公共https网站上的jsse handshake_failure

时间:2010-01-29 02:51:11

标签: java ssl jsse

我已经阅读了related question,但在我看到失败的地方似乎没有失败。

我正在尝试一个非常简单的操作:

public static void main(String [] argv) {
    try {
        URL u = new URL("https://membership.usairways.com/Login.aspx");
        Object o = u.getContent();
    } catch (MalformedURLException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
}

但是在Mac和Windows机器上使用Java 6运行时会遇到handshake_failure。

其他人一直遇到无法找到证书的问题,但调试日志(-Djavax.net.debug=ssl:handshake)显示找到的证书很好:

keyStore is : 
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files (x86)\Java\jre6\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4eb200670c035d4f
  Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036

 (repeat above for a large number of certs, notably the next one here)

adding as trusted cert:
  Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x1
  Valid from Wed Jul 31 20:00:00 EDT 1996 until Thu Dec 31 18:59:59 EST 2020



trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1264732935 bytes = { 200, 133, 119, 81, 212, 158, 149, 118, 153, 199, 116, 71, 201, 115, 67, 238, 141, 69, 2, 4, 158, 99, 39, 55, 242, 1, 155, 226 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: SSLv3 Handshake, length = 74
*** ServerHello, SSLv3
RandomCookie:  GMT: -1723164650 bytes = { 122, 187, 153, 122, 194, 216, 4, 86, 68, 106, 92, 83, 166, 22, 156, 103, 30, 93, 5, 89, 138, 108, 191, 101, 41, 38, 201, 7 }
Session ID:  {64, 200, 23, 188, 201, 247, 125, 29, 43, 132, 204, 32, 58, 18, 4, 215, 3, 228, 127, 3, 0, 13, 41, 240, 200, 79, 208, 166, 79, 178, 249, 123}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
main, READ: SSLv3 Handshake, length = 1712
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=*.usairways.com, OU=csmusairwayweb, O=US Airways, L=Phoenix, ST=Arizona, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 117128872477092149134303805811049298494872749082923376652184544938174228731267664522970480129390452967053230586478159419504897327346652351403474804997804422528612377227107853983665176692187458180185822497353170111743696439530149540148901069359332724759471171438095948620900093160986648342991891132153788789693
  public exponent: 65537
  Validity: [From: Wed Apr 30 08:12:47 EDT 2008,
               To: Fri Apr 30 08:12:47 EDT 2010]
  Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  SerialNumber: [    645f032d 08d4bd17 40df6c90 666e6bf3]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl]
]]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.thawte.com]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 4A 2B 42 50 88 64 26 7E   CA 06 8C B3 CA 88 B4 8D  J+BP.d&.........
0010: 20 5A 11 F6 1F 9E 00 16   22 46 6F D9 18 8E CE 08   Z......"Fo.....
0020: 37 33 95 F9 08 2F 80 2D   26 73 C0 2A 54 2B 41 74  73.../.-&s.*T+At
0030: 2F 7F BC 17 9C 85 E3 71   E0 D7 1D CE 76 86 DD 53  /......q....v..S
0040: 2A 99 4E E7 92 27 F5 B5   2A A3 3C 9C D3 97 87 B9  *.N..'..*.%.....2q..
0070: 86 5E ED 50 27 A6 0D A6   23 F9 BB CB A6 07 14 42  .^.P'...#......B

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  Sun RSA public key, 1024 bits
  modulus: 147615723393259181416635428961329342020669051439139433844527551020558419419302186744111967954084722208863267607710475139716371688682959340524636682374402009636778742019638875797953488482650734868036331360260559337468576998663423718393870107693392913633351064416793992445974512528326405756434384337574662315063
  public exponent: 65537
  Validity: [From: Wed Jul 31 20:00:00 EDT 1996,
               To: Thu Dec 31 18:59:59 EST 2020]
  Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  SerialNumber: [    01]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 26 48 2C 16 C2 58 FA E8   16 74 0C AA AA 5F 54 3F  &H,..X...t..._T?
0010: F2 D7 C9 78 60 5E 5E 6E   37 63 22 77 36 7E B2 17  ...x`^^n7c"w6...
0020: C4 34 B9 F5 08 85 FC C9   01 38 FF 4D BE F2 16 42  .4.......8.M...B
0030: 43 E7 BB 5A 46 FB C1 C6   11 1F F1 4A B0 28 46 C9  C..ZF......J.(F.
0040: C3 C4 42 7D BC FA AB 59   6E D5 B7 51 88 11 E3 A4  ..B....Yn..Q....
0050: 85 19 6B 82 4C A4 0C 12   AD E9 A4 AE 3F F1 C3 49  ..k.L.......?..I
0060: 65 9A 8C C5 C8 3E 25 B7   94 99 BB 92 32 71 07 F0  e....>%.....2q..
0070: 86 5E ED 50 27 A6 0D A6   23 F9 BB CB A6 07 14 42  .^.P'...#......B

