在Java 6上工作时,Java 7 ssl握手失败

时间:2013-04-18 07:34:32

标签: java ssl smtp handshake

我使用Ability Mail Server(AMS)工具在各种配置(SMTP,带TLS的SMTP,基于SSL的SMTP等)中测试我的SMTP服务器网络可用性。我的服务器端是用java编写的,并使用SubethaSmtp库进行实现。

AMS运行良好并满足我的测试需求,直到我决定将我的服务器从java 6升级到java 7.从那时起,我无法使用此实用程序通过TLS测试我的SMTP over SSL和SMTP连接,因为我得到的每一次尝试:

Outgoing Route: Relay localhost:40125 rejected connection with

我在java上写的其他集成测试也是成功的,但这个问题仍然让我感到困惑。我无法找到,有什么不同。

我的java 6成功SSL握手调试输出

org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Handshake, length = 205
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
*** ClientHello, TLSv1
RandomCookie:  GMT: 1366202273 bytes = { 29, 88, 44, 226, 58, 30, 188, 76, 46, 113, 18, 193, 226, 156, 129, 241, 160, 23, 39, 190, 177, 37, 141, 173, 175, 6, 125, 195 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, Unknown 0x0:0x88, Unknown 0x0:0x87, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, Unknown 0x0:0x9a, Unknown 0x0:0x99, Unknown 0x0:0x45, Unknown 0x0:0x44, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x96, Unknown 0x0:0x41, SSL_RSA_WITH_IDEA_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
Unsupported extension type_35, data: 
***
%% Created:  [Session-1, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie:  GMT: 1366202273 bytes = { 239, 167, 83, 82, 189, 146, 43, 152, 2, 25, 247, 132, 153, 169, 208, 74, 207, 219, 235, 179, 154, 225, 199, 147, 238, 91, 114, 53 }
Session ID:  {81, 111, 152, 161, 109, 178, 13, 166, 232, 166, 36, 148, 10, 94, 92, 222, 61, 86, 245, 119, 215, 130, 31, 150, 99, 74, 121, 252, 181, 255, 30, 22}
Cipher Suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called closeSocket(selfInitiated)
chain [0] = [
[
  Version: V3
  Subject: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16529753809247247111312284751522134978177807492128325820211425902224490010793234062180928535488108823704586950959318642289246645463583464189812207858850010614046945230962602914709480782247492980056070065328765412779951346605688731554625592721596539401530793434052536122002537683254913189373178145181405215449627192067321602357247727580287704588004112308611398315890251445283600299225291631455558225388037583805230035932707731947473961715066552985380371964947081577833023069202844021620640680874794841415527496125781091471359903204493217693952167487019116813691991952393229097684735681407566394557493095017917012563127
  public exponent: 65537
  Validity: [From: Tue Sep 18 11:41:33 GMT+04:00 2012,
               To: Wed Sep 18 11:41:33 GMT+04:00 2013]
  Issuer: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
  SerialNumber: [    6e640d68]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 CC 44 CE D3 FD EA 07   18 67 A0 BE F0 70 E9 97  ..D......g...p..
0010: D2 D7 1B E3                                        ....
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 12 8A E0 40 EB 91 7F 6D   A5 06 E8 F8 A2 CD D5 EF  ...@...m........
0010: AC E1 3A 95 7C 99 09 D7   04 AA 5E 59 4D FC 45 92  ..:.......^YM.E.
0020: CD 9F 58 95 8F F1 F4 17   D4 73 8D B4 D3 BC 8C DD  ..X......s......
0030: 99 C7 47 5D 4E 22 43 BA   74 C1 4B 2B 76 98 1A AA  ..G]N"C.t.K+v...
0040: 1F 6A 62 1E 1E 2B BD 13   3D 36 97 36 05 7F 31 F1  .jb..+..=6.6..1.
0050: 68 A9 60 E1 94 74 84 6A   60 68 B4 8A ED 94 04 43  h.`..t.j`h.....C
0060: 0F 89 D2 83 4F D2 A4 4F   E7 24 D5 AE 13 7A CD F2  ....O..O.$...z..
0070: 4D AE DA B2 4C 27 C8 97   7D 10 20 13 A6 B5 83 A5  M...L'.... .....
0080: 79 96 52 CE C0 BC 2F 1E   67 7C 49 DC 3D 2E 55 24  y.R.../.g.I.=.U$
0090: 73 5E F1 95 10 6C 9A 21   1E 5F 2D 9B 75 7A D8 31  s^...l.!._-.uz.1
00A0: 59 42 B0 6C AD 86 6E 05   D9 59 86 67 16 E5 AD C1  YB.l..n..Y.g....
00B0: E8 6C 21 15 19 8A 85 D8   70 59 B4 51 D6 3D 16 CE  .l!.....pY.Q.=..
00C0: 2D AD 7B E8 08 32 0D B7   2F F0 15 1C 12 EE 9F 18  -....2../.......
00D0: C3 DE 61 16 C4 D3 A4 1A   F2 1E E0 C5 BA 28 49 B8  ..a..........(I.
00E0: 70 0E 19 21 6E 1B 47 CA   1E E9 A0 33 D9 23 D5 CF  p..!n.G....3.#..
00F0: CE 91 71 AA 6B 54 0B 24   49 4A CE 2F 92 6D 4D DA  ..q.kT.$IJ./.mM.

