出现SSLHandshakeException：没有公共密码套件 [英] SSLHandshakeException: no cipher suites in common

问题描述

按照说明这里和重建，我$ P证书$ pviously正确创建。事情已经改变，因为我现在看到的 javax.net.ssl​​.SSLHandshakeException：没有共同的密码套件在服务器上， javax.net.ssl​​中。出现SSLHandshakeException：收到致命警报：handshake_failure 在客户端上。取而代之的是错误的这个问题

Followed the instructions here and recreated certificates that I previously incorrectly created. Something has changed as I am now seeing javax.net.ssl.SSLHandshakeException: no cipher suites in common on the server and javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure on the client. Instead of the errors this question

该服务器是<一个href=\"http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/samples/sockets/server/ClassFileServer.java\"相对=nofollow> ClassFileServer.java 和相应的客户端<一个href=\"http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/samples/sockets/client/SSLSocketClientWithClientAuth.java\"相对=nofollow> SSLSocketClientWithClientAuth.java

The server is ClassFileServer.java and the respective client SSLSocketClientWithClientAuth.java

在得到两端很好地发挥，任何提示的注意，我使用本地主机，所以我会假设加密功能是相同的。

Any tips on getting the two ends to play nicely, note that I am using localhost so I would assume the cipher capabilities are the same.

更新：

下面是我用生成的文件的步骤，我可能会产生混淆的关键和信任：

Here are the steps I have used to generate the files, I may be confusing the key and truststore.:

在服务器（由这指南）：

$ keytool的-genkey -alias serverkey -keyalg RSA -keypass 2P @ ssw0rd
 -storepass 2P @ ssw0rd -keystore keystore.jks

$的keytool -export -alias serverkey -storepass 2P @ ssw0rd -file
 server.cer -keystore keystore.jks

$的keytool -import -v -alias -trustcacerts -file clientkey
 ../client/client.cer -keystore cacerts.jks -keypass 2P @ ssw0rd
 -storepass 2P @ ssw0rd

在客户端（由本指南）

$ keytool的-genkey -alias clientkey -keyalg RSA -keypass的changeit
 -storepass的changeit -keystore keystore.jks

$的keytool -export -alias clientkey -storepass -file的changeit
 client.cer -keystore keystore.jks

$的keytool -import -v -alias -trustcacerts -file serverkey
 ../server/server.cer -keystore cacerts.jks -keypass的changeit
 -storepass的changeit

曾经当调试超过了这个网站的身体限制使用另一种介质：

Had to use another medium as the debugging exceeded the body limit of this site:

客户端调试错误： http://pastebin.com/mHCmEqAk

服务器调​​试错误： http://pastebin.com/YZbh7H8f

推荐答案

这一切看起来正常，除了你正在做4导入步骤，你只需要两个。你并不需要导入服务器的证书到服务器的信任自己，或者客户端的证书到客户端的信任。你只需要这样的：

That all looks OK except that you are doing four import steps where you only need two. You don't need to import the server's certificate into the server's own truststore, or the client's certificate into the client's truststore. You only need this:

服务器：

$ keytool -import -v -trustcacerts -alias clientkey -file ../client/client.cer -keystore cacerts.jks -keypass p@ssw0rd -storepass p@ssw0rd

客户：

$ keytool -import -v -trustcacerts -alias serverkey -file ../server/server.cer -keystore cacerts.jks -keypass changeit -storepass changeit

运行与 -Djavax.net.debug = SSL客户端，握手和编辑结果到您的文章

这篇关于出现SSLHandshakeException：没有公共密码套件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！