我正在使用Apache HttpClient与Java中的一个主机进行通信,它正在抛出handshake_failure。完整的跟踪是
触发SecureRandom播种播种SecureRandom Ignoring 不可用的密码套件:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA忽略 不可用的密码套件:TLS_DHE_RSA_WITH_AES_256_CBC_SHA忽略 不可用的密码套件:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA忽略 不受支持的密码套件:TLS_DHE_DSS_WITH_AES_128_CBC_SHA256忽略 不受支持的密码套件:TLS_DHE_DSS_WITH_AES_256_CBC_SHA256忽略 不受支持的密码套件:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256忽略 不受支持的密码套件:TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 忽略不受支持的密码套件:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 忽略不受支持的密码套件: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384忽略不支持的密码 套件:TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384忽略不受支持 密码套件:TLS_RSA_WITH_AES_256_CBC_SHA256忽略不可用 密码套件:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA忽略 不受支持的密码套件:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 忽略不受支持的密码套件: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384忽略不可用的密码 套件:TLS_DHE_DSS_WITH_AES_256_CBC_SHA忽略不支持的密码 套件:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384忽略不受支持 密码套件:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256忽略 不受支持的密码套件:TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 忽略不可用的密码套件:TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 忽略不可用的密码套件:TLS_RSA_WITH_AES_256_CBC_SHA 忽略不受支持的密码套件:TLS_RSA_WITH_AES_128_CBC_SHA256 允许不安全的重新协商:false允许传统的hello消息:true Is 初始握手:true是安全重新协商:false %%没有缓存 客户会话 * ClientHello,TLSv1 RandomCookie:GMT:1477593324 bytes = {140,171,214,217,33,165,60,228,102,207,88,112,29,40,198,242, 159,61,172,89,116,98,7,195,182,144,159,226}会话ID: {}密码套房:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 压缩方法:{0}扩展椭圆曲线,曲线名称: {secp256r1,sect163k1,sect163r2,secp192r1,secp224r1,sect233k1, sect233r1,sect283k1,sect283r1,secp384r1,sect409k1,sect409r1, secp521r1,sect571k1,sect571r1,secp160k1,secp160r1,secp160r2, sect163r1,secp192k1,sect193r1,sect193r2,secp224k1,sect239k1, secp256k1}扩展ec_point_formats,格式:[未压缩] 扩展server_name,server_name:[host_name: integration.swiggy.com] [写] MD5和SHA1哈希:len = 180 0000:01 00 00 B0 03 01 58 12 49 EC 8C AB D6 D9 21 A5 ...... XI ....! 0010:3C E4 66 CF 58 70 1D 28 C6 F2 9F 3D AC 59 74 62< .f.Xp。(... =。Ytb 0020:07 C3 B6 90 9F E2 00 00 2A C0 09 C0 13 00 2F C0 ........ ..... /。 0030:04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 .... 3.2 ......... 0040:0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ................ 0050:04 00 FF 01 00 00 5D 00 0A 00 34 00 32 00 17 00 ......] ... 4.2 ... 0060:01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................ 0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................ 0080:11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................ 0090:0B 00 02 01 00 00 00 00 1B 00 19 00 00 16 69 6E .............. in 00A0:74 65 67 72 61 74 69 6F 6E 2E 73 77 69 67 67 79 tegration.swiggy 00B0:2E 63 6F 6D
.com main,WRITE:TLSv1 Handshake,length = 180 [raw write]:length = 185 0000:16 03 01 00 B4 01 00 00 B0 03 01 58 12 49 EC 8C ............ X.I .. 0010:AB D6 D9 21 A5 3C E4 66 CF 58 70 1D 28 C6 F2 9F ......!。< .f.Xp。(... 0020:3D AC 59 74 62 07 C3 B6 90 9F E2 00 00 2A C0 09 = .Ytb ........ * .. 0030:C0 13 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 ... / ..... 3.2 .... 0040:00 0A C0 03 C0 0D 00 16 00 13 C0 07 C0 11 00 05 ................ 0050:C0 02 C0 0C 00 04 00 FF 01 00 00 5D 00 0A 00 34 ...........] ... 4 0060:00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2 .............. 0070:00 09 00 0A 00 18 00 0 00 00 0C 00 19 00 0D 00 0E ................ 0080:00 0F 00 10 00 11 00 02