]
***
*** Diffie-Hellman ServerKeyExchange
DH Modulus:  { 233, 230, 66, 89, 157, 53, 95, 55, 201, 127, 253, 53, 103, 18, 11, 142, 37, 201, 205, 67, 233, 39, 179, 169, 103, 15, 190, 197, 216, 144, 20, 25, 34, 210, 195, 179, 173, 36, 128, 9, 55, 153, 134, 157, 30, 132, 106, 171, 73, 250, 176, 173, 38, 210, 206, 106, 34, 33, 157, 71, 11, 206, 125, 119, 125, 74, 33, 251, 233, 194, 112, 181, 127, 96, 112, 2, 243, 206, 248, 57, 54, 148, 207, 69, 238, 54, 136, 193, 26, 140, 86, 171, 18, 122, 61, 175 }
DH Base:  { 48, 71, 10, 213, 160, 5, 251, 20, 206, 45, 157, 205, 135, 227, 139, 199, 209, 177, 197, 250, 203, 174, 203, 233, 95, 25, 10, 167, 163, 29, 35, 196, 219, 188, 190, 6, 23, 69, 68, 64, 26, 91, 44, 2, 9, 101, 216, 194, 189, 33, 113, 211, 102, 132, 69, 119, 31, 116, 186, 8, 77, 32, 41, 216, 60, 28, 21, 133, 71, 243, 169, 241, 162, 113, 91, 226, 61, 81, 174, 77, 62, 90, 31, 106, 112, 100, 243, 22, 147, 58, 52, 109, 63, 82, 146, 82 }
Server DH Public Key:  { 196, 174, 239, 97, 244, 9, 222, 141, 94, 81, 143, 199, 56, 23, 160, 164, 140, 162, 44, 78, 243, 75, 44, 208, 229, 164, 90, 214, 232, 7, 55, 101, 24, 164, 116, 13, 189, 175, 113, 183, 170, 161, 229, 93, 86, 216, 238, 9, 179, 130, 120, 140, 173, 190, 119, 34, 131, 169, 114, 230, 223, 139, 79, 128, 46, 17, 200, 81, 229, 13, 176, 73, 129, 204, 10, 243, 197, 24, 174, 152, 108, 11, 14, 58, 168, 9, 11, 49, 222, 189, 117, 125, 126, 49, 230, 250 }
Signed with a DSA or RSA public key
*** ServerHelloDone
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Handshake, length = 1570
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Handshake, length = 102
*** ClientKeyExchange, DH
DH Public key:  { 95, 208, 98, 2, 159, 50, 206, 212, 96, 80, 180, 201, 119, 130, 53, 165, 5, 81, 35, 243, 18, 0, 100, 250, 160, 150, 10, 60, 129, 126, 9, 130, 58, 236, 226, 104, 238, 19, 255, 109, 213, 240, 24, 22, 47, 10, 6, 114, 91, 199, 56, 238, 79, 158, 30, 199, 90, 16, 174, 112, 202, 125, 87, 70, 101, 86, 131, 15, 73, 103, 223, 186, 196, 132, 4, 54, 46, 6, 58, 211, 70, 213, 246, 244, 250, 125, 1, 175, 155, 197, 68, 73, 224, 19, 133, 189 }
SESSION KEYGEN:
PreMaster Secret:
0000: 68 1E 91 97 0A 91 6A E3   B2 41 17 32 41 B9 80 24  h.....j..A.2A..$
0010: 4F C8 84 F2 7F C7 D8 F5   28 BB 84 82 4E C9 C3 53  O.......(...N..S
0020: 0B B8 10 3E 08 0B C0 87   D8 2D FB A1 BA D4 1C FB  ...>.....-......
0030: 01 DA 8F F2 10 E0 63 EA   BF 41 90 D5 25 1C EC 52  ......c..A..%..R
0040: 00 6A 33 92 C3 84 78 C4   2D 5B 8D 87 9A CE CC E9  .j3...x.-[......
0050: 23 36 49 58 9C 20 20 15   DD 4D AC 01 10 FE D6 DD  #6IX.  ..M......
CONNECTION KEYGEN:
Client Nonce:
0000: 51 6F 98 A1 1D 58 2C E2   3A 1E BC 4C 2E 71 12 C1  Qo...X,.:..L.q..
0010: E2 9C 81 F1 A0 17 27 BE   B1 25 8D AD AF 06 7D C3  ......'..%......
