SSLException:收到致命警报:handshake_failure

时间:2014-07-10 15:23:59

标签: java ssl https

我的Java版本现在是1.6.0_20(以厘米为单位),握手时失败,下面是我的错误日志

我在1.6.0_65(在mac os中)和1.7(centos)中尝试过,它运行正常。

有人可以告诉我有什么不对吗?

THX

%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1388162409 bytes = { 201, 80, 102, 52, 186, 58, 211, 29, 133, 98, 47, 125, 5, 21, 48, 206, 125, 170, 124, 89, 250, 83, 90, 47, 124, 120, 131, 28 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
qp-worker-3, WRITE: TLSv1 Handshake, length = 73
qp-worker-3, WRITE: SSLv2 client hello message, length = 98
[23:12:41 [qp-worker-3] DEBUG i.n.channel.DefaultChannelPipeline] - Discarded inbound message EmptyLastHttpContent that reached at the tail of the pipeline. Please check your pipeline configuration.
qp-worker-3, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie:  GMT: 1388162391 bytes = { 12, 103, 251, 144, 26, 135, 139, 17, 21, 169, 221, 121, 219, 21, 55, 46, 40, 186, 251, 153, 225, 104, 71, 24, 18, 85, 249, 210 }
Session ID:  {68, 23, 151, 147, 160, 101, 199, 197, 40, 59, 68, 205, 207, 200, 151, 145, 147, 107, 248, 70, 145, 27, 151, 170, 1, 201, 210, 235, 138, 162, 50, 177}
Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
Compression Method: 0
***
%% Created:  [Session-4, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
qp-worker-3, READ: TLSv1 Handshake, length = 3256
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=*.eurolot.com, OU=ZHI, O=EUROLOT S.A, L=Warszawa, ST=Mazowieckie, C=PL
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 26717493331350574149439057854903618167737193958673987690726300695457346279972631392320491962781127122899333760559484103614371343706808111202269438980170118210235833365938793936044343421959430293110131285244803242483740013959849587544202560762801349892191942309549256844093260258219101618660470390785366611465550577056253063909239354872865690205330242859582034382368971120250711768909598334637806994345777265659043445492851322189523711957606360806587817002724725860948865123154765517838001989719981766366568039690899154811668409941728394879679362224085287514684192560049324831862025454651970662842183481516113072605239
  public exponent: 65537
  Validity: [From: Wed Mar 05 08:00:00 CST 2014,
               To: Wed Jun 17 07:59:59 CST 2015]
  Issuer: CN=GeoTrust SSL CA - G2, O=GeoTrust Inc., C=US
  SerialNumber: [    5c1f383d b37279f5 463d4a64 abbba966]

Certificate Extensions: 8
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 11 4A D0 73 39 D5 5B 69   08 5C BA 3D BF 64 9A A8  .J.s9.[i.\.=.d..
0010: 8B 1C 55 BC                                        ..U.
]

]

[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://gtssl2-crl.geotrust.com/gtssl2.crl]
]]

[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: *.eurolot.com
  DNSName: eurolot.com
]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 25 68 74 74 70 3A 2F   2F 77 77 77 2E 67 65 6F  .%http://www.geo
0010: 74 72 75 73 74 2E 63 6F   6D 2F 72 65 73 6F 75 72  trust.com/resour
0020: 63 65 73 2F 63 70 73                               ces/cps

]]  ]
]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://gtssl2-ocsp.geotrust.com,
   accessMethod: 1.3.6.1.5.5.7.48.2
   accessLocation: URIName: http://gtssl2-aia.geotrust.com/gtssl2.cer]
]

