如何解决SSL illegal_parameter?

时间:2015-03-02 10:29:26

标签: java ssl jdk1.5

以解决SSL HANDSHAKE问题。我写这段代码。

我有这个错误,因为我连接到HTTPS URL,它有3级证书链,其中2048密钥,RSA。我在互联网上找到了解决方案。但我有问题。 

 exludedCipherSuites = { "_DHE_", "_DH_" }; 
List<String> enabledCiphers = new ArrayList<String>();
        String[] cArray = new String[enabledCiphers.size()];
        SSLSocketFactory osf=context.getSocketFactory();
        SSLSocket socket = 
                  (SSLSocket)osf.createSocket(url.getHost(), 443);

        List<String> limited = new LinkedList<String>();
        for(String cipher : ((SSLSocket)socket).getEnabledCipherSuites())
        {
            boolean exclude = false;
            if (exludedCipherSuites != null) {
                for (int i = 0; i < exludedCipherSuites.length && !exclude; i++) {
                    System.out.println("HERE");
                    exclude = cipher.indexOf(exludedCipherSuites[i]) >= 0;
                }
            }
            if (!exclude) {
                enabledCiphers.add(cipher);
            }
        }       
       enabledCiphers.toArray(cArray);


        HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
        SSLSocketFactory sf = context.getSocketFactory();
        sf = new DOSSLSocketFactory(sf, cArray);
        urlConnection.setSSLSocketFactory(sf);

我的日志是:

setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : 
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files (x86)\Java\jre1.5.0_04\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Issuer:  EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Algorithm: RSA; Serial number: 0x1
  Valid from Sat Jun 26 00:19:54 GMT 1999 until Wed Jun 26 00:19:54 GMT 2019

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer:  CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000bf
  Valid from Wed May 17 14:01:00 GMT 2000 until Sat May 17 23:59:00 GMT 2025

adding as trusted cert:
  Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
  Issuer:  CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
  Algorithm: RSA; Serial number: 0x374ad243
  Valid from Tue May 25 16:09:40 GMT 1999 until Sat May 25 16:39:40 GMT 2019

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer:  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000b9
  Valid from Fri May 12 18:46:00 GMT 2000 until Mon May 12 23:59:00 GMT 2025

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
  Valid from Fri Oct 01 00:00:00 GMT 1999 until Wed Jul 16 23:59:59 GMT 2036

adding as trusted cert:
  Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Issuer:  OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Jun 29 17:39:16 GMT 2004 until Thu Jun 29 17:39:16 GMT 2034

adding as trusted cert:
  Subject: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x0
  Valid from Mon Jan 01 00:00:00 GMT 1996 until Thu Dec 31 23:59:59 GMT 2020

adding as trusted cert:
  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
  Valid from Mon Jan 29 00:00:00 GMT 1996 until Tue Aug 01 23:59:59 GMT 2028

adding as trusted cert:
  Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
  Issuer:  OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
  Algorithm: RSA; Serial number: 0x3770cfb5
  Valid from Wed Jun 23 12:14:45 GMT 1999 until Sun Jun 23 12:14:45 GMT 2019

adding as trusted cert:
  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Issuer:  OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Algorithm: RSA; Serial number: 0x35def4cf
  Valid from Sat Aug 22 16:41:51 GMT 1998 until Wed Aug 22 16:41:51 GMT 2018

adding as trusted cert:
  Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x0
  Valid from Mon Jan 01 00:00:00 GMT 1996 until Thu Dec 31 23:59:59 GMT 2020

adding as trusted cert:
  Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0x4
  Valid from Mon Jun 21 04:00:00 GMT 1999 until Sun Jun 21 04:00:00 GMT 2020

adding as trusted cert:
  Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x0
  Valid from Mon Jan 01 00:00:00 GMT 1996 until Thu Dec 31 23:59:59 GMT 2020

adding as trusted cert:
  Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Issuer:  CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1b6
  Valid from Fri Aug 14 14:50:00 GMT 1998 until Wed Aug 14 23:59:00 GMT 2013

adding as trusted cert:
  Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
  Valid from Mon Jan 29 00:00:00 GMT 1996 until Tue Aug 01 23:59:59 GMT 2028

adding as trusted cert:
  Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
  Issuer:  CN=GTE CyberTrust Root, O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1a3
  Valid from Fri Feb 23 23:01:00 GMT 1996 until Thu Feb 23 23:59:00 GMT 2006

adding as trusted cert:
  Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
  Issuer:  CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x389b113c
  Valid from Fri Feb 04 17:20:00 GMT 2000 until Tue Feb 04 17:50:00 GMT 2020

