使用Jsoup时,Java 11 HTTPS连接失败,并出现SSL HandshakeException

时间:2018-12-24 12:55:44

标签: java ssl jsoup java-11

我正在尝试使用Jsoup库抓取网页(this one)。在执行简单的GET操作时,出现以下异常:

javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.431 EET|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=www.kitapburada.com) was replaced with (type=host_name (0), value=www.kitapburada.com)
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.432 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS12
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.432 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS12
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.433 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.433 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.433 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.433 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.433 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.433 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.433 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.433 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.433 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.434 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.434 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.434 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.434 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.434 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.434 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.435 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.435 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.435 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.435 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.436 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.437 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.439 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.439 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.440 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.440 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.440 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.440 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.440 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.440 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.441 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.441 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.441 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.441 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.442 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.442 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.442 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.442 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.442 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.443 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.443 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.443 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.443 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.443 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.444 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.444 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.444 EET|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLS10
javax.net.ssl|ALL|01|main|2018-12-24 15:41:06.446 EET|ClientHello.java:533|Try resuming session (
Session(1545655264774|TLS_AES_128_GCM_SHA256)
)
javax.net.ssl|WARNING|01|main|2018-12-24 15:41:06.447 EET|ServerNameExtension.java:255|Unable to indicate server name
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.447 EET|SSLExtensions.java:235|Ignore, context unavailable extension: server_name
javax.net.ssl|ALL|01|main|2018-12-24 15:41:06.448 EET|SignatureScheme.java:358|Ignore disabled signature sheme: rsa_md5
javax.net.ssl|INFO|01|main|2018-12-24 15:41:06.449 EET|AlpnExtension.java:161|No available application protocols
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.450 EET|SSLExtensions.java:235|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.450 EET|SSLExtensions.java:235|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.453 EET|SSLExtensions.java:235|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.454 EET|PreSharedKeyExtension.java:660|Found resumable session. Preparing PSK message.
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.460 EET|ClientHello.java:651|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "92 34 9B 36 90 0C 89 8F 5B E6 C9 D9 DA 57 C6 80 EA B8 41 09 62 2A 7E E8 40 E3 6F 24 A4 17 B2 CB",
  "session id"          : "",
  "cipher suites"       : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
      "cert status request": {
        "certificate status type": ocsp_multi
        "OCSP status request": {
          "responder_id": <empty>
          "request extensions": {
            <empty>
          }
        }
      }
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [  
        {
          "named group": secp256r1
          "key_exchange": {
            0000: 04 DA 61 A6 AD F0 04 28   48 13 86 AF EA 2F EB A5  ..a....(H..../..
            0010: 0A 0C 40 80 C2 C6 81 FE   04 87 7E 52 B1 C9 92 A4  ..@........R....
            0020: C3 6B 9C CA 49 B5 8A 4C   08 9B 38 70 01 68 AF 13  .k..I..L..8p.h..
            0030: 42 63 8B 08 C5 1A 13 7D   87 35 48 1B 97 1A CE 67  Bc.......5H....g
            0040: 10 
          }
        },
      ]
    },
    "pre_shared_key (41)": {
      "PreSharedKey": {
