.3的握手失败
原则上,在JDK 11下使用TLS 1.3是可行的。但是,一旦在两个并发线程中建立连接,两者的初始握手就会失败。
这显然是一个已知问题,据信已解决:
给出这个简单的Java类
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class Main {
public static void main(String[] args) throws Exception {
Thread t1 = new Thread(Main::createAndUseSslSocket);
Thread t2 = new Thread(Main::createAndUseSslSocket);
t1.start();
t2.start();
do {
Thread.sleep(100);
} while (t1.isAlive() || t2.isAlive());
}
private static void createAndUseSslSocket() {
try (SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket("www.verisign.com", 443)) {
socket.startHandshake();
} catch (Exception e) {
System.err.println(e.getClass().getName() + " " + e.getMessage());
}
}
}
执行以下命令(在Windows 10计算机上)
使用OpenJDK 11.0.9.11-hotspot(据称已修复此问题):
"C:\Program Files\AdoptOpenJDK\jdk-11.0.9.11-hotspot/bin/javac" Main.java
"C:\Program Files\AdoptOpenJDK\jdk-11.0.9.11-hotspot/bin/java" -Djdk.tls.client.protocols="TLSv1.3" Main
甚至是OpenJDK 15.0.1.9-hotspot(这是AdoptOpenJDK.net截止到今天的“最新”选项):
"C:\Program Files\AdoptOpenJDK\jdk-15.0.1.9-hotspot/bin/javac" Main.java
"C:\Program Files\AdoptOpenJDK\jdk-15.0.1.9-hotspot/bin/java" -Djdk.tls.client.protocols="TLSv1.3" Main
两者都产生相同的输出
javax.net.ssl.SSLHandshakeException Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException Received fatal alert: handshake_failure
此问题已正式修复,但我似乎无法正常使用。
这是怎么回事?
有一种解决方法,但是从长远来看,这是不可接受的:
使用以下JVM属性禁用TLS 1.3:
-Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
* EDIT:包括-Djavax.net.debug=all时输出结束(对于StackOverflow,所有字符都超过140k个字符。
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:993|keyStore is :
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:994|keyStore type is : pkcs12
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:996|keyStore provider is :
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:1031|init keystore
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:1054|init keymanager of type SunX509
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:44.850 CET|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.850 CET|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:44.862 CET|SSLConfiguration.java:458|System property jdk.tls.client.SignatureSchemes is set to 'null'
javax.net.ssl|WARNING|0F|Thread-1|2020-10-30 15:16:44.863 CET|SignatureScheme.java:282|Signature algorithm, ed25519, not supported by JSSE
javax.net.ssl|WARNING|0F|Thread-1|2020-10-30 15:16:44.863 CET|SignatureScheme.java:282|Signature algorithm, ed448, not supported by JSSE
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha256
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha256
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha1
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: rsa_md5
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha1
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: rsa_md5
javax.net.ssl|INFO|0E|Thread-0|2020-10-30 15:16:45.194 CET|AlpnExtension.java:165|No available application protocols
javax.net.ssl|INFO|0F|Thread-1|2020-10-30 15:16:45.194 CET|AlpnExtension.java:165|No available application protocols
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.194 CET|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.194 CET|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.195 CET|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.195 CET|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "D0 1B 63 ED D3 4E 05 5E 98 E1 6B 9D F8 32 81 14 43 D3 45 F7 0D D3 D6 20 98 35 DF 67 85 C9 A9 65",
"session id" : "44 52 47 AB 32 A6 FC C1 CA 78 A7 DE 32 AC F8 95 6C DF 68 07 0C C5 35 D4 44 ED 29 7A 2F C9 BE 1E",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=www.verisign.com
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: 4C 31 CF 53 D6 2D 6D 30 19 D3 7E 4E CD B6 6A E2 L1.S.-m0...N..j.
0010: 3A 49 0F C4 14 C2 53 FD 53 89 0D 7D 8F 4C AE 46 :I....S.S....L.F
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "3C 06 CA 04 F8 0F E4 E6 94 93 1F 48 A4 C0 84 27 76 7E D6 22 BB 62 B2 C6 CF FA A4 61 BE 02 04 E2",
"session id" : "C1 C4 8D 99 B0 57 69 D7 63 DC 78 26 7B 15 0B B1 F5 2E B9 50 52 22 F0 32 FB 63 C4 AA E4 FC E6 72",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=www.verisign.com
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: DF DF 74 F2 A7 A9 B5 EB 74 E4 26 DE F6 2B 82 27 ..t.....t.&..+.'
0010: C1 4E D8 16 91 CA CB F6 0B 91 EE C9 69 C6 4F 03 .N..........i.O.
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:258|WRITE: TLS13 handshake, length = 266
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:258|WRITE: TLS13 handshake, length = 266
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:272|Raw write (
0000: 16 03 03 01 0A 01 00 01 06 03 03 3C 06 CA 04 F8 ...........<....
0010: 0F E4 E6 94 93 1F 48 A4 C0 84 27 76 7E D6 22 BB ......H...'v..".
0020: 62 B2 C6 CF FA A4 61 BE 02 04 E2 20 C1 C4 8D 99 b.....a.... ....
0030: B0 57 69 D7 63 DC 78 26 7B 15 0B B1 F5 2E B9 50 .Wi.c.x&.......P
0040: 52 22 F0 32 FB 63 C4 AA E4 FC E6 72 00 06 13 02 R".2.c.....r....
