使用双向身份验证连接到服务器时,Java测试客户端中的SSL Handshake_failure [英] SSL Handshake_failure in Java test client while connecting to server with two-way authentication

查看:121
本文介绍了使用双向身份验证连接到服务器时,Java测试客户端中的SSL Handshake_failure的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已经停留了几天,并且已经检查了几个答案(

I've been stuck for a couple of days now, and I've checked several answers already ( this, this, this, this, this, this, this, this ), but I haven't been able to solve my problem. I'm new to SSL, and there does not appear to be anyone else in my organization who has done this.

背景

我们目前在零售商场中拥有一套通过SSL连接到服务器的终端.该连接包括客户端身份验证.我的组织正在充当CA,并且已经颁发了cacert.crt证书,并使用它来签署服务器的证书和所有客户端的一个证书.终端当前可以在服务器上正常工作,但是我无法从支持环境的人员那里获得有关当前连接或配置的详细信息.似乎该系统是几年前从多家供应商那里购买的,并且知识已经丢失.我目前正在尝试开发一个单独的客户端,该客户端可以与现有终端之外的服务器进行通信.

We currently have a set of terminals in retailer outlets connecting to a server via SSL. The connection includes client authentication. My organization is acting as a CA and has issued a cacert.crt certificate and used it to sign a certificate for the server and one certificate for all of the client terminals. The terminals currently work correctly with the server, but I'm unable to get detailed information about the current connection or configuration from the people who support the environment... It appears that the system was purchased years ago from a combination of vendors, and the knowledge has been lost. I'm currently trying to develop a separate client that can communicate with the server outside of the existing terminals.

问题

我开发了一个非常简单的Java SSL客户端,以便更好地理解SSL配置,并了解在何处以及如何在连接时需要引用证书和密钥.不幸的是,我一直无法成功连接到服务器,而且我不确定什么是错误的或需要检查的内容.

I've developed a very simple Java SSL client in order to better understand the SSL configuration and learn where and how the certificates and keys need to be referenced in order to connect. Unfortunately, I've been unable to connect successfully to the server, and I'm not sure what is wrong or what else to check.

我已经能够生成SSL连接的调试日志(如下所示).我也已经能够通过运行openssl的s_client函数生成日志,但是我对该工具不熟悉,因此我不确定它在告诉我什么.我已经附上了所有代码和日志,希望您能为我提供一些有关问题所在的见解.

I've been able to produce a debug log of the SSL connection (attached below). I've also been able to produce a log from running openssl's s_client function, but I'm not familiar with the tool and so I'm not sure what it's telling me. I've attached all of the code and logs, and I'm hoping you can provide me with some insight on what the problem is.

由于我是SSL新手,所以不确定是否提供了所有相关信息.如果您需要任何进一步的信息,请告诉我.

Since I'm new to SSL, I'm not sure if I've provided all of the pertinent information. Please let me know if you need any further information.

简单的Java客户端

public class Client {
    private static String serverIP  = "{snip: server IP}";
    private static int serverPort   = {snip: port number};


    public static void main(String[] arstring) {
        try {
            SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(Client.serverIP, Client.serverPort);

            InputStream inputstream = System.in;
            InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
            BufferedReader bufferedreader = new BufferedReader(inputstreamreader);

            OutputStream outputstream = sslsocket.getOutputStream();
            OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream);
            BufferedWriter bufferedwriter = new BufferedWriter(outputstreamwriter);

            String string = null;
            while ((string = bufferedreader.readLine()) != null) {
                bufferedwriter.write(string + '\n');
                bufferedwriter.flush();
            }

        } catch (Exception exception) {
            exception.printStackTrace();
        }
    }
}

SSL调试日志

java -Djavax.net.ssl.trustStore=ca_only.jks -Djavax.net.ssl.keyStore=keystore.jks -Djavax.net.debug=ssl,handshake -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStorePassword=password Client
keyStore is : keystore.jks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : 1
chain [0] = [
[
  Version: V3
  Subject: CN=Server, O=Organization, ST=ON, C=CA
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: {snipped due to post length}
  public exponent: 65537
  Validity: [From: Wed Jul 04 11:17:50 CDT 2012,
               To: Mon Jul 04 11:17:50 CDT 2022]
  Issuer: CN=DEV2008, O=Organization, ST=ON, C=CA
  SerialNumber: [    b7ccceda 64ef4eb7]

Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E   53 53 4C 20 47 65 6E 65  ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65   72 74 69 66 69 63 61 74  rated Certificat
0020: 65                                                 e


[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B8 92 53 99 09 EB 73 6D   6D 45 8E 84 35 C5 11 77  ..S...smmE..5..w
0010: 7A 41 C9 10                                        zA..
]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 43 EF 2E E1 B8 E6 01 C4   65 E1 E3 38 CE DA 86 C7  C.......e..8....
0010: BE 93 65 BA                                        ..e.
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
{snipped due to post length}

