“收到的致命警报:handshake_failure"在链接的JRE中 [英] "Received fatal alert: handshake_failure" in jlinked JRE
问题描述
我的Java程序通过java.net.http.HttpClient
(Java 11)发送请求.
My Java program sends requests by java.net.http.HttpClient
(Java 11).
当我在OpenJDK 11的JRE上的Eclipse中运行它时,它就可以工作.
It works when I am running it in Eclipse on OpenJDK 11's JRE.
在自定义链接JRE上,出现错误:
On custom jlinked JRE, I get an error:
java.io.IOException: Received fatal alert: handshake_failure
我想问题在于我的自定义JRE.
I suppose the problem is with my custom JRE.
推荐答案
TL;没有jdk.crypto.ec
的DR jlink无法与具有椭圆曲线证书的服务器通信.尝试与运行此服务器的服务器通信时,出现handshake_failure
错误.
TL;DR jlink without jdk.crypto.ec
cannot talk to a server that has an elliptic curve certificate. You get a handshake_failure
error when trying to talk to a server running with this.
在构建可部署的jre时,如果不包括jdk.crypto.ec
模块,则它将无法与仅具有椭圆曲线证书的服务器通信.我用以下方法模拟了一个:
When you build a deployable jre, if you do not include the jdk.crypto.ec
module, then it will be unable to talk to servers that only have an elliptic curve certificate. I mocked up one using:
out_dom=localhost
subj="/C=IE/CN=localhost"
openssl ecparam -name secp384r1 -genkey \
-out $out_dom.key
openssl req -new \
-subj "$subj" \
-key $out_dom.key \
-out $out_dom.csr
openssl req -x509 -nodes \
-days 365 \
-key $out_dom.key \
-in $out_dom.csr \
-out $out_dom.crt
当我使用标准JRE与该服务器通信时,出现关于PKIX path building failed
的错误-即cert不在cacerts文件中.
When I talk to this server with the standard JRE, I get the error about PKIX path building failed
- i.e. the cert isn't in the cacerts file.
当我使用以下方法创建jlink jre时:
When I created a jlink jre using:
jlink --module-path . --add-modules java.base --output jlinked
并使用测试的TLS应用运行:jlinked/bin/java
,我得到了错误:Received fatal alert: handshake_failure
,这与OP的问题相同.
and ran: jlinked/bin/java
with a test TLS app, I got the error: Received fatal alert: handshake_failure
, which is the same as the OP's problem.
添加时:
jlink --module-path . \
--add-modules java.base \
--add-modules jdk.crypto.ec \
--output jlinked
然后重新运行,我遇到了PKIX path building failed
错误,表明它工作正常.
and re-ran, I experienced the PKIX path building failed
error, which indicates that it's working properly.
这篇关于“收到的致命警报:handshake_failure"在链接的JRE中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!