接收SSLHandshakeException:尽管我的客户端忽略了所有证书，但是handshake_failure [英] Receiving SSLHandshakeException: handshake_failure despite my client ignoring all certs

问题描述

我有一个Java程序，该程序使用SSL/TLS连接到Web服务器，并通过该连接发送各种HTTP请求.服务器是localhost，并且正在使用自签名证书，但是我的代码正在使用自定义TrustManager，并且忽略无效的证书.到目前为止，它一直运行良好.

I have a Java program that connects to a webserver using SSL/TLS, and sends various HTTP requests over that connection. The server is localhost and is using a self-signed cert, but my code is using custom TrustManagers, and ignores invalid certificates. It has worked perfectly until now.

服务器上的唯一区别是它曾经运行过jboss 6，现在正在运行jboss7.我不确定这是否是配置问题，还是我的代码是否有问题，但是我得到了如果尝试使用WebScarab或ZAP等其他基于Java的程序进行连接，则会出现相同的错误.

The only difference on the server is that it used to run jboss 6 and is now running jboss 7. I'm not sure if this is a configuration issue, or whether there is a problem with my code, but I get the same errors if I try to connect using other Java-based programs like WebScarab or ZAP.

无论如何，我可以对我的代码做些什么来解决此问题?这是完整的错误:

In any case, is there anything I can do to my code to get around this problem? Here is the error in full:

Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)

以下是失败之前的调试消息:

Here are the debug messages before the failure:

main, WRITE: TLSv1 Handshake, length = 75
main, WRITE: SSLv2 client hello message, length = 101
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure

推荐答案

所以我发现了问题. Java中可能存在一个错误，但是客户端似乎启动了TLSv1握手，但随后发送了SSLv2客户端问候消息，此时服务器拒绝了连接.

So I found the problem. There might be a bug in Java, but the client seems to initiate a TLSv1 Handshake, but then sends an SSLv2 client hello message, at which point the server rejects the connection.

即使您使用TLS实例创建SSLContext，也会发生这种情况:

This happens even if you create your SSLContext with an instance of TLS:

SSLContext sslContext = SSLContext.getInstance("TLS");

解决方案是在尝试进行任何连接之前设置系统属性:

The solution is to set a system property before any connection attempts are made:

System.setProperty("https.protocols", "TLSv1");

可能还有其他解决方案，但这对我有用.

There are probably other solutions to it, but this one worked for me.

这篇关于接收SSLHandshakeException:尽管我的客户端忽略了所有证书，但是handshake_failure的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！