我的情况是Open SSL服务器在没有证书的情况下运行,如下所示: openssl s_server -accept 4443 -nocert
如何使用Java连接到此服务器?另外,如何在Java中启动服务器以不接受证书?
我已经附加了我一直在使用的Client.java和Server.java的代码。
在客户端运行附加代码时出错:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
at Client.main(Client.java:27)
服务器端出错:
ERROR
140387701290656:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1358:
shutting down SSL
CONNECTION CLOSED
ACCEPT
Client.java
public class Client {
public static void main(String[] arstring) {
try {
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("localhost", 4443);
//sslsocket.setEnabledCipherSuites(sslsocket.getSupportedCipherSuites());
sslsocket.setEnabledCipherSuites(new String[] { "TLS_DH_anon_WITH_AES_128_CBC_SHA" }); //Added upon suggestion from Steffan
boolean test = sslsocket.isConnected();
System.out.println(test);
InputStream inputstream = sslsocket.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
System.out.println("1");
OutputStream outputstream = sslsocket.getOutputStream();
System.out.println("2");
OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream,"UTF-8");
String str = "hello\n";
outputstreamwriter.write(str,0,str.length());
//outputstreamwriter.flush();
BufferedWriter bufferedwriter = new BufferedWriter(outputstreamwriter);
String string = null;
int count = 0;
string = bufferedreader.readLine();
while (true) {
System.out.println(string);
System.out.flush();
System.out.println(++count);
string = bufferedreader.readLine();
if (inputstream.available()==0)
break;
else{
System.out.print("StreamData:");
System.out.println(inputstream.available());
}
}
System.out.println("Out");
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
Server.java
public class Server {
public static void main(String[] arstring) {
try {
SSLServerSocketFactory sslServersocketFactory =
(SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslServersocketFactory.createServerSocket(4443);
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
sslSocket.setEnabledCipherSuites(sslSocket.getSupportedCipherSuites());
if (sslSocket.isConnected())
System.out.println("Connected to a client");
InputStream inputStream = sslSocket.getInputStream();
InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
String command = "";
String response = "";
while ((command = bufferedReader.readLine()) != null) {
System.out.println("Command Recieved: "+command);
if (command.toLowerCase().compareTo("hello")==0)
response = "Bingo !! You got it write!\n";
else
response = "Type Hello to see a response\n";
OutputStream outputStream = sslSocket.getOutputStream();
OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream,"UTF-8");
outputStreamWriter.write(response, 0, response.length());
outputStreamWriter.flush();
}
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
编辑:
我想我需要使用匿名DH密码,但它仍然无效。可能是我做错了。代码也已编辑过。
答案 0 :(得分:2)
如何使用Java发送不发送证书的SSL服务器?
如果它没有发送证书,那么它可能使用(1)预共享密钥密码套件之一,如TLS-SRP或TLS-PSK,或(2)使用Anonymous Diffie-Hellman。
预共享密钥密码套件通常是选择,因为它们提供相互身份验证和通道绑定。
Anonymous Diffie-Hellman通常是一个糟糕的选择,因为它缺乏服务器身份验证。
我的情况是Open SSL服务器在没有证书的情况下运行,如下所示:openssl s_server -accept 4443 -nocert
嗯,你有它。
如何使用Java连接到此服务器?另外,如何在Java中启动服务器以不接受证书?
使用包含匿名交换的密码套件,例如:
您可以在openssl ciphers手册页上获取ADH-AES128-SHA到TLS_DH_anon_WITH_AES_128_CBC_SHA的映射。
您可以尝试命令:
openssl s_server -accept 4443 -tls1 -nocert -cipher "HIGH"
通过启用TLS1,您可以解决任何潜在问题,其中一方或另一方禁用SSLv2和SSLv3(这是一件好事),但您只提供SSLv3(这是一件坏事)。
密码套件列表字符串"HIGH"默认包含ADH(在生产中,通常是"HIGH:!ADH:!RC4:!MD5...")。