handshake_failure通过SSL将Java客户端连接到Tomcat服务器

时间:2016-04-25 03:58:29

标签: java tomcat ssl https 

private void connect(HttpsURLConnection uc) throws IOException {
    uc.setHostnameVerifier(new HostnameVerifier() {
        public boolean verify(String host, SSLSession sess) {
            return true;
        }
    });

    uc.setRequestProperty("Content-Type", "application/json");
    uc.setReadTimeout(15 * 1000); // 15 seconds
    uc.connect();
}

ClientHello失败了:

trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(15000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1461489945 bytes = { 239, 82, 110, 194, 165, 173, 168, 22, 133, 76, 38, 213, 207, 244, 9, 221, 112, 233, 210, 113, 109, 219, 5, 76, 66, 199, 195, 132 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
***
[write] MD5 and SHA1 hashes:  len = 75
0000: 01 00 00 47 03 01 57 1D   91 19 EF 52 6E C2 A5 AD  ...G..W....Rn...
0010: A8 16 85 4C 26 D5 CF F4   09 DD 70 E9 D2 71 6D DB  ...L&.....p..qm.
0020: 05 4C 42 C7 C3 84 00 00   20 00 04 00 05 00 2F 00  .LB..... ...../.
0030: 33 00 32 00 0A 00 16 00   13 00 09 00 15 00 12 00  3.2.............
0040: 03 00 08 00 14 00 11 00   FF 01 00                 ...........
main, WRITE: TLSv1 Handshake, length = 75
[write] MD5 and SHA1 hashes:  len = 101
0000: 01 03 01 00 3C 00 00 00   20 00 00 04 01 00 80 00  ....<... .......
0010: 00 05 00 00 2F 00 00 33   00 00 32 00 00 0A 07 00  ..../..3..2.....
0020: C0 00 00 16 00 00 13 00   00 09 06 00 40 00 00 15  ............@...
0030: 00 00 12 00 00 03 02 00   80 00 00 08 00 00 14 00  ................
0040: 00 11 00 00 FF 57 1D 91   19 EF 52 6E C2 A5 AD A8  .....W....Rn....
0050: 16 85 4C 26 D5 CF F4 09   DD 70 E9 D2 71 6D DB 05  ..L&.....p..qm..
0060: 4C 42 C7 C3 84                                     LB...
main, WRITE: SSLv2 client hello message, length = 101
[Raw write]: length = 103
0000: 80 65 01 03 01 00 3C 00   00 00 20 00 00 04 01 00  .e....<... .....
0010: 80 00 00 05 00 00 2F 00   00 33 00 00 32 00 00 0A  ....../..3..2...
0020: 07 00 C0 00 00 16 00 00   13 00 00 09 06 00 40 00  ..............@.
0030: 00 15 00 00 12 00 00 03   02 00 80 00 00 08 00 00  ................
0040: 14 00 00 11 00 00 FF 57   1D 91 19 EF 52 6E C2 A5  .......W....Rn..
0050: AD A8 16 85 4C 26 D5 CF   F4 09 DD 70 E9 D2 71 6D  ....L&.....p..qm
0060: DB 05 4C 42 C7 C3 84                               ..LB...
[Raw read]: length = 5
0000: 15 03 03 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
main, READ: Unknown-3.3 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
    at com.axa.openam.OpenAM_RESTCalls.connect(OpenAM_RESTCalls.java:72)
    at com.axa.openam.OpenAM_RESTCalls.amRestAuthN(OpenAM_RESTCalls.java:91)
    at com.axa.openam.Test.main(Test.java:16)

客户端在Java jre6上运行。 Tomcat服务器在Java jdk1.8.0_11上运行。

Tomcat server.xml中的HTTPS配置:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" keystoreFile="/export/home/oblxuser/Wes/keystore.jks" keystorePass="changeit" keyAlias="root"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" URIEncoding="UTF-8" clientAuth="false" sslProtocol="TLS" />

我尝试了很多东西。我怀疑某处存在不兼容性,但我需要客户端在Java 1.6上运行,并且类似处理在1.8上运行的服务器。

在服务器端,keystore.jks是由Java jre6版本的keytool生成的,我试图让它为客户端工作。

我怀疑某处存在不兼容性,无论是客户端的Java版本与Tomcat服务器的Java版本不兼容,还是Tomcat服务器的Java版本与之不兼容密钥库的Java版本,或者你有什么。我尝试了很多不同的东西,但每次都有完全相同的结果。

我没有足够的空间来更改客户端或tomcat服务器的版本,但如果这是原因我会很感激它被指出(当然还有任何解决方案)。

0 个答案:

没有答案
相关问题
最新问题