SSL连接重置 [英] SSL Connection Reset

问题描述

我试图连接到Java中的HTTPS端点。每次我都试过的方法（下文详细介绍）最终产生该堆栈跟踪：

 产生java.net.SocketException：连接重置
在java.net.SocketInputStream.read（SocketInputStream.java:168）
在com.sun.net.ssl​​.internal.ssl.InputRecord.readFully（InputRecord.java:293）
在com.sun.net.ssl​​.internal.ssl.InputRecord.read（InputRecord.java:331）
在com.sun.net.ssl​​.internal.ssl.SSLSocketImpl.readRecord（SSLSocketImpl.java:798）
在com.sun.net.ssl​​.internal.ssl.SSLSocketImpl.performInitialHandshake（SSLSocketImpl.java:1138）
在com.sun.net.ssl​​.internal.ssl.SSLSocketImpl.readDataRecord（SSLSocketImpl.java:753）
在com.sun.net.ssl​​.internal.ssl.AppInputStream.read（AppInputStream.java:75）
 

我曾尝试：

• 与使用javax SOAP库和一个新的URL连接（https：//开头...）


• 新的URL连接（https：//开头...）.openConnection（）



• 手工创建SSL连接：

    Security.addProvider（新com.sun.net.ssl​​.internal.ssl.Provider（））;
      SSLSocketFactory的工厂=（的SSLSocketFactory）SSLSocketFactory.getDefault（）;    SSLSocket的插座=（SSLSocket的）factory.createSocket（...，443）;    作家出=新OutputStreamWriter（socket.getOutputStream（））;
      // HTTPS需要在GET线的完整URL
      //
      out.write（GET / HTTP / 1.0 \\ r \\ n）;
      out.write（\\ r \\ n）;
      了out.flush（）;    //读取响应
      在的BufferedReader =新的BufferedReader（
                  新的InputStreamReader（socket.getInputStream（）））;
      INT℃;
      而（（C = in.read（））！=  -  1）{
          System.out.write（C）;
      }    out.close（）;
      附寄（）;
      socket.close（）;
   

一些更多的细节：

• 每次我都试过兑其他SSL服务器的工作方法，正是这种特定的服务器（我不能随意讨论什么样的服务器，这是一个商业合作伙伴）


• 我可以连接到这台服务器都与网络浏览器，并与卷曲一个伪造了SOAP请求;这东西的Java相关的。

所以，它似乎pretty明显的是Java和HTTPS服务器之间的一些分歧握手应该怎么走下来，这可能意味着服务器有一些奇怪的SSL配置。但是，我没有对服务器的直接访问，和谁做的人都是半个地球，所以沟通是有点紧张，由于非常不同的时区。

如果我的假设有正确的，什么可能的SSL问题莫不是？什么可能导致这样的事情？我在哪里可以让人们在服务器的控制来寻找问题？当我做卷曲的要求，我回来这些服务器配置头：

 服务器：Apache / 2.2.9（Debian的）的mod_jk / 1.2.26 PHP / 5.2.6-1 + lenny10用了Suhosin-补丁了mod_ssl / 2.2.9的OpenSSL / 0.9.8g的mod_perl / 2.0.4的Perl / v5.10.0
的X已启动方式：PHP / 5.2.6-1 + lenny10
的X SOAP的服务器：的NuSOAP / 0.7.3（1.114）
 

解决方案

这是一个SSL版本的问题。服务器只支持SSLv3的，和Java将在V2启动，并尝试向上谈判，但并不是所有的服务器都支持这种类型的协商。

Java的强制使用SSLv3的不仅是我所知道的唯一解决方案。

编辑，有两种方法可以做到这一点，我所知道的：

• 如果你手工创建的插座，您可以设置启用的协议

  socket.setEnabledProtocols（新的String [] {SSLv3的}）;




• 如果您使用的是更高级别的图书馆，你可能需要将所有SSL请求V3只使用，这是与https.protocols系统属性实现的：

  Java的-Dhttps.protocols = SSLv3的

I am attempting to connect to an HTTPS endpoint in Java. Every method I have tried (more details below) ends up generating this stack trace:

java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:753)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)

I have tried:

• Connecting with the javax SOAP libs and a new URL("https://...")
• Connecting with new URL("https://...").openConnection()

• Creating an SSL connection by hand:

          Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
      SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
  
      SSLSocket socket = (SSLSocket) factory.createSocket("...", 443);
  
      Writer out = new OutputStreamWriter(socket.getOutputStream());
      // https requires the full URL in the GET line
      //
      out.write("GET / HTTP/1.0\r\n");
      out.write("\r\n");
      out.flush();
  
      // read response
      BufferedReader in = new BufferedReader(
                  new InputStreamReader(socket.getInputStream()));
      int c;
      while ((c = in.read()) != -1) {
          System.out.write(c);
      }
  
      out.close();
      in.close();
      socket.close();
  

A few more details:

• Every method I have tried has worked against other SSL servers, it's this particular server (I am not at liberty to discuss what server, it's a business partner)
• I can connect to this server both with a web browser, and with a faked up SOAP request with curl; This is something Java-specific.

So, it seems pretty clear that there is some disagreement between Java and the HTTPS server over how the handshake should go down, which probably means the server has some strange SSL configuration. However, I don't have direct access to the server, and the people who do are halfway around the world, so communication is a little strained due to very different timezones.

If my assumptions there are correct, what possible SSL problems could there be? What might cause something like this? Where can I ask the people in control of the server to look for issues? When I do the request with curl, I get back these server configuration headers:

Server: Apache/2.2.9 (Debian) mod_jk/1.2.26 PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
X-Powered-By: PHP/5.2.6-1+lenny10
X-SOAP-Server: NuSOAP/0.7.3 (1.114)

解决方案

It is an SSL version problem. The server only supports SSLv3, and Java will start at v2, and attempt to negotiate upwards, but not all servers support that type of negotiation.

Forcing java to use SSLv3 only is the only solution I'm aware of.

Edit, there are two ways to do this that I'm aware of:

• If you are creating the socket by hand, you can set the enabled protocols

  socket.setEnabledProtocols(new String[] { "SSLv3" });

• If you are using a higher level library, you probably need to set all SSL requests to use v3 only, which is accomplished with the "https.protocols" system property:

  java -Dhttps.protocols=SSLv3

这篇关于SSL连接重置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！