我正致力于整合具有双向SSL的Webservice。 来自同一客户端的一项此类服务已经集成并且工作正常。
我的意思是应用程序A已经与应用程序B上托管的WS 1集成,它现在正在运行。 现在我将Application A与在Application B上托管的WS 2集成在一起
两个服务都使用相同的密钥库和信任库。
WS 1工作正常,WS 2失败,我不知道如何发生这种情况。 SSL调试日志的详细信息如下。
我验证了密码套件对于两个Web服务都是相同的。
失败的SSL握手的SSL调试日志 - WS 2:
在这里,我添加了适当的ssl日志,我在ssl日志中找到的工作服务和服务之间的差异是失败的是证书链不是由客户端发送的。
[Raw read]: length = 5
0000: 16 03 01 00 0D .....
[Raw read]: length = 13
0000: 0D 00 00 05 02 01 02 00 00 0E 00 00 00 .............
tomcat-http-1, READ: TLSv1 Handshake, length = 13
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
[read] MD5 and SHA1 hashes: len = 9
0000: 0D 00 00 05 02 01 02 00 00 .........
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
***** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1**
[write] MD5 and SHA1 hashes: len = 269
0000: 0B 00 00 03 00 00 00 10 00 01 02 01 00 4C 1E 64 .............L.d
0010: 17 BD D1 EC E9 14 82 08 12 17 01 1F 78 A0 6A 40 ............x.j@
0020: 16 24 A4 0D 54 B6 F4 CF B5 BB A0 BF 32 CD F5 BC .$..T.......2...
0030: EF 14 3C 8B 9B 72 7A 6D 27 93 59 6A AD 11 82 07 ..<..rzm'.Yj....
0040: 37 8C 68 01 EF 20 D6 0B 00 F4 0B 72 1F DE 0C 28 7.h.. .....r...(
0050: B9 47 D2 39 AB B6 E8 72 B9 6D A7 3F 0C F0 3F 1F .G.9...r.m.?..?.
0060: 3C CE 3C A2 E3 D6 CB 9D BA 5D 93 AF 26 B4 D2 83 <.<......]..&...
0070: 68 7A D2 6B 9A 10 D6 A3 95 36 D7 C1 0F C6 F4 79 hz.k.....6.....y
0080: F9 8F 3D 4D 8C D0 E0 46 E2 5A 32 46 42 19 60 09 ..=M...F.Z2FB.`.
0090: 62 15 EE F8 5C 24 A8 78 27 CD A6 22 5F 5E 94 35 b...\$.x'.."_^.5
00A0: 6B 95 C6 42 34 4B D0 98 74 DE 92 9C 8E 79 0E 3A k..B4K..t....y.:
00B0: 07 D6 17 63 E0 CE CE 8A C0 26 A5 51 A7 E4 35 8A ...c.....&.Q..5.
00C0: 5B 2F 1C A6 3A 0B 49 65 24 24 DC F8 39 42 80 38 [/..:.Ie$$..9B.8
00D0: 03 0D 49 F4 61 32 90 8B BC B6 46 47 6E C0 8B C5 ..I.a2....FGn...
00E0: 00 2F 3D AB 56 5E 04 6A AD 27 D2 39 A3 22 C5 CB ./=.V^.j.'.9."..
00F0: 9D D5 8C 47 B7 89 D1 C2 C2 CC AE F7 ED 4D 97 2F ...G.........M./
0100: 4E 4B AA 2A C5 96 A9 2C 4B 28 E0 09 44 NK.*...,K(..D
tomcat-http-1, WRITE: TLSv1 Handshake, length = 269
[Raw write]: length = 274
0000: 16 03 01 01 0D 0B 00 00 03 00 00 00 10 00 01 02 ................
0010: 01 00 4C 1E 64 17 BD D1 EC E9 14 82 08 12 17 01 ..L.d...........
0020: 1F 78 A0 6A 40 16 24 A4 0D 54 B6 F4 CF B5 BB A0 .x.j@.$..T......
0030: BF 32 CD F5 BC EF 14 3C 8B 9B 72 7A 6D 27 93 59 .2.....<..rzm'.Y
0040: 6A AD 11 82 07 37 8C 68 01 EF 20 D6 0B 00 F4 0B j....7.h.. .....
0050: 72 1F DE 0C 28 B9 47 D2 39 AB B6 E8 72 B9 6D A7 r...(.G.9...r.m.
0060: 3F 0C F0 3F 1F 3C CE 3C A2 E3 D6 CB 9D BA 5D 93 ?..?.<.<......].
0070: AF 26 B4 D2 83 68 7A D2 6B 9A 10 D6 A3 95 36 D7 .&...hz.k.....6.
0080: C1 0F C6 F4 79 F9 8F 3D 4D 8C D0 E0 46 E2 5A 32 ....y..=M...F.Z2
0090: 46 42 19 60 09 62 15 EE F8 5C 24 A8 78 27 CD A6 FB.`.b...\$.x'..