00 12 00 04 00 05 00 14 ................ 0090:00 08 00 16 00 0 00 00 02 01 00 00 00 00 1B 00 19 ................ 00A0:00 00 16 69 6E 74 65 67 72 61 74 69 6F 6E 2E 73 ... integration.s 00B0:77 69 67 67 79 2E 63 6F 6D wiggy.com线程异常 "主" javax.net.ssl.SSLHandshakeException:收到致命警报: handshake_failure at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)at at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)at at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) 在 sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) 在 sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) 在 org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) 在 org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) 在 org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141) 在 org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) 在 org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) 在 org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) 在 org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) 在 org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) 在 org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) 在 org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) 在 org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) 在 org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) 在 HttpURLConnectionExample.sendGet1(HttpURLConnectionExample.java:83) 在HttpURLConnectionExample.main(HttpURLConnectionExample.java:48) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 在 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 在java.lang.reflect.Method.invoke(Method.java:606)at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144) [原始读取]:长度= 5 0000:15 03 01 00 02
..... [原始读取]:长度= 2 0000:02 28
。(主要,阅读:TLSv1警报,长度= 2主,RECV TLSv1警告:致命, handshake_failure main,名为closeSocket()main,处理异常: javax.net.ssl.SSLHandshakeException:收到致命警报: handshake_failure
我尝试了很多东西,但无法弄清楚究竟是什么问题。
答案 0 :(得分:6)
您的问题是,Integration.swiggy.com和Java 7没有共享任何常见的密码套件。启用TLSv1.2无法提供帮助。
您可以从http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html下载Java 7的JCE Unlimited Strength Jurisdiction Policy文件,并将JRE< lib / security目录下的两个JAR(local_policy.jar,US_export_policy.jar)替换为从下载的包中。这将添加额外的(更强大的)密码套件,您应该能够连接而无需对代码进行任何更改或启用TLSv1.2。
供参考,以下是Java 7(1.7.0_79)中提供的密码套件:
Default Cipher
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
* SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
* SSL_RSA_WITH_RC4_128_MD5
* SSL_RSA_WITH_RC4_128_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_NULL_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_NULL_SHA
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_NULL_SHA
* TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_NULL_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
* TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5
TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_WITH_3DES_EDE_CBC_MD5
TLS_KRB5_WITH_3DES_EDE_CBC_SHA
TLS_KRB5_WITH_DES_CBC_MD5
TLS_KRB5_WITH_DES_CBC_SHA
TLS_KRB5_WITH_RC4_128_MD5
TLS_KRB5_WITH_RC4_128_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256
以下是使用无限字符串管辖权政策文件后的内容:
Default Cipher
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
* SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
* SSL_RSA_WITH_RC4_128_MD5
* SSL_RSA_WITH_RC4_128_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA256
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_NULL_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_NULL_SHA
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_NULL_SHA
* TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_NULL_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
* TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5
TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_WITH_3DES_EDE_CBC_MD5
TLS_KRB5_WITH_3DES_EDE_CBC_SHA
TLS_KRB5_WITH_DES_CBC_MD5
TLS_KRB5_WITH_DES_CBC_SHA
TLS_KRB5_WITH_RC4_128_MD5
TLS_KRB5_WITH_RC4_128_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256
integration.swiggy.com提供的密码套件是:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS 256
这些都不在Java 7提供的标准密码套件中。但是,最后4个是通过Unlimited Strength Jurisdiction Policy文件添加的。
答案 1 :(得分:0)
