我们有两个服务,客户端是Rails应用程序,服务器是使用Play Framework构建的REST API。我们在Rails中使用HTTParty客户端。
我们在这两项服务之间出现间歇性SSL握手错误。在Play上,我们收到以下错误:
Jan 09 14:37:47 graph-dev graph: org.jboss.netty.handler.ssl.SslHandler - SSLEngine.closeInbound() raised an exception after a handshake failure.
Jan 09 14:37:47 graph-dev javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
Jan 09 14:37:47 graph-dev at: sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
Jan 09 14:37:47 graph-dev at: sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
Jan 09 14:37:47 graph-dev at: sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
Jan 09 14:37:47 graph-dev at: sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1517)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1407)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1293)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:913)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90)
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
Jan 09 14:37:47 graph-dev at: java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
Jan 09 14:37:47 graph-dev at: java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
Jan 09 14:37:47 graph-dev at: java.lang.Thread.run(Thread.java:744)
On Rails,相应的错误:
Error: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert handshake failure
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `connect'
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `block in connect'
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/timeout.rb:52:in `timeout'
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `connect'
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:862:in `do_start'
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:851:in `start'
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:1367:in `request'
我们的SSL证书由RapidSSL发布。在Play上,我们包含由Equifax签署的验证GeoTrust的交叉根证书。
我们一直试图解决这个问题几天,我们真的很茫然。
答案 0 :(得分:0)
Play邮件列表上提供了答案。我们将DiffieHellman添加到jdk.tls.disabledAlgorithms中$JAVA_HOME/jre/lib/security/java.security的默认值的末尾,并解决了它。
在该名单上获得Will Sargent的信用。
https://groups.google.com/forum/#!topic/play-framework/ECee_w2wlrU