Java SSL握手警报no_negotiation

时间:2015-10-27 09:16:55

标签: java ssl jsse

与网络服务通信时发生此错误。

客户报告错误:

javax.net.ssl.SSLException: Received fatal alert: unexpected_message
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1991)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1098)
    at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:903)
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
    at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
    at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
    at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
    at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:687)
    at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1324)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2223)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2192)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2036)

并且服务器日志中出现错误

javax.net.ssl.SSLProtocolException: handshake_alert

1 个答案:

答案 0 :(得分:2)

看起来服务器没有更新到RFC 5746.

我偶然发现了https://www.digicert.com/news/2011-06-03-ssl-renego.htm和foud

  

如果服务器没有按照RFC 5746进行响应,客户端必须中止重新协商握手。

然后我找到http://www.oracle.com/technetwork/java/javase/overview/tlsreadme2-176330.html

  

sun.security.ssl.allowUnsafeRenegotiation - 在第1阶段引入,它控制是否允许传统(不安全)重新协商。

临时修复是添加系统属性

-Dsun.security.ssl.allowUnsafeRenegotiation=true

但事实证明这并不是错误发生的真正原因。真正的原因是我的客户端使用旧的SSL。

tlsClientParameters.setSecureSocketProtocol("SSL");

我对该行进行了评论,因此使用了默认值:"TLS"之后,通信工作正常。

相关问题
最新问题