]
main, READ: SSLv3 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, SSLv3
main, WRITE: SSLv3 Handshake, length = 132
SESSION KEYGEN:
PreMaster Secret:
0000: 03 00 90 43 CA FE 69 A1   9B C1 D2 2A B2 52 B5 F7  ...C..i....*.R..
0010: 8F D7 6E 89 CB 9D B1 8F   C0 C1 EE 54 D8 70 4A F2  ..n........T.pJ.
0020: B6 FB D2 F2 1C BC FD 7A   2C AD 75 60 C0 5F 3B 15  .......z,.u`._;.
CONNECTION KEYGEN:
Client Nonce:
0000: 4B 62 4B 07 C8 85 77 51   D4 9E 95 76 99 C7 74 47  KbK...wQ...v..tG
0010: C9 73 43 EE 8D 45 02 04   9E 63 27 37 F2 01 9B E2  .sC..E...c'7....
Server Nonce:
0000: 99 4B 98 16 7A BB 99 7A   C2 D8 04 56 44 6A 5C 53  .K..z..z...VDj\S
0010: A6 16 9C 67 1E 5D 05 59   8A 6C BF 65 29 26 C9 07  ...g.].Y.l.e)&..
Master Secret:
0000: 65 CA 12 63 80 48 D8 4A   33 63 A3 93 6F FB F8 5A  e..c.H.J3c..o..Z
0010: 87 7D 2E C4 19 3D 0E 2E   66 D4 0A 28 B8 27 76 79  .....=..f..(.'vy
0020: F9 C8 53 67 0D 87 CB 47   29 9E 3E 37 44 7D 19 11  ..Sg...G).>7D...
Client MAC write Secret:
0000: 26 03 49 9F 35 73 6B B4   2E 22 BF EC 57 84 F1 55  &.I.5sk.."..W..U
Server MAC write Secret:
0000: 3F D0 4C 7F AD 9B 16 CD   9F 1E 81 DD 0E B9 88 CF  ?.L.............
Client write key:
0000: 55 C0 0D 36 BA 82 88 26   7B CE 16 BC B0 96 5D 9F  U..6...&......].
Server write key:
0000: 73 B1 C3 EF E5 1F E7 B4   B9 90 BA B9 EC D7 13 70  s..............p
... no IV used for this cipher
main, WRITE: SSLv3 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 36, 108, 19, 115, 108, 210, 76, 3, 226, 30, 160, 20, 81, 59, 1, 35, 71, 57, 221, 18, 4, 164, 97, 253, 166, 69, 253, 104, 207, 70, 44, 39, 0, 231, 237, 172 }
***
main, WRITE: SSLv3 Handshake, length = 56
main, READ: SSLv3 Alert, length = 2
main, RECV SSLv3 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at java.net.URLConnection.getContent(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(Unknown Source)
    at java.net.URL.getContent(Unknown Source)
    at h.Hacks.main(Hacks.java:11)

<小时/> <小时/> 修改1/31/2010:

使用wireshark查看数据包,Firefox 3.5和Java 1.6之间的客户端问候消息略有不同。

Java 1.6发送SSLv2 hello消息,但版本设置为TLS 1.0(0x0301)

Firefox 3.5发送SSLv2问候消息,但版本设置为SSLv3.0(0x0300)

服务器似乎以相同的方式响应两者。首先是服务器hello数据包,然后是带有服务器证书和'server hello done'的组合数据包

Java和Firefox的反应不同: Java 将三个SSL记录作为三个数据包发送:客户端密钥交换,然后更改密码规范,然后是加密握手消息

Firefox 将所有这三个SSL记录作为一个数据包发送。

此时,对于Java,服务器发送致命警报,指示握手失败,而firefox获取成功完成握手过程的响应。

我在这一点上最好的猜测是,来自java的TLSv1的初始请求是令人困惑的事情,或者单独的数据包在某种程度上混淆了服务器。 我知道如何测试这两种理论吗?

<小时/> <小时/> 编辑2010年2月1日: 阅读相关问题,我看到'openssl'命令行工具可以诊断某些问题。运行openssl s_client -connect membership.usairways.com:443表示发送TLSv1请求正常。因此,java与服务器交互的方式更加微妙。

2 个答案:

答案 0 :(得分:15)

有你的设置:

System.setProperty("https.protocols", "SSLv3");

你是对的 - 这是导致问题的SSL版本。 Here是某种解释。

祝贺这个很好且研究得很好的问题!

答案 1 :(得分:1)

我将FF 3.6连接到该网站并嗅探了与Wireshark的连接。实际上,第一次SSL连接尝试发送TLS1.0客户端问候,服务器响应握手失败,然后FF3.6立即使用成功的SSLv2兼容hello重试。所有这些对用户来说都是透明的,所以你不会注意到最初的失败。尝试将系统属性https.protocols设置为SSLv2Hello。请注意,JSSE不支持SSL v2,这只是初始客户端问候的格式。

编辑:

好吧,没关系,我看到JSSE默认使用SSLv2客户端问候语。我不知道为什么第一次连接失败。也许你只需要连续尝试两次。