我有一段试图连接到nginx Web服务器的java代码。它这样做:
String url = HTTP_PROTOCOL + modifyForIpv6hostname) + GET_ROOT_CA_PATH;
try
{
HttpURLConnection conn = httpConnection.getHTTPConnection( url, user, password );
conn.setRequestMethod( "GET" );
conn.setRequestProperty( "Accept", "text/plain" );
conn.connect();//this is the line that fails
没有什么特别的花哨,这段代码以前对其他网络服务器起作用。
public HttpURLConnection getHTTPConnection(String urlString, String username, String password) throws IOException, KeyManagementException, NoSuchAlgorithmException {
trustAllHttpsCertificates();
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
URL url = new URL(urlString);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
if( username != null && password != null ) {
String userPassword = username + ":" + password;
String encoding = DatatypeConverter.printBase64Binary(userPassword.getBytes("UTF-8"));
conn.setRequestProperty( "Authorization", "Basic " + encoding );
}
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setAllowUserInteraction(true);
conn.setConnectTimeout(DEFAULT_HTTP_TIMEOUT);
return conn;
}
protected static void trustAllHttpsCertificates() throws NoSuchAlgorithmException, KeyManagementException {
javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new miTM();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
public static class miTM implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) {
return true;
}
public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) {
return true;
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
}
我得到的堆栈跟踪是:
javax.net.ssl.SSLHandshakeException: Unsupported curve: 1.2.840.10045.3.1.7
at sun.security.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
我的理解在这里相当有限,但要点是服务器不支持给定的曲线,对吗?我如何或者可以配置nginx来处理这条曲线?我可以提供更多详细信息(openssl密码列表,openssl版本,java版本等),如果它们有帮助,但我不确定它们是否必要。