[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 42 28 EC 43 45 B3 95 4E   01 B0 9D B3 A1 E1 6D 25  B(.CE..N......m%
0010: 48 B6 58 90 1D D0 C4 85   E2 BB B6 08 F8 AD 3A A0  H.X...........:.
0020: 64 E1 F2 21 A5 09 B1 0D   7C 91 D9 BD 09 02 3F 36  d..!..........?6
0030: 41 6C A2 B1 D7 4B 79 56   A7 69 23 76 76 C2 FB 65  Al...KyV.i#vv..e
0040: B2 18 74 23 09 1A 84 0C   7B F7 02 67 DC 4A E9 C5  ..t#.......g.J..
0050: A4 13 27 E5 10 D0 85 98   66 32 4A D9 55 57 F8 61  ..'.....f2J.UW.a
0060: 8E 58 E5 15 6A 62 53 C6   BA ED 88 3D 67 E4 E0 80  .X..jbS....=g...
0070: 4A B9 25 3F F2 F3 4B E8   32 FE D4 2F 7F F7 FA 29  J.%?..K.2../...)
0080: DF 2D 63 44 A3 42 96 BC   29 B6 62 2D 3F 55 39 E7  .-cD.B..).b-?U9.
0090: B5 08 9A B2 66 2E AD 07   D5 41 BB 7D D6 FB 6D F2  ....f....A....m.
00A0: 64 70 7F 85 8E C6 4A 74   74 16 87 F1 A3 1F 22 30  dp....Jtt....."0
00B0: 95 96 2F 3F E1 70 D6 44   FA A1 5B 25 91 6D 8A 48  ../?.p.D..[%.m.H
00C0: 82 D2 A8 D0 9F 1A 68 A9   3C 3E 1C AD CE 92 31 E6  ......h.<>....1.
00D0: F0 43 D3 C3 18 15 8A 10   04 9C E6 07 6C BD B1 E5  .C..........l...
00E0: 0C 55 A6 F1 E2 C6 76 42   09 02 BF 13 B9 CE 8E E5  .U....vB........
00F0: 76 25 E5 81 81 B6 4B 3A   0E 15 F6 32 A3 17 7B AE  v%....K:...2....

]
chain [1] = [
[
  Version: V3
  Subject: CN=GeoTrust SSL CA - G2, O=GeoTrust Inc., C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 23373798270969908444664991419789100380868226233529647049828656180333235592731542885141115357322991274956822132949373753788337661511461680586143677473425418676220137113275571997497445440584006687042420914219794030592523712130738516192478919848292672980675285228798280665542889795500280123049198906605498041667702465327238906422627205862738598570636000893352075424000807208480699028779732984057622968272573706072537354890619269618152962834548848981493416500845320770560488775530592239216394908638648859629030123581819174392088562030643815330121326968213129767898297942711404932337145903403704076776921182150718992962263
  public exponent: 65537
  Validity: [From: Tue Aug 28 04:40:40 CST 2012,
               To: Sat May 21 04:40:40 CST 2022]
  Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  SerialNumber: [    023a63]

Certificate Extensions: 8
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 11 4A D0 73 39 D5 5B 69   08 5C BA 3D BF 64 9A A8  .J.s9.[i.\.=.d..
0010: 8B 1C 55 BC                                        ..U.
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB   05 64 0C 11 7D AA 7D 65  .z.h.....d.....e
0010: B8 CA CC 4E                                        ...N
]

]

[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  CN=VeriSignMPKI-2-254
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.geotrust.com/crls/gtglobal.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 25 68 74 74 70 3A 2F   2F 77 77 77 2E 67 65 6F  .%http://www.geo
0010: 74 72 75 73 74 2E 63 6F   6D 2F 72 65 73 6F 75 72  trust.com/resour
0020: 63 65 73 2F 63 70 73                               ces/cps

]]  ]
]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.geotrust.com]
]