Server Nonce:
0000: 51 6F 98 A1 EF A7 53 52   BD 92 2B 98 02 19 F7 84  Qo....SR..+.....
0010: 99 A9 D0 4A CF DB EB B3   9A E1 C7 93 EE 5B 72 35  ...J.........[r5
Master Secret:
0000: DD 91 8B 8B 81 B8 DA 9F   EC 60 E9 F4 DF 0E C3 27  .........`.....'
0010: F8 BD 3E B1 A7 28 03 FB   A7 E7 24 DB D6 80 D5 3F  ..>..(....$....?
0020: 8C 90 F0 EF 31 65 51 03   20 CB CA 12 D8 0A 05 AB  ....1eQ. .......
Client MAC write Secret:
0000: F2 6C AE B6 C0 3B 2D D7   8E 7C D7 00 6A 3B 80 D3  .l...;-.....j;..
0010: 16 73 B2 57                                        .s.W
Server MAC write Secret:
0000: 69 2C A7 C1 32 B9 D3 3A   FD 30 15 F0 78 4E DE 76  i,..2..:.0..xN.v
0010: 6B F2 EE F2                                        k...
Client write key:
0000: C3 33 CC EC 07 6C 4F 51   1C B6 14 74 29 6C 82 59  .3...lOQ...t)l.Y
0010: 02 1D A1 99 EA 4A 10 45                            .....J.E
Server write key:
0000: 4B 6F 90 B3 C3 C0 00 35   EA DF 0F C7 7F 2D 77 3A  Ko.....5.....-w:
0010: 12 C8 34 C9 8B 6E E6 7E                            ..4..n..
Client write IV:
0000: C2 23 F2 38 C0 E2 46 99                            .#.8..F.
Server write IV:
0000: 08 CC 53 9B 23 D6 23 6B                            ..S.#.#k
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Change Cipher Spec, length = 1
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Handshake, length = 40
*** Finished
verify_data:  { 76, 73, 162, 146, 43, 189, 56, 224, 219, 30, 197, 162 }
***
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 253, 203, 94, 73, 30, 8, 230, 39, 100, 105, 142, 219 }
***
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Handshake, length = 40
%% Cached server session: [Session-1, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA]
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Application Data, length = 80
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Application Data, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Application Data, length = 48
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Application Data, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Application Data, length = 80
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Alert, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, RECV TLSv1 ALERT:  warning, close_notify
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeInternal(false)
org.subethamail.smtp.server.Session-/127.0.0.1:51806, SEND TLSv1 ALERT:  warning, description = close_notify
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Alert, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeSocket(selfInitiated)
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeInternal(true)
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeInternal(true)

