POST 请求上的 I/O 错误... java.net.SocketException: Connection reset [英] I/O error on POST request for... java.net.SocketException: Connection reset

问题描述

我正在使用 Spring Rest Template 来调用托管在 SSL 端点上的 REST 服务.在第一个请求之后，我收到以下错误.环境为AWS EC2，Open JDK 1.8.161，Linux.端点仅支持 TLSv1.2 和 1.3.

I am using Spring Rest Template to call a REST service that is hosted at an SSL endpoint. After the first request, I am getting the below error. The environment is AWS EC2, Open JDK 1.8.161, Linux. The endpoint only supports TLSv1.2 and 1.3.

 org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://mycompany.com": Connection reset; nested exception is java.net.SocketException: Connection reset
        at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:743)
        at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:686)
        at org.springframework.web.client.RestTemplate.postForObject(RestTemplate.java:437)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:855)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
    ... more stack here
Caused by: java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream.java:210)
    at java.net.SocketInputStream.read(SocketInputStream.java:141)
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
    at sun.security.ssl.InputRecord.read(InputRecord.java:503)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
    at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:940)
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
    at .....
    ... 107 common frames omitted

任何指导将不胜感激=!​​!

Any guidance will be greatly appreciated=!!

推荐答案

这感觉很像协议问题.AWS 完全支持 TLS 1.2 或更高版本，但客户端不支持.Rest Template 如果没有另外配置，将开始与 TLS 1.0 协商.您必须强制使客户端只连接 1.2 或 1.3 协议栈.

This quite feels like the protocol issue. The AWS is fully TLS 1.2 or higher supporting, but the client is not. The Rest Template if not configured otherwise, will start negotiation with TLS 1.0. You have to forcefully make the client to connect only with 1.2 or 1.3 protocol stacks.

一般来说，这可以在创建客户端时进行配置.类似的东西

In general, this can be configured while creating the client. Something similar to this

SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, null, null);

CloseableHttpClient httpClient = HttpClientBuilder.create().setSSLContext(context)
    .build();
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate = new RestTemplate(factory);

您可以找到如何根据 spring 版本调整模板.强制客户端只协商允许的协议将解决这个问题.

You can find how to tune the template based on the spring version. Forcing the client to negotiate only on the allowed protocols will solve this problem.

这篇关于POST 请求上的 I/O 错误... java.net.SocketException: Connection reset的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！