0050: 13 01 13 03 01 00 00 B7 00 00 00 15 00 13 00 00 ................
0060: 10 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F .www.verisign.co
0070: 6D 00 05 00 05 01 00 00 00 00 00 0A 00 16 00 14 m...............
0080: 00 1D 00 17 00 18 00 19 00 1E 01 00 01 01 01 02 ................
0090: 01 03 01 04 00 0D 00 1E 00 1C 04 03 05 03 06 03 ................
00A0: 08 04 08 05 08 06 08 09 08 0A 08 0B 04 01 05 01 ................
00B0: 06 01 02 03 02 01 00 32 00 1E 00 1C 04 03 05 03 .......2........
00C0: 06 03 08 04 08 05 08 06 08 09 08 0A 08 0B 04 01 ................
00D0: 05 01 06 01 02 03 02 01 00 2B 00 03 02 03 04 00 .........+......
00E0: 2D 00 02 01 01 00 33 00 26 00 24 00 1D 00 20 DF -.....3.&.$... .
00F0: DF 74 F2 A7 A9 B5 EB 74 E4 26 DE F6 2B 82 27 C1 .t.....t.&..+.'.
0100: 4E D8 16 91 CA CB F6 0B 91 EE C9 69 C6 4F 03 N..........i.O.
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:272|Raw write (
0000: 16 03 03 01 0A 01 00 01 06 03 03 D0 1B 63 ED D3 .............c..
0010: 4E 05 5E 98 E1 6B 9D F8 32 81 14 43 D3 45 F7 0D N.^..k..2..C.E..
0020: D3 D6 20 98 35 DF 67 85 C9 A9 65 20 44 52 47 AB .. .5.g...e DRG.
0030: 32 A6 FC C1 CA 78 A7 DE 32 AC F8 95 6C DF 68 07 2....x..2...l.h.
0040: 0C C5 35 D4 44 ED 29 7A 2F C9 BE 1E 00 06 13 02 ..5.D.)z/.......
0050: 13 01 13 03 01 00 00 B7 00 00 00 15 00 13 00 00 ................
0060: 10 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F .www.verisign.co
0070: 6D 00 05 00 05 01 00 00 00 00 00 0A 00 16 00 14 m...............
0080: 00 1D 00 17 00 18 00 19 00 1E 01 00 01 01 01 02 ................
0090: 01 03 01 04 00 0D 00 1E 00 1C 04 03 05 03 06 03 ................
00A0: 08 04 08 05 08 06 08 09 08 0A 08 0B 04 01 05 01 ................
00B0: 06 01 02 03 02 01 00 32 00 1E 00 1C 04 03 05 03 .......2........
00C0: 06 03 08 04 08 05 08 06 08 09 08 0A 08 0B 04 01 ................
00D0: 05 01 06 01 02 03 02 01 00 2B 00 03 02 03 04 00 .........+......
00E0: 2D 00 02 01 01 00 33 00 26 00 24 00 1D 00 20 4C -.....3.&.$... L
00F0: 31 CF 53 D6 2D 6D 30 19 D3 7E 4E CD B6 6A E2 3A 1.S.-m0...N..j.:
0100: 49 0F C4 14 C2 53 FD 53 89 0D 7D 8F 4C AE 46 I....S.S....L.F
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
0000: 15 03 03 00 02 .....
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:214|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
0000: 02 28 .(
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:247|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
0000: 15 03 03 00 02 .....
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:214|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
0000: 02 28 .(
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:247|READ: TLSv1.2 alert, length = 2
javax.net.ssl|ERROR|0E|Thread-0|2020-10-30 15:16:45.372 CET|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:202)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1488)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1394)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412)
at Main.createAndUseSslSocket(Main.java:23)
at java.base/java.lang.Thread.run(Thread.java:832)}
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSessionImpl.java:1224|Invalidated session: Session(1604067404870|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|ERROR|0F|Thread-1|2020-10-30 15:16:45.372 CET|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:202)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1488)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1394)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412)
at Main.createAndUseSslSocket(Main.java:23)
at java.base/java.lang.Thread.run(Thread.java:832)}
)
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSessionImpl.java:1224|Invalidated session: Session(1604067404870|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1727|close the underlying socket
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1727|close the underlying socket
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1746|close the SSL connection (initiative)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1746|close the SSL connection (initiative)
1 个答案:
答案 0 :(得分:2)
这不是你的错(JDK11也不是)。
我在所提问题的评论中说得太早了,在本地,如果我提供-Djdk.tls.client.protocols="TLSv1.3",与您的失败相同。
查看调试输出,是服务器拒绝了握手:
javax.net.ssl|DEBUG|0D|Thread-1|2020-10-30 15:30:52.829 CET|SSLSocketInputRecord.java:477|Raw read (
0000: 02 28 .(
)
如果您使用openssl并强制TLS1.3,它将失败,并显示相同的错误:
openssl s_client -connect www.verisign.com:443 -tls1_3
CONNECTED(00000003)
139777244485440:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
注意alert number 40对应于从Java的调试输出中看到的十六进制28。
因此www.verisign.com遇到TLS1.3的问题
如果您尝试例如www.google.com正常工作
更新
我刚刚使用SSL Labs对www.verisign.com进行了在线测试,它确认了:
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?