]
***
trustStore is: ca_only.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
  Subject: CN=DEV2008, O=Organization, ST=ON, C=CA
  Issuer:  CN=DEV2008, O=Organization, ST=ON, C=CA
  Algorithm: RSA; Serial number: 0xb7ccceda64ef4eb3
  Valid from Wed Sep 10 10:10:25 CDT 2008 until Sun Sep 10 10:10:25 CDT 2028

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
testText
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1388847103 bytes = { 81, 210, 193, 47, 1, 40, 31, 209, 31, 74, 153, 216, 224, 141, 29, 4, 49, 162, 216, 34, 206, 202, 42, 228, 204, 73, 106, 208 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect5
71r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
main, WRITE: TLSv1 Handshake, length = 149
main, READ: SSLv3 Handshake, length = 74
*** ServerHello, SSLv3
RandomCookie:  GMT: 1385163043 bytes = { 125, 48, 211, 49, 203, 23, 208, 161, 188, 43, 152, 33, 160, 32, 20, 163, 66, 19, 136, 90, 152, 42, 154, 53, 208, 175, 39, 177 }
Session ID:  {162, 201, 116, 199, 55, 245, 172, 195, 38, 102, 80, 124, 35, 60, 29, 218, 112, 86, 108, 44, 8, 212, 102, 73, 102, 68, 212, 246, 165, 233, 2, 31}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
***
Warning: No renegotiation indication extension in ServerHello
%% Initialized:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
main, READ: SSLv3 Handshake, length = 1980
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=Server, O=Organization, ST=ON, C=CA
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: {snipped due to post length}
  public exponent: 65537
  Validity: [From: Wed Jul 04 11:15:51 CDT 2012,
               To: Mon Jul 04 11:15:51 CDT 2022]
  Issuer: CN=DEV2008, O=Organization, ST=ON, C=CA
  SerialNumber: [    b7ccceda 64ef4eb6]

Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E   53 53 4C 20 47 65 6E 65  ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65   72 74 69 66 69 63 61 74  rated Certificat
0020: 65                                                 e


[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B8 92 53 99 09 EB 73 6D   6D 45 8E 84 35 C5 11 77  ..S...smmE..5..w
0010: 7A 41 C9 10                                        zA..
]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 01 98 19 F0 74 48 DB CF   55 D0 1B 9B A3 C8 04 61  ....tH..U......a
0010: 50 03 F9 F6                                        P...
]
]

]
  Algorithm: [SHA1withRSA]
  Signature: {snipped due to post length}

]
chain [1] = [
[
  Version: V3
  Subject: CN=DEV2008, O=Organization, ST=ON, C=CA
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: {snipped due to post length}
  public exponent: 65537
  Validity: [From: Wed Sep 10 10:10:25 CDT 2008,
               To: Sun Sep 10 10:10:25 CDT 2028]
  Issuer: CN=DEV2008, O=Organization, ST=ON, C=CA
  SerialNumber: [    b7ccceda 64ef4eb3]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B8 92 53 99 09 EB 73 6D   6D 45 8E 84 35 C5 11 77  ..S...smmE..5..w
0010: 7A 41 C9 10                                        zA..
]
[CN=DEV2008, O=Organization, ST=ON, C=CA]
SerialNumber: [    b7ccceda 64ef4eb3]
]

[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B8 92 53 99 09 EB 73 6D   6D 45 8E 84 35 C5 11 77  ..S...smmE..5..w
0010: 7A 41 C9 10                                        zA..
]
]

]
  Algorithm: [SHA1withRSA]
  Signature: {snipped due to post length}

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=DEV2008, O=Organization, ST=ON, C=CA
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: {snipped due to post length}
  public exponent: 65537
  Validity: [From: Wed Sep 10 10:10:25 CDT 2008,
               To: Sun Sep 10 10:10:25 CDT 2028]
  Issuer: CN=DEV2008, O=Organization, ST=ON, C=CA
  SerialNumber: [    b7ccceda 64ef4eb3]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B8 92 53 99 09 EB 73 6D   6D 45 8E 84 35 C5 11 77  ..S...smmE..5..w
0010: 7A 41 C9 10                                        zA..
]
[CN=DEV2008, O=Organization, ST=ON, C=CA]
SerialNumber: [    b7ccceda 64ef4eb3]
]

[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B8 92 53 99 09 EB 73 6D   6D 45 8E 84 35 C5 11 77  ..S...smmE..5..w
0010: 7A 41 C9 10                                        zA..
]
]

]
  Algorithm: [SHA1withRSA]
  Signature: {snipped due to post length}

]
main, READ: SSLv3 Handshake, length = 13
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<Empty>
*** ServerHelloDone
matching alias: 1
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=Server, O=Organization, ST=ON, C=CA
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: {snipped due to post length}
  public exponent: 65537
  Validity: [From: Wed Jul 04 11:17:50 CDT 2012,
               To: Mon Jul 04 11:17:50 CDT 2022]
  Issuer: CN=DEV2008, O=Organization, ST=ON, C=CA
  SerialNumber: [    b7ccceda 64ef4eb7]

Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E   53 53 4C 20 47 65 6E 65  ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65   72 74 69 66 69 63 61 74  rated Certificat
0020: 65                                                 e


[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B8 92 53 99 09 EB 73 6D   6D 45 8E 84 35 C5 11 77  ..S...smmE..5..w
0010: 7A 41 C9 10                                        zA..
]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 43 EF 2E E1 B8 E6 01 C4   65 E1 E3 38 CE DA 86 C7  C.......e..8....
0010: BE 93 65 BA                                        ..e.
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
{snipped due to post length}

]
***
*** ClientKeyExchange, RSA PreMasterSecret, SSLv3
main, WRITE: SSLv3 Handshake, length = 1221
SESSION KEYGEN:
{snipped because I'm not sure if this is sensitive or not}
*** CertificateVerify
main, WRITE: SSLv3 Handshake, length = 262
main, WRITE: SSLv3 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 159, 145, 181, 103, 3, 219, 244, 50, 1, 137, 254, 25, 166, 118, 40, 186, 196, 23, 254, 184, 250, 137, 29, 171, 163, 153, 126, 193, 226, 134, 145, 9, 137, 16, 90, 178 }
***
main, WRITE: SSLv3 Handshake, length = 64
main, READ: SSLv3 Alert, length = 2
main, RECV SSLv3 ALERT:  fatal, handshake_failure
%% Invalidated:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
        at sun.security.ssl.AppOutputStream.write(Unknown Source)
        at sun.nio.cs.StreamEncoder.writeBytes(Unknown Source)
        at sun.nio.cs.StreamEncoder.implFlushBuffer(Unknown Source)
        at sun.nio.cs.StreamEncoder.implFlush(Unknown Source)
        at sun.nio.cs.StreamEncoder.flush(Unknown Source)
        at java.io.OutputStreamWriter.flush(Unknown Source)
        at java.io.BufferedWriter.flush(Unknown Source)
        at Client.main(Client.java:33)

OpenSSL s_client状态日志 如上所述,我不确定该工具告诉我什么或我是否运行正确.

OpenSSL s_client state log As I mentioned above, I'm not really sure what this tool is telling me or if I am running it correctly.

openssl.exe s_client -connect {serverIP}:{serverPort} -cert client.cer -key client.key -cipher AES128-SHA -state
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Enter pass phrase for client.key:
Loading 'screen' into random state - done
CONNECTED(000000E0)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 C = CA, ST = ON, O = Organization, CN = DEV2008
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=CA/ST=ON/O=Organization/CN=Server
   i:/C=CA/ST=ON/O=Organization/CN=DEV2008
 1 s:/C=CA/ST=ON/O=Organization/CN=DEV2008
   i:/C=CA/ST=ON/O=Organization/CN=DEV2008
---
Server certificate
-----BEGIN CERTIFICATE-----
{snipped due to post length}
-----END CERTIFICATE-----
subject=/C=CA/ST=ON/O=Organization/CN=Server
issuer=/C=CA/ST=ON/O=Organization/CN=DEV2008
---
No client certificate CA names sent
---
SSL handshake has read 2157 bytes and written 1672 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : AES128-SHA
    Session-ID: E6EB30E4E24114A59436063BE2A732B3CBF6F47A57AA34CFBFB584FC1517F5D9
    Session-ID-ctx:
    Master-Key: 86307078588C268CDCFCD6B9ABBD55DC8C0A61E900384D3FF99091E030EF9C831B61A880D33313D0DCC7C6688507790A
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1405627491
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
read:errno=0
SSL3 alert write:warning:close notify

我注意到,在SSL调试日志的CertificateRequest部分中,证书颁发机构"列表为".我在一个问题中读到这是服务器的配置问题,但事实并非如此,因为当前的终端运行正常.我还读了另一个问题,那就是取决于实施情况,并且可以允许这样做.我不确定哪一个是正确的,但是我可以确定终端当前可以连接到服务器,而我的测试客户端无法连接.

I noticed that in the CertificateRequest section of the SSL debug log, the Cert Authorities list is "". I read in one question that this is a configuration issue of the server, but that can't be the case because the current terminals work with no problems. I also read in another question that that is up to the implementation and may be allowed. I'm not sure which is true, but I am certain the the terminals are currently able to connect to the server, whereas my test client is unable to.

您知道我做错了什么,当我尝试连接时出现问题并握手失败吗?

Do you know what I'm doing wrong such that I get and handshake_failure when I try to connect?

感谢您能提供的任何帮助.

Thank you for any help you are able to provide.

推荐答案

丹,

我在调试中注意到很多忽略不受支持的xxxx协议".如果添加;

I notice a lot of "Ignoring unsupported xxxx protocols" in your debug. If you add;

socket.setEnabledProtocols(new String[]{"SSLv3", "TLSv1"}); 

创建工厂后,在代码中

应该可以解决握手问题.

to your code just after you create the factory, that should solve the handshake issue.

这篇关于使用双向身份验证连接到服务器时,Java测试客户端中的SSL Handshake_failure的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