HTTPS通信失败,与jdk 1.8(64位)服务器的jdk 1.6(32位客户端):读取:未知3.3警报,长度= 2 [英] HTTPS communication failed , jdk 1.6 (32 bit client) with jdk 1.8 (64 bit) server : READ: Unknown-3.3 Alert, length = 2
问题描述
这是我关于stackoverflow的第一个问题.我正在尝试两个雄猫之间的HTTPS通信:
This is my first question of stackoverflow. I am trying HTTPS communication between two tomcats:
- 使用32位JDK1.6的客户端Tomcat.
- 服务器Tomcat,使用64位JDK1.8.
HTTPs请求的客户端代码:
Client Code for HTTPs request:
HttpClient hc = new HttpClient();
hc.startSession(monitAppURL);
int code = hc.executeMethod(poster);
我得到的异常:
收到的致命警报:握手失败
Received fatal alert: handshake_failure
我通过使用 -Djavax.net.debug = ssl:handshake:verbose :
SecureRandom的触发种子
完成播种SecureRandom
允许不安全的重新协商:true
允许旧的问候消息:true
是初始握手:true
是安全的重新协商:true
监视服务@dealy :: nap 30 :: 30,setSoTimeout(0)称为
监视服务@dealy :: nap 30 :: 30,setSoTimeout(0)称为
%%没有缓存的客户端会话
*** ClientHello,TLSv1 RandomCookie:GMT:1468994533字节= {100、134、165、203、220、40、175、72、89、189、99、104、208、177、19、59、234、210,59、1、57、254、73、155、253、82、102、221}会话ID:{}
密码套件:[SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WIT _AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CB _SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_S A,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_W TH_DES40_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: true
Monitoring service @dealy::nap 30::30, setSoTimeout(0) called
Monitoring service @dealy::nap 30::30, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1 RandomCookie: GMT: 1468994533 bytes = { 100, 134, 165, 203, 220, 40, 175, 72, 89, 189, 99, 104, 208, 177, 19, 59, 234, 210, 59, 1, 57, 254, 73, 155, 253, 82, 102, 221 } Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WIT _AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CB _SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_S A, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_W TH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
压缩方法:{0}
***监视服务@dealy :: nap 30 :: 30,写:TLSv1握手,长度= 75
监视服务@dealy :: nap 30 :: 30,写:SSLv2客户端问候消息,长度= 101
监视服务@dealy :: nap 30 :: 30,读取:未知-3.3警报,长度= 2
监视服务@dealy :: nap 30 :: 30,RECV TLSv1警报:致命,握手失败
监视服务@dealy :: nap 30 :: 30,称为closeSocket()监视服务
@dealy :: nap 30 :: 30,正在处理异常:javax.net.ssl.SSLHan shakeException:收到致命警报:handshake_failure
*** Monitoring service @dealy::nap 30::30, WRITE: TLSv1 Handshake, length = 75
Monitoring service @dealy::nap 30::30, WRITE: SSLv2 client hello message, length = 101
Monitoring service @dealy::nap 30::30, READ: Unknown-3.3 Alert, length = 2
Monitoring service @dealy::nap 30::30, RECV TLSv1 ALERT: fatal, Handshake_failure
Monitoring service @dealy::nap 30::30, called closeSocket() Monitoring service
@dealy::nap 30::30, handling exception: javax.net.ssl.SSLHan shakeException: Received fatal alert: handshake_failure
我已使用 set JAVA_OPTS =-Dhttps.protocols =" TLSv1"-Djdk.tls.client.protocols =" TLSv1"-Dcom.sun.net.ssl.checkRevocation = false -Ddeployment启动了JVM.security.TLSv1 = true -Djavax.net.debug = ssl:握手:详细-Dsun.security.ssl.allowUnsafeRenegotiation = true -Djdk.tls.enableRC4CipherSuites = true -Ddeployment.security.TLSv1 = true -Dhttps.cipherSuites = TLS_ECDHE_RSAW
但是仍然无法解决错误.我已经花了很多时间.请帮助我解决此问题.
But still not able to get ride of the error. I've already spent a lot of time. Please help me resolve this issue.
推荐答案
我已经找到解决问题的方法,1.发生了什么事?Java 6默认情况下使用SSlv2Client Hello消息进行握手,即使它使用的是TLSv1协议.握手消息格式为sslv2Client hello
I have found solution to my problem , 1.What was happening ? Java 6 by default uses SSlv2Client Hello message for handshake ,Even though it is using TLSv1 protocol.The Handshake message format is sslv2Client hello
@dealy :: nap 30 :: 30,写:SSLv2客户端问候消息,长度= 101
@dealy::nap 30::30, WRITE: SSLv2 client hello message,length=101
我的服务器使用的是Java 8,出于安全原因禁用了SSLv3,
My server is using java 8 , with SSLv3 disabled for security reason ,
jdk.tls.disabledAlgorithms = SSLv3
jdk.tls.disabledAlgorithms=SSLv3
这导致我的握手消息失败,因为我的客户端正在发送sslv2Client hello消息,即使选择了TLSv1协议进行通信.也报告为bug:
This was causing my handshake message failure ,as my client was sending sslv2Client hello message ,even though TLSv1 protocol was choosen for communication .Its reported as bug :
https://serverfault.com/questions/637880/disabling-sslv3-but-still-supporting-sslv2hello-inapache
如果在jvm中禁用Sslv3,它也会禁用sslv2Client Hello消息支持
If you disable Sslv3 in jvm it also disables sslv2Client Hello message support
2.我做了什么?默认情况下,apache httpClient始终采用jvm原始协议栈进行通信.这就是为什么我的jvm参数不适用于httpclient的原因.
2.What I did ? apache httpClient always takes jvm original protocol stack for communication by default. Thats why my jvm arguments was not working for httpclient.
因此,我通过添加以下代码来覆盖httpclient SSL通信.
so, I overridden the httpclient SSL communication by adding following code .
SSLContext sslContext = SSLContexts.custom()
.useTLS()
.build();
SSLConnectionSocketFactory f = new SSLConnectionSocketFactory(
sslContext,
new String[]{"TLSv1"},
null,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpClient hc = HttpClients.custom()
.setSSLSocketFactory(f)
.build();
最后,Apache httpclient启动了TLSv1格式的握手消息以进行通信.
and finally , Apache httpclient started TLSv1 format handshake message for communication.
我希望这可以帮助遇到相同问题的人,
I hope this will help someone facing same issue ,
谢谢.
这篇关于HTTPS通信失败,与jdk 1.8(64位)服务器的jdk 1.6(32位客户端):读取:未知3.3警报,长度= 2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