[8]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 3C E5 3D 5A 1B A2 37 2A   E3 46 CF 36 96 18 3C 7B  <.=Z..7*.F.6..<.
0010: F1 84 C5 57 86 77 40 9D   35 F0 12 F0 78 18 FB 22  ...W.w@.5...x.."
0020: A4 DE 98 4B 78 81 E6 4D   86 E3 91 0F 42 E3 B9 DC  ...Kx..M....B...
0030: A0 D6 FF A9 F8 B1 79 97   99 D1 C3 6C 42 A5 92 94  ......y....lB...
0040: E0 5D 0C 33 18 25 C9 2B   95 53 E0 E5 A9 0C 7D 47  .].3.%.+.S.....G
0050: FE 7F 51 31 44 5E F7 2A   1E 35 A2 94 32 F7 C9 EE  ..Q1D^.*.5..2...
0060: C0 B6 C6 9A AC DE 99 21   6A 23 A0 38 64 EE A3 C4  .......!j#.8d...
0070: 88 73 32 3B 50 CE BF AD   D3 75 1E A6 F4 E9 F9 42  .s2;P....u.....B
0080: 6B 60 B2 DD 45 FD 5D 57   08 CE 2D 50 E6 12 32 16  k`..E.]W..-P..2.
0090: 13 8A F2 94 A2 9B 47 A8   86 7F D9 98 E5 F7 E5 76  ......G........v
00A0: 74 64 D8 91 BC 84 16 28   D8 25 44 30 7E 82 D8 AC  td.....(.%D0....
00B0: B1 E4 C0 E4 15 6C DB B6   24 27 02 2A 01 12 85 BA  .....l..$'.*....
00C0: 31 88 58 47 74 E3 B8 D2   64 A6 C3 32 59 2E 29 4B  1.XGt...d..2Y.)K
00D0: 45 F1 5B 89 49 2E 82 9A   C6 18 15 44 D0 2E 64 01  E.[.I......D..d.
00E0: 15 68 38 F9 F6 F9 66 03   0C 55 1B 9D BF 00 40 AE  .h8...f..U....@.
00F0: F0 48 27 4C E0 80 5E 2D   B9 2A 15 7A BC 66 F8 35  .H'L..^-.*.z.f.5

]
chain [2] = [
[
  Version: V3
  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 27620593608073140957439440929253438012688864718977347268272053725994928948867769687165112265058896553974818505070806430256424431940072485024407486246475597522063246121214348496326377341879755851197260401080498544606788760407243324127929930612201002157618691487713632251700065187865963692723720912135393438861302779432180613616167225206519123176430362410262429702404863434904116727055203524505580952824336979641923534005571504410997292144760317953739063178352809680844232935574095508445145910310675421726257114605895831426222686272114090063230017292595425393719031924942422176213538487957041730136782988405751614792953
  public exponent: 65537
  Validity: [From: Tue May 21 12:00:00 CST 2002,
               To: Tue Aug 21 12:00:00 CST 2018]
  Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  SerialNumber: [    12bbe6]

Certificate Extensions: 6
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB   05 64 0C 11 7D AA 7D 65  .z.h.....d.....e
0010: B8 CA CC 4E                                        ...N
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95   D7 47 D8 23 20 10 4F 33  H.h.+....G.# .O3
0010: 98 90 9F D4                                        ....
]

]

[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.geotrust.com/crls/secureca.crl]
]]

[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 2D 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 65  .-https://www.ge
0010: 6F 74 72 75 73 74 2E 63   6F 6D 2F 72 65 73 6F 75  otrust.com/resou
0020: 72 63 65 73 2F 72 65 70   6F 73 69 74 6F 72 79     rces/repository

]]  ]
]

[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 76 E1 12 6E 4E 4B 16 12   86 30 06 B2 81 08 CF F0  v..nNK...0......
0010: 08 C7 C7 71 7E 66 EE C2   ED D4 3B 1F FF F0 F0 C8  ...q.f....;.....
0020: 4E D6 43 38 B0 B9 30 7D   18 D0 55 83 A2 6A CB 36  N.C8..0...U..j.6
0030: 11 9C E8 48 66 A3 6D 7F   B8 13 D4 47 FE 8B 5A 5C  ...Hf.m....G..Z\
0040: 73 FC AE D9 1B 32 19 38   AB 97 34 14 AA 96 D2 EB  s....2.8..4.....
0050: A3 1C 14 08 49 B6 BB E5   91 EF 83 36 EB 1D 56 6F  ....I......6..Vo
0060: CA DA BC 73 63 90 E4 7F   7B 3E 22 CB 3D 07 ED 5F  ...sc....>".=.._
0070: 38 74 9C E3 03 50 4E A1   AF 98 EE 61 F2 84 3F 12  8t...PN....a..?.

