我正在使用Nio协议并使用Java 1.8在tomcat v8.5 server.xml文件中设置SSLv3。当我从IE发出请求时,我得到响应,但是通过Java代码,我得到了如下异常。
javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure
我更新了users / db8 / Appdata / LocalLow / sun / java / deployment / deployment.properties中的development.properties(deployment.security.SSLv3 = true),并从java.security文件中删除了SSLv3。我在Internet Explorer中启用了sslv3。
server.xml
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200" scheme="https" secure="true"
SSLEnabled="true" keystoreFile="keystore.jks" keystorePass="changeit"
clientAuth="false" sslProtocol="SSLv3" />
java code
import java.net.URL;
import java.io.*;
import javax.net.ssl.HttpsURLConnection;
import java.net.HttpURLConnection;
public class JavaHttpsExample
{
public static void main(String[] args) throws Exception {
String certificatesTrustStorePath = "keystore.jks";
System.setProperty("javax.net.ssl.trustStore",
certificatesTrustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("https.protocols", "SSLv3");
System.setProperty("jdk.tls.client.protocols", "SSLv3");
String httpsURL = "https://ip:8443/test/getData";
URL myUrl = new URL(httpsURL);
HttpsURLConnection conn = (HttpsURLConnection)myUrl.openConnection();
try{
InputStream is = conn.getInputStream();
InputStreamReader isr = new InputStreamReader(is);
BufferedReader br = new BufferedReader(isr);
String inputLine;
while ((inputLine = br.readLine()) != null) {
System.out.println(inputLine);
}
br.close();
} catch(Exception e){
System.out.println("exxception"+e);
}
}
}
我在更新debug = all后添加结果
允许不安全的重新协商:false 允许旧的问候消息:true 初始握手是否正确 是安全的重新协商:false main,调用setSoTimeout(0) %%没有缓存的客户端会话 更新握手状态:client_hello [1] 即将到来的握手状态:server_hello [2] *** ClientHello,SSLv3 RandomCookie:GMT:1547297410字节= {170,53,106,27,73,55,4,39,195,152,66,1,124,244,6,114,106,181,46,183,184, 202、56、105、225、158、210、195} 会话ID:{} 密码套件:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 压缩方式:{0} 扩展elliptic_curves,曲线名称:{secp256r1,secp384r1,secp521r1,sect283k1,sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,secp256k1} 扩展名ec_point_formats,格式:[未压缩]
主,写:SSLv3握手,长度= 107 主要,读取:SSLv3警报,长度= 2 main,RECV TLSv1.2警报:致命,握手失败 主要,称为closeSocket() 主要,处理异常:javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure exxceptionjavax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure
答案 0 :(得分:0)
似乎您的服务器支持TLS密码套件,但是您尝试使用SSLv3
。您能否按照链接https://dzone.com/articles/troubleshooting-javaxnetsslsslhandshakeexception-r的建议使用-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
运行程序,该链接说明了如何解决SSL握手故障。