我的java 7始终无法通过SSL握手调试输出

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
org.subethamail.smtp.server.Session-/127.0.0.1:51856, READ: TLSv1 Handshake, length = 205
*** ClientHello, TLSv1
RandomCookie:  GMT: 1366202735 bytes = { 148, 248, 66, 243, 154, 205, 184, 147, 105, 230, 198, 110, 97, 132, 40, 233, 246, 125, 120, 183, 97, 219, 182, 40, 20, 87, 103, 53 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_SEED_CBC_SHA, TLS_DHE_DSS_WITH_SEED_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_SEED_CBC_SHA, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_RSA_WITH_IDEA_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
Unsupported extension type_35, data: 
***
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: server_certificate
%% Negotiating:  [Session-1, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie:  GMT: 1366202735 bytes = { 218, 177, 74, 98, 93, 153, 110, 141, 95, 69, 218, 102, 107, 215, 209, 26, 0, 157, 60, 33, 94, 70, 40, 77, 46, 103, 173, 224 }
Session ID:  {81, 111, 153, 111, 235, 17, 119, 190, 82, 45, 15, 130, 77, 69, 37, 136, 91, 110, 135, 121, 204, 13, 56, 171, 101, 52, 110, 122, 85, 126, 15, 109}
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16529753809247247111312284751522134978177807492128325820211425902224490010793234062180928535488108823704586950959318642289246645463583464189812207858850010614046945230962602914709480782247492980056070065328765412779951346605688731554625592721596539401530793434052536122002537683254913189373178145181405215449627192067321602357247727580287704588004112308611398315890251445283600299225291631455558225388037583805230035932707731947473961715066552985380371964947081577833023069202844021620640680874794841415527496125781091471359903204493217693952167487019116813691991952393229097684735681407566394557493095017917012563127
  public exponent: 65537
  Validity: [From: Tue Sep 18 11:41:33 GMT+04:00 2012,
         To: Wed Sep 18 11:41:33 GMT+04:00 2013]
  Issuer: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
  SerialNumber: [    6e640d68]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 CC 44 CE D3 FD EA 07   18 67 A0 BE F0 70 E9 97  ..D......g...p..
0010: D2 D7 1B E3                                        ....
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 12 8A E0 40 EB 91 7F 6D   A5 06 E8 F8 A2 CD D5 EF  ...@...m........
0010: AC E1 3A 95 7C 99 09 D7   04 AA 5E 59 4D FC 45 92  ..:.......^YM.E.
0020: CD 9F 58 95 8F F1 F4 17   D4 73 8D B4 D3 BC 8C DD  ..X......s......
0030: 99 C7 47 5D 4E 22 43 BA   74 C1 4B 2B 76 98 1A AA  ..G]N"C.t.K+v...
0040: 1F 6A 62 1E 1E 2B BD 13   3D 36 97 36 05 7F 31 F1  .jb..+..=6.6..1.
0050: 68 A9 60 E1 94 74 84 6A   60 68 B4 8A ED 94 04 43  h.`..t.j`h.....C
0060: 0F 89 D2 83 4F D2 A4 4F   E7 24 D5 AE 13 7A CD F2  ....O..O.$...z..
0070: 4D AE DA B2 4C 27 C8 97   7D 10 20 13 A6 B5 83 A5  M...L'.... .....
0080: 79 96 52 CE C0 BC 2F 1E   67 7C 49 DC 3D 2E 55 24  y.R.../.g.I.=.U$
0090: 73 5E F1 95 10 6C 9A 21   1E 5F 2D 9B 75 7A D8 31  s^...l.!._-.uz.1
00A0: 59 42 B0 6C AD 86 6E 05   D9 59 86 67 16 E5 AD C1  YB.l..n..Y.g....
00B0: E8 6C 21 15 19 8A 85 D8   70 59 B4 51 D6 3D 16 CE  .l!.....pY.Q.=..
00C0: 2D AD 7B E8 08 32 0D B7   2F F0 15 1C 12 EE 9F 18  -....2../.......
00D0: C3 DE 61 16 C4 D3 A4 1A   F2 1E E0 C5 BA 28 49 B8  ..a..........(I.
00E0: 70 0E 19 21 6E 1B 47 CA   1E E9 A0 33 D9 23 D5 CF  p..!n.G....3.#..
00F0: CE 91 71 AA 6B 54 0B 24   49 4A CE 2F 92 6D 4D DA  ..q.kT.$IJ./.mM.

]
***
*** ECDH ServerKeyExchange
Server key: Sun EC public key, 163 bits
  public x coord: 9136528840887878846890758313033245846487987894913
  public y coord: 10222364285200404385822101945158338799500469323918
  parameters: sect163k1 [NIST K-163] (1.3.132.0.1)
*** ServerHelloDone
org.subethamail.smtp.server.Session-/127.0.0.1:51856, WRITE: TLSv1 Handshake, length = 1323
org.subethamail.smtp.server.Session-/127.0.0.1:51856, received EOFException: error
org.subethamail.smtp.server.Session-/127.0.0.1:51856, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]
org.subethamail.smtp.server.Session-/127.0.0.1:51856, SEND TLSv1 ALERT:  fatal, description = handshake_failure
org.subethamail.smtp.server.Session-/127.0.0.1:51856, WRITE: TLSv1 Alert, length = 2
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called closeSocket()
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called closeInternal(true)
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called closeInternal(true)

我的SMTP over SSL服务器实施

private static class SmtpServer extends SMTPServer {

    private SSLContext context;

    protected SmtpServer(MessageHandlerFactory factory, SSLContext context) {
        super(factory);
        this.context = context;
    }

    @Override
    public SSLSocket createSSLSocket(Socket socket) throws IOException {
        InetSocketAddress remoteAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
        SSLSocketFactory sf = context.getSocketFactory();
        SSLSocket s = (SSLSocket) sf.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true);
        // we are the server
        s.setUseClientMode(false);
        return s;
    }

}

实施没有任何差异。唯一的区别是JDK的版本。

我无法找到,握手时会出现什么问题。是测试实用程序问题还是应该执行任何步骤来解决此错误?

1 个答案:

答案 0 :(得分:0)

通过更新到位于Ability Mail Server安装文件夹内的最新版openssl distribution binaries来解决问题。运行最新版本DLL的AMS没有描述问题。

换句话说,回答我自己的问题:这个问题不在我们这边。