        "identities"    : "  {47 84 2C AA 7B 65 00 50 67 90 20 6A 1C 4D BB 4C 60 55 22 B6 06 76 B7 F7 EC BC FC 07 E9 E0 E2 6D E2 5E 98 04 9C 53 0B 9F 72 00 17 53 D6 E3 CC 4B 37 50 B1 2D FD 7E 0A 7D 20 57 8E AA 4D 93 F0 4F 53 39 25 E5 2D E0 C7 E7 6C 53 6D A1 D2 3F 37 CA FD 3F 73 45 B3 93 31 A5 DA 27 D1 9F F8 BF EF 60 04 82 9F E9 71 84 5F FD D1 F9 50 DE CD 3C 83 33 EA 8B 5C 63 1C 44 69 31 9E 09 B3 67 D5 B3 25 02 D1 93 5F E6 50 38 B1 FB FF 70 51 37 9B 39 4B 90 C9 36 FD 7D E0 DD F7 DE 37 EA 71 24 1A 51 A0 15 B4 56 0C D3 26 EA 94 D6 9B BD 35 5B 9D 71 1E 84,14994940}",
        "binders"       : "  {95 2A 0D 86 A4 FD 38 13 66 70 BD D0 ED FC BD C5 C2 B4 A4 4C 8C 3C 60 3B 74 40 AE 2F 84 D2 C4 4F}",
      }
    }
  ]
}
)
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.460 EET|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 608
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.461 EET|SSLSocketOutputRecord.java:255|Raw write (
  0000: 16 03 03 02 60 01 00 02   5C 03 03 92 34 9B 36 90  ....`...\...4.6.
  0010: 0C 89 8F 5B E6 C9 D9 DA   57 C6 80 EA B8 41 09 62  ...[....W....A.b
  0020: 2A 7E E8 40 E3 6F 24 A4   17 B2 CB 00 00 5A 13 01  *..@.o$......Z..
  0030: 13 02 C0 2C C0 2B C0 30   00 9D C0 2E C0 32 00 9F  ...,.+.0.....2..
  0040: 00 A3 C0 2F 00 9C C0 2D   C0 31 00 9E 00 A2 C0 24  .../...-.1.....$
  0050: C0 28 00 3D C0 26 C0 2A   00 6B 00 6A C0 0A C0 14  .(.=.&.*.k.j....
  0060: 00 35 C0 05 C0 0F 00 39   00 38 C0 23 C0 27 00 3C  .5.....9.8.#.'.<
  0070: C0 25 C0 29 00 67 00 40   C0 09 C0 13 00 2F C0 04  .%.).g.@...../..
  0080: C0 0E 00 33 00 32 00 FF   01 00 01 D9 00 05 00 05  ...3.2..........
  0090: 01 00 00 00 00 00 0A 00   20 00 1E 00 17 00 18 00  ........ .......
  00A0: 19 00 09 00 0A 00 0B 00   0C 00 0D 00 0E 00 16 01  ................
  00B0: 00 01 01 01 02 01 03 01   04 00 0B 00 02 01 00 00  ................
  00C0: 0D 00 28 00 26 04 03 05   03 06 03 08 04 08 05 08  ..(.&...........
  00D0: 06 08 09 08 0A 08 0B 04   01 05 01 06 01 04 02 03  ................
  00E0: 03 03 01 03 02 02 03 02   01 02 02 00 32 00 28 00  ............2.(.
  00F0: 26 04 03 05 03 06 03 08   04 08 05 08 06 08 09 08  &...............
  0100: 0A 08 0B 04 01 05 01 06   01 04 02 03 03 03 01 03  ................
  0110: 02 02 03 02 01 02 02 00   11 00 09 00 07 02 00 04  ................
  0120: 00 00 00 00 00 17 00 00   00 2B 00 09 08 03 04 03  .........+......
  0130: 03 03 02 03 01 00 2D 00   02 01 01 00 33 00 47 00  ......-.....3.G.
  0140: 45 00 17 00 41 04 DA 61   A6 AD F0 04 28 48 13 86  E...A..a....(H..
  0150: AF EA 2F EB A5 0A 0C 40   80 C2 C6 81 FE 04 87 7E  ../....@........
  0160: 52 B1 C9 92 A4 C3 6B 9C   CA 49 B5 8A 4C 08 9B 38  R.....k..I..L..8
  0170: 70 01 68 AF 13 42 63 8B   08 C5 1A 13 7D 87 35 48  p.h..Bc.......5H
  0180: 1B 97 1A CE 67 10 00 29   00 DB 00 B6 00 B0 47 84  ....g..)......G.
  0190: 2C AA 7B 65 00 50 67 90   20 6A 1C 4D BB 4C 60 55  ,..e.Pg. j.M.L`U
  01A0: 22 B6 06 76 B7 F7 EC BC   FC 07 E9 E0 E2 6D E2 5E  "..v.........m.^
  01B0: 98 04 9C 53 0B 9F 72 00   17 53 D6 E3 CC 4B 37 50  ...S..r..S...K7P
  01C0: B1 2D FD 7E 0A 7D 20 57   8E AA 4D 93 F0 4F 53 39  .-.... W..M..OS9
  01D0: 25 E5 2D E0 C7 E7 6C 53   6D A1 D2 3F 37 CA FD 3F  %.-...lSm..?7..?
  01E0: 73 45 B3 93 31 A5 DA 27   D1 9F F8 BF EF 60 04 82  sE..1..'.....`..
  01F0: 9F E9 71 84 5F FD D1 F9   50 DE CD 3C 83 33 EA 8B  ..q._...P..<.3..
  0200: 5C 63 1C 44 69 31 9E 09   B3 67 D5 B3 25 02 D1 93  \c.Di1...g..%...
  0210: 5F E6 50 38 B1 FB FF 70   51 37 9B 39 4B 90 C9 36  _.P8...pQ7.9K..6
  0220: FD 7D E0 DD F7 DE 37 EA   71 24 1A 51 A0 15 B4 56  ......7.q$.Q...V
  0230: 0C D3 26 EA 94 D6 9B BD   35 5B 9D 71 1E 84 00 E4  ..&.....5[.q....
  0240: CD FC 00 21 20 95 2A 0D   86 A4 FD 38 13 66 70 BD  ...! .*....8.fp.
  0250: D0 ED FC BD C5 C2 B4 A4   4C 8C 3C 60 3B 74 40 AE  ........L.<`;t@.
  0260: 2F 84 D2 C4 4F                                     /...O
)
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.518 EET|SSLSocketInputRecord.java:458|Raw read (
  0000: 15 03 01 00 02                                     .....
)
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.519 EET|SSLSocketInputRecord.java:213|READ: TLSv1 alert, length = 2
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.519 EET|SSLSocketInputRecord.java:458|Raw read (
  0000: 02 28                                              .(
)
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.519 EET|SSLSocketInputRecord.java:249|READ: TLSv1 alert, length = 2
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.520 EET|Alert.java:232|Received alert message (
"Alert": {
  "level"      : "fatal",
  "description": "handshake_failure"
}
)
javax.net.ssl|ERROR|01|main|2018-12-24 15:41:06.520 EET|TransportContext.java:313|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
    at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
    at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
    at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:163)
    at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:746)
    at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:722)
    at org.jsoup.helper.HttpConnection.execute(HttpConnection.java:306)
    at org.jsoup.helper.HttpConnection.get(HttpConnection.java:295)
    at com.kitaplist.common.JsoupParser.parse(JsoupParser.java:23)
    at com.kitaplist.common.Collector.extractListPageLinksFromCatPage(Collector.java:94)
    at com.kitaplist.common.Collector.collectListPageLinks(Collector.java:148)
    at com.kitaplist.KitapListConsole.run(KitapListConsole.java:47)
    at com.kitaplist.KitapList.main(KitapList.java:74)}

