Java SSL:“严重错误:80:...正在展开网络记录"添加HTTPS EndpointIdentificationAlgorithm之后 [英] Java SSL: "fatal error: 80: ... unwrapping net record" after adding the HTTPS EndpointIdentificationAlgorithm
问题描述
Java 7u9
标题中的错误消息为:致命错误:80:展开网络记录时出现问题".因此,不允许我在标题中添加问题".
Error msg in title is: "fatal error: 80: problem unwrapping net record". SO wouldn't let me put "problem" in the title.
我正在针对Netty构建Java HTTPS客户端.在我添加添加"HTTPS"端点标识算法以启用服务器主机名验证之前,SSL握手一直有效:
I am building a Java HTTPS client against Netty. The SSL handshake was working until I added added the "HTTPS" endpoint identification algorithm to enable server hostname verification:
SSLEngine engine = tcpHelper.getSSLContext().createSSLEngine();
SSLParameters sslParameters = engine.getSSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
engine.setSSLParameters(sslParameters);
engine.setUseClientMode(true);
添加算法后,SSL握手挂起,连接最终超时.启用SSL调试(javax.net.debug = all)后,我可以看到握手现在在ServerHello之后,服务器发送证书链之后,
After adding the algorithm, the SSL handshake hangs and the connection eventually times out. With SSL debugging enabled (javax.net.debug=all), I can see that the handshake now fails after ServerHello, after the server sends it's cert chain, after
*** ServerHelloDone
1761586552@qtp-1653588482-2, WRITE: TLSv1.2 Handshake, length = 3294
服务器上的
.客户端接收并显示证书链,然后失败并显示:
on the server. The client receives and displays the cert chain, and then fails with:
New I/O worker #3, fatal error: 80: problem unwrapping net record
java.lang.RuntimeException: Delegated task threw Exception/Error
%% Invalidated: [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256]
New I/O worker #3, SEND TLSv1.2 ALERT: fatal, description = internal_error
New I/O worker #3, WRITE: TLSv1.2 Alert, length = 2
推荐答案
Java 7u9
首先,感谢Bruno对此相关问题的帮助得出最终答案.
First, thanks to Bruno for his help on this related question which lead me to final answer.
回答我自己的问题.来之不易的知识.
Answering my own question. Hard won knowledge.
解决方案是在创建SSL引擎时将请求目标的主机和端口添加到构造函数中:
The solution is to add the host and port of the request target to the constructor when you create the SSL Engine:
SSLEngine engine = tcpHelper.getSSLContext().createSSLEngine(targetHost, targetPort);
否则,Java最终将在SSL库(IPAddressUtil.textToNumericFormatV4)的深处抛出NullPointerException异常,这会在SSL调试输出中产生非常有用的错误消息.
Without this, Java will ultimately throw a NullPointerException way down deep in the SSL libs (IPAddressUtil.textToNumericFormatV4), which results in the not-very-helpful error message in the SSL debug output.
这篇关于Java SSL:“严重错误:80:...正在展开网络记录"添加HTTPS EndpointIdentificationAlgorithm之后的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!