使用SSL访问RDS-不支持的记录版本Unknown-0.0 [英] Accessing RDS With SSL - Unsupported record version Unknown-0.0

问题描述

我正在使用Amazon RDS MySQL并使用SSL证书进行连接(默认证书位于

I am using Amazon RDS MySQL and connecting with SSL certificate(the default certificate available at http://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem), I am doing the following steps:

1. 下载了mysql-ssl-ca-cert.pem
2. 将上述文件修改为JKS格式
3. 然后通过Spring - Hibernate模板(org.springframework.beans.factory.config.PropertyPlaceholderConfigurer)从Web应用程序连接并也使用c3p0，我们将其他URL参数设置为jdbc:URL/DB?autoReconnect=true&useUniCode=true&characterEncoding=UTF-8&useSSL=true&verifyServerCertificate=false&requireSSL=true

1. Downloaded the mysql-ssl-ca-cert.pem
2. Modified the above file to JKS format
3. And connecting from a web application through Spring - Hibernate template (org.springframework.beans.factory.config.PropertyPlaceholderConfigurer) and also use c3p0, we are setting additional URL parameter as jdbc:URL/DB?autoReconnect=true&useUniCode=true&characterEncoding=UTF-8&useSSL=true&verifyServerCertificate=false&requireSSL=true

但是我正面临以下问题...

But I am facing the below issue...

javax.net.ssl.SSLException: Unsupported record version Unknown-0.0

我该如何解决?

推荐答案

基本上，这意味着SSL解析器已丢失.套接字层已为其传递了一些不适合SSL协议的字节.

Basically it means that the SSL parser is lost. The sockets layer has passed it some bytes that don't fit the SSL protocol.

使用SSL套接字传输时，它将调用格式化和加密例程以创建加密的数据包.然后，它调用普通套接字层将加密的数据包传输到服务器.服务器的套接字层接收数据包，然后调用SSL包对数据包进行解密.如果数据包不符合SSL格式，则会出现不支持的版本异常.

When you transmit using an SSL Socket, it calls a formatting and encryption routine to create the encrypted packet. It then calls the plain sockets layer to transfer the encrypted packet to the server. The server's sockets layer receives the packet and then calls the SSL package to decrypt the packet. If the packet doesn't fit the SSL format, you get the unsupport version exception.

所有到达套接字层的字节都发送到SSL包.因此，解决此错误的最简单方法是在建立SSL连接后使用普通套接字层传输纯文本消息.

All bytes that arrive at the socket layer are sent to the SSL package. So the simplest way to get that error is to use the plain sockets layer to transmit a plain text message after establishing the SSL connection.

在我的特定情况下，我遇到了此错误消息，因为我正在传输额外的字节.让我们看看我是否可以清楚地解释我的错误.

In my particular case, I ran into this error message because I was transmitting extra bytes. Let's see if I can explain my mistake clearly.

我有一个(例如)100字节的缓冲区.我用50字节的消息包装了缓冲区，并调用了SSL加密例程.生成的数据包长75字节.我调用send()来传输缓冲区.这是一个普通的套接字发送；它按照我的指示去做，就是传输整个100字节的缓冲区.

I had a buffer that was (for example) 100 bytes. I packed the buffer with my 50 byte message and called the SSL encryption routine. The resulting packet was 75 bytes long. I called send() to transmit the buffer. This was a plain sockets send; it did what I told it to do, which was transmit the entire 100 byte buffer.

在服务器上，已接收全部100个字节. SSL软件包尝试解密该数据包.它找到了一个非常好的SSL消息，打包在接收到的前75个字节中.到目前为止，一切都很好.然后，它试图找出剩余的25个字节的含义.它确定这是第二个SSL消息，并试图对其进行解密.那是当它窒息并踢出那个令人讨厌的异常的时候.

At the server, the entire 100 bytes was received. The SSL package tried to decrypt the packet. It found a perfectly good SSL message packed into the first 75 bytes that were received. So far so good. Then it tried to figure out what the remaining 25 bytes meant. It assued that it was a SECOND SSL message and tried to decrypt it. That's when it choked and kicked out that nasty exception.

我希望能为您提供一些有关在代码中查找内容的线索.

I hope that gives you some clues about what to look for in your code.

这篇关于使用SSL访问RDS-不支持的记录版本Unknown-0.0的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！