TooTallNate的Websockets库WSS问题

时间:2015-07-08 11:17:02

标签: java ssl websocket java-websocket

使用TooTallNate的Websockets库来实现websocket服务器,它完美无缺。 现在我需要实现Websockets安全。我在example中创建了密钥库并实现了WSS服务器。 像这样创建了密钥库:

keytool -genkey -validity 3650 -keystore "keystore.jks" -storepass "storepassword" -keypass "keypassword" -alias "default" -dname "CN=127.0.0.1, OU=MyOrgUnit, O=MyOrg, L=MyCity, S=MyRegion, C=MyCountry"

(还尝试使用-keyalg RSA参数创建密钥库)

现在,当我尝试将服务器与我的JS客户端连接时,成功连接尝试只占所有尝试的10%。在其他90%的情况下,Chrome控制台为WSS连接说TIMEOUT。 尝试使用OpenSSL连接服务器,WSS服务器在服务器启动后仅提供一次证书。

来自具有-Djavax.net.debug=all VM参数的控制台:

`Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
[Raw read]: length = 5
0000: 16 03 01 00 94 .....
[Raw read]: length = 148
0000: 01 00 00 90 03 03 3F 41 BA 59 AE 98 8B 40 F0 09 ......?A.Y...@..
0010: 7A 19 E8 A1 69 69 A2 74 40 14 32 72 D3 D7 2F D4 z...ii.t@.2r../.
0020: A3 6B 7C 3C 73 57 00 00 16 C0 2B C0 2F C0 0A C0 .k.<sW....+./...
0030: 09 C0 13 C0 14 00 33 00 39 00 2F 00 35 00 0A 01 ......3.9./.5...
0040: 00 00 51 FF 01 00 01 00 00 0A 00 08 00 06 00 17 ..Q.............
0050: 00 18 00 19 00 0B 00 02 01 00 00 23 00 00 33 74 ...........#..3t
0060: 00 00 00 10 00 0B 00 09 08 68 74 74 70 2F 31 2E .........http/1.
0070: 31 00 05 00 05 01 00 00 00 00 00 0D 00 16 00 14 1...............
0080: 04 01 05 01 06 01 02 01 04 03 05 03 06 03 02 03 ................
0090: 04 02 02 02 ....
WebsocketSelector35, READ: TLSv1 Handshake, length = 148`

在我看来,这是我身边的一些愚蠢的错误配置,但我无法弄清楚它可能在哪里。你能给我一个如何解决它的建议吗?

0 个答案:

没有答案
相关问题
最新问题