ssllab产生大量的握手异常

时间:2018-01-03 15:39:47

标签: java ssl-certificate elastic-load-balancer internal-load-balancer

我使用SSL实验室测试网站的证书,它会在我的调试日志中生成大量的握手异常。例外如下:

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.Reader.read(Reader.java:140)
at bri.web.WebResponse.getMoreData(WebResponse.java:465)
at bri.web.WebResponse.parseRequest(WebResponse.java:362)
at bri.web.WebResponse.processRequest(WebResponse.java:99)
at bri.web.WebResponse.run(WebResponse.java:56)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(InputRecord.java:505)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
    ... 12 more

我尝试了很多方法来解决这个问题,但它没有帮助:

  1. I added -Dhttps.protocols="TLSv1.0,TLSv1.1,TLSv1.2" when I'm running Java
  2. All certificates are installed correctly based on the reports from SSL labs

就我而言,我认为SSL实验室正在发送包含测试与网站连接的任何内容的请求。由于我们的Web服务器是自定义的,因此它无法处理空请求。我们的服务器将如何处理请求的代码如下:

// RESET CONNECTION VARIABLES
    REQUEST        = new HashMap();
    RESOURCE       = "";
    QUERY_STRING   = "";
    METHOD         = "";
    PROTOCOL       = "";
    HOST           = "";
    CONTENT_TYPE   = "";
    CONTENT_LENGTH = 0;
    USER_AGENT     = "";
    ETAG           = "";
    CONNECTION     = "";
    REFERER        = "";
    FORM_ELEMENTS  = "";
    IP             = "";
    REDIRECT       = false;
    bypassed       = false;
    length         = 0;
    totalLength    = -1;
    blankCount     = 0;
    name           = "";
    value          = "";

    // BLOCK AND WAIT FOR A CONNECTION
    socket = w.getConnection();

    //BriDebug.debug("WebResponse " + this.getName() + " is processing");

    IP = socket.getInetAddress().getHostAddress();
    out = new BufferedOutputStream(socket.getOutputStream());
    isr = new InputStreamReader(socket.getInputStream(), w.CHARSET);
    parseRequest();

当我们使用isr(InputStreamReader)从socket读取输入流时,将发生异常并且将弹出握手异常。而棘手的是,通过这种方式,我们的系统正常运行。如果用户访问我们的网站,发送到服务器的请求有信息,parseRequest()将帮助解密请求并帮助用户获得正确的页面。

有人可以帮我这个吗?有谁知道我如何处理从他人发送的空请求? (事实上​​,我们正在使用负载均衡器,当负载均衡器向我们的服务器发送空请求以检查连接时,也会发生相同的异常。)并且有人知道我是否想要硬编码需要发送的响应回到其他人(即SSL实验室,负载均衡器),它们应该是什么样的?

感谢任何帮助。祝节日快乐。

0 个答案:

没有答案
相关问题
最新问题