)
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.521 EET|SSLSocketImpl.java:1361|close the underlying socket
javax.net.ssl|DEBUG|01|main|2018-12-24 15:41:06.521 EET|SSLSocketImpl.java:1380|close the SSL connection (initiative)
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
    at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
    at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
    at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:163)
    at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:746)
    at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:722)
    at org.jsoup.helper.HttpConnection.execute(HttpConnection.java:306)
    at org.jsoup.helper.HttpConnection.get(HttpConnection.java:295)
    at com.kitaplist.common.JsoupParser.parse(JsoupParser.java:23)
    at com.kitaplist.common.Collector.extractListPageLinksFromCatPage(Collector.java:94)
    at com.kitaplist.common.Collector.collectListPageLinks(Collector.java:148)
    at com.kitaplist.KitapListConsole.run(KitapListConsole.java:47)
    at com.kitaplist.KitapList.main(KitapList.java:74)

这是JsoupParser.parse方法的内容:

public Document parse(String url) {

    try {
        return Jsoup.connect(url).timeout(300 * 1000)
            .userAgent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36").ignoreContentType(true)
            .get();
    } catch (IOException e) {
        e.printStackTrace();
    }
    return Jsoup.parse("");
}

起初,我认为这是由于缺少密码套件所致,但是后来我found that this exception的出现是由于1.8u141之前的JDK中的一个错误。我尝试使用JDK 1.8u191,但一切正常,但是当我使用JDK 11时,上述异常再次出现。我有什么想念的吗?感谢您的帮助。

当我使用早期访问jdk 12时,该问题也消失了。如何在不遇到此问题的情况下使用jdk 11?

1 个答案:

答案 0 :(得分:4)

首先,要清楚:handshake_failure可能是由于缺少SNI之外的许多原因引起的; “致命警报”可能是由handshake_failure以外的其他原因引起的,而SSLHandshakeException可能是由“致命警报”以外的很多其他原因引起的。

但是,这里确实出现了JSSE 无法在TLS1.3恢复请求上发送SNI的问题-尽管服务器响应的握手消息是 1.0 版本的handhake_failure(wire 03 01)是处理此问题的一种奇怪方法; rfc8446 9.2表示服务器在这种情况下应该使用missing_extension,大概是在1.2记录中,因为这是1.3版本中的新警报,而1.3则将1.2保留为记录版本以防止兼容性。尤其是由于该服务器位于Cloudflare上,这是他们想要SNI的一个很好的理由,但是由于它们处理的流量如此之大且种类繁多的TLS-was-SSL终止,它们应该能够处理这种情况。

Java 8之所以可以工作是因为它没有实现TLS1.3。由于jsoup使用HttpsURLConnection,如果您将sysprop https.protocols 设置为忽略 TLSv1.3的值,例如TLSv1,TLSv1.1,TLSv1.2,则应该避免该问题在Java 11中-只要同一进程中的其他任何事物都不需要HttpsURLConnection来连接需要1.3的连接,并且由于1.3几个月前才完成,这似乎是不可能的。注意:绝对不包括SSLv3,如果您的其他连接都不需要1.0,那么也最好省略TLSv1

或者,由于初始连接显然有效(并且对我来说使用11.0.1进行了简单测试),它应该通过设置这些连接使用的SSLContext来避免 resumetion 到不缓存会话信息或至少不缓存会话信息的缓存。但这可能需要更多工作,因此除非必要,否则我不会去那里。