00A0: 22 5F 5E 94 35 6B 95 C6 42 34 4B D0 98 74 DE 92 "_^.5k..B4K..t..
00B0: 9C 8E 79 0E 3A 07 D6 17 63 E0 CE CE 8A C0 26 A5 ..y.:...c.....&.
00C0: 51 A7 E4 35 8A 5B 2F 1C A6 3A 0B 49 65 24 24 DC Q..5.[/..:.Ie$$.
00D0: F8 39 42 80 38 03 0D 49 F4 61 32 90 8B BC B6 46 .9B.8..I.a2....F
00E0: 47 6E C0 8B C5 00 2F 3D AB 56 5E 04 6A AD 27 D2 Gn..../=.V^.j.'.
00F0: 39 A3 22 C5 CB 9D D5 8C 47 B7 89 D1 C2 C2 CC AE 9.".....G.......
0100: F7 ED 4D 97 2F 4E 4B AA 2A C5 96 A9 2C 4B 28 E0 ..M./NK.*...,K(.
0110: 09 44 .D
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 93 71 B9 48 72 57 3D 0A BB 31 75 96 FD 0D ...q.HrW=..1u...
0010: CA 96 42 DD C9 44 B7 A8 B1 F1 A9 C1 C3 27 9F 5F ..B..D.......'._
0020: 9D 52 23 E3 36 AC EA A5 3A 05 1F F8 8D 5D 14 21 .R#.6...:....].!
CONNECTION KEYGEN:
Client Nonce:
0000: 53 8F 60 0E 0B DC B6 61 EB F5 3D C8 8C 7E 62 6D S.`....a..=...bm
0010: 5C 42 CB 7A 31 BC B0 0B D5 6F 0F B2 3C D7 3D A2 \B.z1....o..<.=.
Server Nonce:
0000: 53 8F 60 0E 6A EF 4B 22 15 D3 FB 2B 47 60 66 59 S.`.j.K"...+G`fY
0010: 95 FF 2F 5A 5E CD 24 FD AB BC 53 DA AE DE EE 6E ../Z^.$...S....n
Master Secret:
0000: 81 91 2E C9 84 28 03 2A 96 B7 50 3F 4E A6 F6 6D .....(.*..P?N..m
0010: BA E6 A3 97 90 BA 36 43 7F CC 09 DC 6C 49 23 2A ......6C....lI#*
0020: 08 F9 9A 28 37 E9 6A 7D A7 3D DF 5C 1D EE B8 C8 ...(7.j..=.\....
Client MAC write Secret:
0000: 02 6B 86 CF 08 1C F8 E1 3F 37 56 C3 E9 56 AF 7E .k......?7V..V..
0010: 8C AA 30 AD ..0.
Server MAC write Secret:
0000: 60 3E 08 7B D0 B4 23 48 79 D9 56 4E 98 17 AD 9D `>....#Hy.VN....
0010: E1 DA 9D 33 ...3
Client write key:
0000: 42 6D F6 86 E0 A5 CD 25 C1 32 EB C0 40 82 70 7C Bm.....%.2..@.p.
Server write key:
0000: 3D 28 B3 C1 E6 23 94 5F 3E F9 66 77 B1 42 EE AF =(...#._>.fw.B..
Client write IV:
0000: D1 AF 77 1A 7B 63 55 99 0D 20 EA 5F C9 35 C8 33 ..w..cU.. ._.5.3
Server write IV:
0000: 69 95 12 2F F0 85 8D 2B 8F 1F 96 73 A6 1A D7 10 i../...+...s....
tomcat-http-1, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 69, 40, 167, 235, 209, 255, 39, 90, 171, 21, 67, 200 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 45 28 A7 EB D1 FF 27 5A AB 15 43 C8 ....E(....'Z..C.
Padded plaintext before ENCRYPTION: len = 48
0000: 14 00 00 0C 45 28 A7 EB D1 FF 27 5A AB 15 43 C8 ....E(....'Z..C.
0010: F5 F5 5A E3 50 8B BE B4 0A 9C 72 2E FA D7 A2 CD ..Z.P.....r.....
0020: 9A AB 6B FD 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ..k.............
tomcat-http-1, WRITE: TLSv1 Handshake, length = 48
tomcat-http-1, waiting for close_notify or alert: state 1
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
tomcat-http-1, READ: TLSv1 Alert, length = 2
tomcat-http-1, RECV TLSv1 ALERT: fatal, handshake_failure
tomcat-http-1, called closeSocket()
tomcat-http-1, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
tomcat-http-1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
tomcat-http-1, called close()
tomcat-http-1, called closeInternal(true)
如果您发现此处出现问题的任何线索,请帮助我。
答案 0 :(得分:0)
我通过安装Java Cryptography Extension(JCE)Unlimited Strength Jurisdiction Policy Files +导入ca证书解决了这个问题。只是导入证书不起作用。