无法触发Https(在SSLv3中运行Tomcat 8.5)

时间:2019-01-10 07:10:03

标签: java tomcat

我正在使用Nio协议并使用Java 1.8在tomcat v8.5 server.xml文件中设置SSLv3。当我从IE发出请求时,我得到响应,但是通过Java代码,我得到了如下异常。

javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure

我更新了users / db8 / Appdata / LocalLow / sun / java / deployment / deployment.properties中的development.properties(deployment.security.SSLv3 = true),并从java.security文件中删除了SSLv3。我在Internet Explorer中启用了sslv3。

    server.xml 
    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" 
    port="8443" maxThreads="200" scheme="https" secure="true" 
    SSLEnabled="true" keystoreFile="keystore.jks" keystorePass="changeit" 
    clientAuth="false" sslProtocol="SSLv3" />

java code

import java.net.URL;
import java.io.*;
import javax.net.ssl.HttpsURLConnection;
import java.net.HttpURLConnection;

public class JavaHttpsExample
{
public static void main(String[] args) throws Exception {
    String certificatesTrustStorePath = "keystore.jks";
    System.setProperty("javax.net.ssl.trustStore",
    certificatesTrustStorePath);
    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
    System.setProperty("https.protocols", "SSLv3");
    System.setProperty("jdk.tls.client.protocols", "SSLv3");
    String httpsURL = "https://ip:8443/test/getData";
    URL myUrl = new URL(httpsURL);
    HttpsURLConnection conn = (HttpsURLConnection)myUrl.openConnection();
    try{       
    InputStream is = conn.getInputStream();
    InputStreamReader isr = new InputStreamReader(is);
    BufferedReader br = new BufferedReader(isr);
    String inputLine;
    while ((inputLine = br.readLine()) != null) {
    System.out.println(inputLine);
    }
    br.close();
    } catch(Exception e){
    System.out.println("exxception"+e);
    }    
    }
    } 

我在更新debug = all后添加结果

允许不安全的重新协商:false 允许旧的问候消息:true 初始握手是否正确 是安全的重新协商:false main,调用setSoTimeout(0) %%没有缓存的客户端会话 更新握手状态:client_hello [1] 即将到来的握手状态:server_hello [2] *** ClientHello,SSLv3 RandomCookie:GMT:1547297410字节= {170,53,106,27,73,55,4,39,195,152,66,1,124,244,6,114,106,181,46,183,184, 202、56、105、225、158、210、195} 会话ID:{} 密码套件:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 压缩方式:{0} 扩展elliptic_curves,曲线名称:{secp256r1,secp384r1,secp521r1,sect283k1,sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,secp256k1} 扩展名ec_point_formats,格式:[未压缩]


主,写:SSLv3握手,长度= 107 主要,读取:SSLv3警报,长度= 2 main,RECV TLSv1.2警报:致命,握手失败 主要,称为closeSocket() 主要,处理异常:javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure exxceptionjavax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure

1 个答案:

答案 0 :(得分:0)

似乎您的服务器支持TLS密码套件,但是您尝试使用SSLv3。您能否按照链接https://dzone.com/articles/troubleshooting-javaxnetsslsslhandshakeexception-r的建议使用-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2运行程序,该链接说明了如何解决SSL握手故障。