tomcat SSL错误，http-bio-8080-exec-3，RECV TLSv1.2警告：致命，handshake_failure

Question

我们正在尝试在Ubuntu上的tomcat中配置2way SSL来调用远程服务器。但是，它仍然在同一点上失败。

tomcat7中的连接器以这种方式配置：

  <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               keystoreFile="/usr/share/tomcat7/.keystore" keystorePass="XXX"
               truststoreFile="/usr/share/tomcat7/.truststore" truststorePass="XXX"
               clientAuth="false" sslEnabledProtocols = "TLSv1,TLSv1.1,TLSv1.2" />

我们的密钥库有我们的证书和信任存储文件有他们的根证书。

有人可以提供一些有关我们所遇到的SSL错误的见解吗？似乎所有的握手都是完整的，但最后一分钟就出现了错误。

*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA
Cert Authorities:
<Empty>
http-bio-8080-exec-3, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
*** Certificate chain
***
*** ECDHClientKeyExchange
.. 
..
..
... no IV derived for this protocol
http-bio-8080-exec-3, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 183, 168, 95, 241, 218, 172, 176, 12, 37, 224, 114, 81 }
***
http-bio-8080-exec-3, WRITE: TLSv1.2 Handshake, length = 80
http-bio-8080-exec-3, READ: TLSv1.2 Alert, length = 2
http-bio-8080-exec-3, RECV TLSv1.2 ALERT:  fatal, handshake_failure
%% Invalidated:  [Session-18, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
http-bio-8080-exec-3, called closeSocket()
http-bio-8080-exec-3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
http-bio-8080-exec-3, called close()
http-bio-8080-exec-3, called closeInternal(true)
15:48:20,800 INFO  [HTTPSender] Unable to sendViaPost to url[https://xxx]
org.apache.axis2.AxisFault: Trying to write END_DOCUMENT when document has no root (ie. trying to output empty document).

SSLDUMP的另一个调试

1 1  0.0266 (0.0266)  C>S  Handshake
      ClientHello
        Version 3.3 
        cipher suites
        Unknown value 0xc023
        Unknown value 0xc009
        Unknown value 0xc027
        Unknown value 0xc013
        TLS_DHE_DSS_WITH_NULL_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        Unknown value 0x40
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA
        Unknown value 0xc024
        Unknown value 0xc00a
        Unknown value 0xc028
        Unknown value 0xc014
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        Unknown value 0x6a
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA
        compression methods
                  NULL
1 2  0.0532 (0.0266)  S>C  Handshake
      ServerHello
        Version 3.3 
        session_id[0]=

        cipherSuite         Unknown value 0xc027
        compressionMethod                   NULL
1 3  0.0771 (0.0238)  S>C  Handshake
      Certificate
1 4  0.0771 (0.0000)  S>C  Handshake
      ServerKeyExchange
1 5  0.0771 (0.0000)  S>C  Handshake
      CertificateRequest
        certificate_types                   rsa_sign
        certificate_types                   dss_sign
Segmentation fault (core dumped)