要添加到Anand Bhat的答案中,我将展示通过下载Oracle JDK7无限强度策略JAR启用的客户端密码的差异。但是,某些服务器甚至在TLSv1.2下也同意仅使用较新的密码。特别是,最新的公开可用的JDK 7 build 80不支持“ GCM密码套件”,因此会产生javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure。
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8180834
$ diff -U 1000000 -u ciphers-jdk7-80-orig.txt ciphers-jdk7-80-unlimited.txt
--- ciphers-jdk7-80-orig.txt 2019-01-17 16:03:52.328738900 -0500
+++ ciphers-jdk7-80-unlimited.txt 2019-01-17 16:05:37.783770600 -0500
@@ -1,64 +1,81 @@
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ TLS_RSA_WITH_AES_256_CBC_SHA256
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ TLS_RSA_WITH_AES_256_CBC_SHA
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA
+ TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA256
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_WITH_NULL_SHA256
TLS_ECDHE_ECDSA_WITH_NULL_SHA
TLS_ECDHE_RSA_WITH_NULL_SHA
SSL_RSA_WITH_NULL_SHA
TLS_ECDH_ECDSA_WITH_NULL_SHA
TLS_ECDH_RSA_WITH_NULL_SHA
TLS_ECDH_anon_WITH_NULL_SHA
SSL_RSA_WITH_NULL_MD5
TLS_KRB5_WITH_3DES_EDE_CBC_SHA
TLS_KRB5_WITH_3DES_EDE_CBC_MD5
TLS_KRB5_WITH_RC4_128_SHA
TLS_KRB5_WITH_RC4_128_MD5
TLS_KRB5_WITH_DES_CBC_SHA
TLS_KRB5_WITH_DES_CBC_MD5
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.security.SecureRandom;
import java.security.NoSuchAlgorithmException;
import java.security.KeyManagementException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.IOException;
/** Establish a SSL connection to a host and port, writes a byte and
* prints the response. See
* http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
*/
public class SSLPoke {
public static void main(String[] args) throws IOException, NoSuchAlgorithmException, KeyManagementException {
if (args.length != 2) {
System.out.println("Usage: "+SSLPoke.class.getName()+" <host> <port>");
System.exit(1);
}
InputStream in = null;
OutputStream out = null;
try {
SSLSocketFactory sslSocketFactory;
if (true) {
// https://www.baeldung.com/java-7-tls-v12
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, null, new SecureRandom());
sslSocketFactory = sslContext.getSocketFactory();
} else {
sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
// This will cause an exception on connecting to a TLSv1.2-only server,
// Exception in thread "main" javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
// at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953)
// at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
// at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:709)
// at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
// at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:136)
// at SSLPoke.main(SSLPoke.java:66)
// Caused by: java.io.EOFException: SSL peer shut down incorrectly
// at sun.security.ssl.InputRecord.read(InputRecord.java:482)
// at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
// ... 5 more
}
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(args[0], Integer.parseInt(args[1]));
// https://gist.github.com/lanimall/cb808a11a058f7fb620a#file-gistfile1-java
String[] protocols = sslSocket.getSupportedProtocols();
System.out.println("Supported Protocols: " + protocols.length);
for(int i = 0; i < protocols.length; i++)
{
System.out.println(" " + protocols[i]);
}
protocols = sslSocket.getEnabledProtocols();
System.out.println("Enabled Protocols: " + protocols.length);
for(int i = 0; i < protocols.length; i++)
{
System.out.println(" " + protocols[i]);
}
String[] ciphers = sslSocket.getSupportedCipherSuites();
System.out.println("Enabled Ciphers: " + ciphers.length);
for(int i = 0; i < ciphers.length; i++)
{
System.out.println(" " + ciphers[i]);
}
in = sslSocket.getInputStream();
out = sslSocket.getOutputStream();
// Write a test byte to get a reaction :)
out.write(1);
while (in.available() > 0) {
System.out.print(in.read());
}
System.out.println("Successfully connected");
} finally {
if (in != null) {
in.close();
}
if (out != null) {
out.close();
}
}
}
}