]
***
qp-worker-3, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
qp-worker-3, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 88 A9 7D 45 5B 3D   C6 71 5F 24 0D 66 E0 21  .....E[=.q_$.f.!
0010: 4F F1 7A 38 47 74 8C 6E   30 31 24 79 9F 81 9D DD  O.z8Gt.n01$y....
0020: 89 52 4F 9C 4F CA 88 76   1B D6 72 39 87 0B B2 83  .RO.O..v..r9....
CONNECTION KEYGEN:
Client Nonce:
0000: 53 BE AD 69 C9 50 66 34   BA 3A D3 1D 85 62 2F 7D  S..i.Pf4.:...b/.
0010: 05 15 30 CE 7D AA 7C 59   FA 53 5A 2F 7C 78 83 1C  ..0....Y.SZ/.x..
Server Nonce:
0000: 53 BE AD 57 0C 67 FB 90   1A 87 8B 11 15 A9 DD 79  S..W.g.........y
0010: DB 15 37 2E 28 BA FB 99   E1 68 47 18 12 55 F9 D2  ..7.(....hG..U..
Master Secret:
0000: 28 2B 8C 01 30 6D 63 B8   6D BA 64 2F 73 26 DE 4A  (+..0mc.m.d/s&.J
0010: 90 3F B1 41 C4 3E 2A 0D   0D C3 91 76 A5 79 26 99  .?.A.>*....v.y&.
0020: 68 D5 66 D9 A4 6D F7 90   7B 8C DC B6 ED 08 6B 6C  h.f..m........kl
Client MAC write Secret:
0000: E4 93 C2 3B 1C 32 D3 21   A3 7E F8 7F 9E 47 09 34  ...;.2.!.....G.4
0010: 45 09 A4 07                                        E...
Server MAC write Secret:
0000: 80 09 70 EC 01 0A B8 8E   3B 86 80 A1 CE E3 4C D0  ..p.....;.....L.
0010: 4D F3 96 45                                        M..E
Client write key:
0000: C6 96 AD 12 E4 17 28 70   F9 69 D0 79 A9 39 D6 C1  ......(p.i.y.9..
Server write key:
0000: 5F 95 CA 70 D5 C0 48 A8   2A A7 90 A7 CD 50 A9 9A  _..p..H.*....P..
... no IV used for this cipher
qp-worker-3, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 252, 222, 202, 222, 151, 254, 82, 255, 41, 171, 134, 206 }
***
qp-worker-3, WRITE: TLSv1 Handshake, length = 36
qp-worker-3, READ: TLSv1 Change Cipher Spec, length = 1
qp-worker-3, READ: TLSv1 Handshake, length = 36
*** Finished
verify_data:  { 196, 131, 130, 244, 200, 34, 14, 228, 14, 212, 150, 139 }
***
%% Cached client session: [Session-4, SSL_RSA_WITH_RC4_128_SHA]
[23:12:46 [qp-worker-3] DEBUG io.netty.handler.ssl.SslHandler] - [id: 0xfe86ff32, /192.168.237.222:51922 => /117.122.138.115:9001] HANDSHAKEN: SSL_RSA_WITH_RC4_128_SHA
qp-worker-3, WRITE: TLSv1 Application Data, length = 525
[23:12:46 [qp-worker-3] DEBUG q.t.q.client.DefaultRequestExecutor] - Request sent to proxy server successfully
qp-worker-3, READ: TLSv1 Alert, length = 22
qp-worker-3, RECV TLSv1 ALERT:  fatal, handshake_failure
qp-worker-3, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
qp-worker-3, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
qp-worker-3, called closeOutbound()
qp-worker-3, closeOutboundInternal()
qp-worker-3, SEND TLSv1 ALERT:  warning, description = close_notify
qp-worker-3, WRITE: TLSv1 Alert, length = 22
qp-worker-3, called closeInbound()
qp-worker-3, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

1 个答案:

答案 0 :(得分:0)

通过更新jdk解决这个问题到1.6.0_45