我有一个使用RESTTemplate与服务通信的Java程序。我正在使用客户端证书与服务器进行通信。出现以下错误
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 19:53:13.851 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Shutdown connection 19:53:13.852 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection discarded 19:53:13.852 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://api.entrust.net:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20] 19:53:13.854 [main] ERROR com.x.y.z.provider.a.Client - exception I/O error on GET request for "https://api.entrust.net/enterprise/v2/application/version": Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 19:53:13.858 [main] DEBUG com.x.y.z.provider.a.Client - Map the failure exception {} org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://api.entrust.net/enterprise/v2/application/version": Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:744) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:670)
启用调试日志后,我看到初始握手已完成,但随后失败,并出现以下错误
*** CertificateVerify
Signature Algorithm SHA256withRSA
update handshake state: certificate_verify[15]
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1.2 Handshake, length = 264
update handshake state: change_cipher_spec
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 101, 230, 249, 79, 106, 34, 167, 222, 44, 208, 111, 11 }
***
update handshake state: finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
**main, WRITE: TLSv1.2 Handshake, length = 40
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]**
main, called closeSocket()
有趣的是,我正在笔记本电脑上运行它,没有问题,但是一旦我在容器上运行它,就会出现握手错误
我在笔记本电脑上运行oracle jdk,但在我的容器上运行的是OpenJDK-1.8.0.212版本。可能有什么问题?
在容器中,我确实安装了信任库和密钥库,并且可以看到它正在使用,因为失败的地方是我在SSL调试日志中显示的地方。
答案 0 :(得分:0)
选项1。您需要将信任库/密钥库添加到要对其进行握手测试的容器或环境的证书中。
选项2。您可以将程序指向读取容器/沙盒/环境中密钥库文件的位置。