Java SSL握手警报no_negotiation [英] Java SSL handshake alert no_negotiation
问题描述
与网络服务通信时发生此错误.
This error happened while communicating with a webservice.
客户报告了错误:
javax.net.ssl.SSLException: Received fatal alert: unexpected_message
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1991)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1098)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:903)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:687)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1324)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2223)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2192)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2036)
服务器日志中存在错误
javax.net.ssl.SSLProtocolException: handshake_alert
推荐答案
服务器似乎未更新为RFC5746.
It looked like server was not updated to RFC 5746.
我偶然发现了 https://www.digicert.com/news/2011-06-03-ssl-renego.htm 和欺骗
如果服务器没有按照RFC 5746做出响应,则客户端必须中止重新协商握手.
If the server does not respond in accordance with RFC 5746, the client MUST abort the renegotiation handshake.
然后我发现 http://www.oracle.com/technetwork/java/javase/overview/tlsreadme2-176330.html
sun.security.ssl.allowUnsafeRenegotiation-在阶段1中引入,它控制是否允许旧的(不安全的)重新协商.
sun.security.ssl.allowUnsafeRenegotiation - Introduced in Phase 1, this controls whether legacy (unsafe) renegotiations are permitted.
一个临时解决方法是添加系统属性
A temporary fix was to add System property
-Dsun.security.ssl.allowUnsafeRenegotiation=true
但事实并非是发生错误的真正原因.真正的原因是我的客户端正在使用旧的SSL.
but that turned out not to be the real reason error happened. The real reason was that my client was using old SSL.
tlsClientParameters.setSecureSocketProtocol("SSL");
我注释了这一行,因此使用了默认值:"TLS"
,之后通信就可以了.
I commented that line, so the default value is used: "TLS"
and after that the communication worked just fine.
这篇关于Java SSL握手警报no_negotiation的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!