我正在尝试在我的网络应用程序中使用SSL。当我访问https://127.0.0.1:8443时,我收到了javax.net.ssl.SSLHandshakeException: no cipher suites in common
。
我使用了嵌入式servlet容器。
以下是我的spring-boot配置:
server:
port: 8443
ssl:
key-store: keystore.p12
key-store-password: PASSWD
key-password: PASSWD
keyAlias: API
key-store-type: PKCS12
我使用以下命令生成密钥库:
keytool -genkey -alias API -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
如何解决此错误?
我还在日志中看到一些不受支持的扩展消息。这些重要还是可忽略的?
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
[Raw read]: length = 5
0000: 16 03 01 00 AE .....
[Raw read]: length = 174
0000: 01 00 00 AA 03 03 D6 77 1F 2F 88 5D 31 C6 40 69 .......w./.]1.@i
0010: 8D 78 38 FA 16 4E 19 C4 D5 43 34 91 35 2A 2A 7C .x8..N...C4.5**.
0020: 77 B4 E8 71 E8 5B 00 00 1C DA DA C0 2B C0 2F C0 w..q.[......+./.
0030: 2C C0 30 CC A9 CC A8 C0 13 C0 14 00 9C 00 9D 00 ,.0.............
0040: 2F 00 35 00 0A 01 00 00 65 1A 1A 00 00 FF 01 00 /.5.....e.......
0050: 01 00 00 17 00 00 00 23 00 00 00 0D 00 14 00 12 .......#........
0060: 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 ................
0070: 02 01 00 05 00 05 01 00 00 00 00 00 12 00 00 00 ................
0080: 10 00 0E 00 0C 02 68 32 08 68 74 74 70 2F 31 2E ......h2.http/1.
0090: 31 75 50 00 00 00 0B 00 02 01 00 00 0A 00 0A 00 1uP.............
00A0: 08 7A 7A 00 1D 00 17 00 18 2A 2A 00 01 00 .zz......**...
XNIO-3 I/O-1, READ: TLSv1 Handshake, length = 174
*** ClientHello, TLSv1.2
RandomCookie: GMT: -696836305 bytes = { 136, 93, 49, 198, 64, 105, 141, 120, 56, 250, 22, 78, 25, 196, 213, 67, 52, 145, 53, 42, 42, 124, 119, 180, 232, 113, 232, 91 }
Session ID: {}
Cipher Suites: [Unknown 0xda:0xda, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension type_6682, data:
Extension renegotiation_info, renegotiated_connection: <empty>
Unsupported extension type_23, data:
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA256withECDSA, Unknown (hash:0x8, signature:0x4), SHA256withRSA, SHA384withECDSA, Unknown (hash:0x8, signature:0x5), SHA384withRSA, Unknown (hash:0x8, signature:0x6), SHA512withRSA, SHA1withRSA
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30032, data:
Extension ec_point_formats, formats: [uncompressed]
Extension elliptic_curves, curve names: {unknown curve 31354, unknown curve 29, secp256r1, secp384r1}
Unsupported extension type_10794, data: 00
***
[read] MD5 and SHA1 hashes: len = 174
0000: 01 00 00 AA 03 03 D6 77 1F 2F 88 5D 31 C6 40 69 .......w./.]1.@i
0010: 8D 78 38 FA 16 4E 19 C4 D5 43 34 91 35 2A 2A 7C .x8..N...C4.5**.
0020: 77 B4 E8 71 E8 5B 00 00 1C DA DA C0 2B C0 2F C0 w..q.[......+./.
0030: 2C C0 30 CC A9 CC A8 C0 13 C0 14 00 9C 00 9D 00 ,.0.............
0040: 2F 00 35 00 0A 01 00 00 65 1A 1A 00 00 FF 01 00 /.5.....e.......
0050: 01 00 00 17 00 00 00 23 00 00 00 0D 00 14 00 12 .......#........
0060: 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 ................
0070: 02 01 00 05 00 05 01 00 00 00 00 00 12 00 00 00 ................
0080: 10 00 0E 00 0C 02 68 32 08 68 74 74 70 2F 31 2E ......h2.http/1.
0090: 31 75 50 00 00 00 0B 00 02 01 00 00 0A 00 0A 00 1uP.............
00A0: 08 7A 7A 00 1D 00 17 00 18 2A 2A 00 01 00 .zz......**...
%% Initialized: [Session-7, SSL_NULL_WITH_NULL_NULL]
XNIO-3 task-7, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-7, SSL_NULL_WITH_NULL_NULL]
XNIO-3 task-7, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
XNIO-3 task-7, WRITE: TLSv1.2 Alert, length = 2
XNIO-3 I/O-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
XNIO-3 I/O-1, called closeInbound()
XNIO-3 I/O-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
XNIO-3 I/O-1, called closeOutbound()
XNIO-3 I/O-1, closeOutboundInternal()
答案 0 :(得分:-1)
如果您使用Chrome浏览器和使用OpenJDK 1.8的服务器,可能会发生这种情况。您可以通过升级OpenJDK版本或使用其他浏览器来检查这一点