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
  Valid from Mon May 18 00:00:00 GMT 1998 until Tue Aug 01 23:59:59 GMT 2028

adding as trusted cert:
  Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Aug 01 00:00:00 GMT 1996 until Thu Dec 31 23:59:59 GMT 2020

adding as trusted cert:
  Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  Issuer:  OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
  Valid from Wed Nov 09 00:00:00 GMT 1994 until Thu Jan 07 23:59:59 GMT 2010

adding as trusted cert:
  Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
  Issuer:  CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
  Algorithm: RSA; Serial number: 0x380391ee
  Valid from Tue Oct 12 19:24:30 GMT 1999 until Sat Oct 12 19:54:30 GMT 2019

adding as trusted cert:
  Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
  Issuer:  CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x389ef6e4
  Valid from Mon Feb 07 16:16:40 GMT 2000 until Fri Feb 07 16:46:40 GMT 2020

adding as trusted cert:
  Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
  Valid from Mon Jan 29 00:00:00 GMT 1996 until Tue Aug 01 23:59:59 GMT 2028

adding as trusted cert:
  Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
  Valid from Fri Oct 01 00:00:00 GMT 1999 until Wed Jul 16 23:59:59 GMT 2036

adding as trusted cert:
  Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Issuer:  CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1a5
  Valid from Thu Aug 13 00:29:00 GMT 1998 until Mon Aug 13 23:59:00 GMT 2018

adding as trusted cert:
  Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Aug 01 00:00:00 GMT 1996 until Thu Dec 31 23:59:59 GMT 2020

adding as trusted cert:
  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x23456
  Valid from Tue May 21 04:00:00 GMT 2002 until Sat May 21 04:00:00 GMT 2022

adding as trusted cert:
  Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Issuer:  CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x3863b966
  Valid from Fri Dec 24 17:50:51 GMT 1999 until Tue Dec 24 18:20:51 GMT 2019

adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Mon Jun 21 04:00:00 GMT 1999 until Sun Jun 21 04:00:00 GMT 2020

adding as trusted cert:
  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Issuer:  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Jun 29 17:06:20 GMT 2004 until Thu Jun 29 17:06:20 GMT 2034

adding as trusted cert:
  Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
  Valid from Fri Oct 01 00:00:00 GMT 1999 until Wed Jul 16 23:59:59 GMT 2036

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
  Valid from Mon May 18 00:00:00 GMT 1998 until Tue Aug 01 23:59:59 GMT 2028

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
  Valid from Mon May 18 00:00:00 GMT 1998 until Tue Aug 01 23:59:59 GMT 2028

init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
export control - checking the cipher suites
export control - found legal entry in cache...
export control - checking the cipher suites
export control - found legal entry in cache...
export control - checking the cipher suites
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1408514027 bytes = { 131, 103, 243, 127, 176, 81, 196, 241, 82, 228, 105, 94, 214, 203, 201, 5, 194, 113, 57, 188, 61, 223, 159, 93, 195, 178, 117, 150 }
Session ID:  {}
Cipher Suites: []
Compression Methods:  { 0 }
***
[write] MD5 and SHA1 hashes:  len = 43
0000: 01 00 00 27 03 01 54 F4   38 EB 83 67 F3 7F B0 51  ...'..T.8..g...Q
0010: C4 F1 52 E4 69 5E D6 CB   C9 05 C2 71 39 BC 3D DF  ..R.i^.....q9.=.
0020: 9F 5D C3 B2 75 96 00 00   00 01 00                 .]..u......
main, WRITE: TLSv1 Handshake, length = 43
[write] MD5 and SHA1 hashes:  len = 41
0000: 01 03 01 00 00 00 00 00   20 54 F4 38 EB 83 67 F3  ........ T.8..g.
0010: 7F B0 51 C4 F1 52 E4 69   5E D6 CB C9 05 C2 71 39  ..Q..R.i^.....q9
0020: BC 3D DF 9F 5D C3 B2 75   96                       .=..]..u.
main, WRITE: SSLv2 client hello message, length = 41
[Raw write]: length = 43
0000: 80 29 01 03 01 00 00 00   00 00 20 54 F4 38 EB 83  .)........ T.8..
0010: 67 F3 7F B0 51 C4 F1 52   E4 69 5E D6 CB C9 05 C2  g...Q..R.i^.....
0020: 71 39 BC 3D DF 9F 5D C3   B2 75 96                 q9.=..]..u.
[Raw read]: length = 5
0000: 15 03 01 00 02                                     .....
[Raw read]: length = 2
0000: 02 2F                                              ./
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, illegal_parameter
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLException: Received fatal alert: illegal_parameter
- unexpected error
javax.net.ssl.SSLException: Received fatal alert: illegal_parameter
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)

我通过了

   -Dcom.sun.net.ssl.enableECC=false -Dcom.sun.net.ssl.enableECC=false 
    -Djsse.enableSNIExtension=false

但它没有解决问题。 我用jdk 1.5

1 个答案:

答案 0 :(得分:0)

您的VM args有两倍的enableECC选项。尝试:

-Dsun.security.ssl.allowUnsafeRenegotiation=true

如果您使用自签名证书。

相关问题
最新问题