使用Java版本“1.7.0_79”的SSL握手失败 [英] SSL Handshake failure with Java version "1.7.0_79"
问题描述
我正在使用Apache HttpClient与Java中的一个主机进行通信,它正在抛出 handshake_failure 。完整跟踪是
I am communicating with one of the host in Java using Apache HttpClient and it is throwing handshake_failure. The full trace is
触发了SecureRandom播种播种SecureRandom忽略
不可用的密码套件:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA忽略
不可用的密码套件:TLS_DHE_RSA_WITH_AES_256_CBC_SHA忽略
不可用的加密套件:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA忽略
不支持的加密算法套件:TLS_DHE_DSS_WITH_AES_128_CBC_SHA256忽略
不支持的加密算法套件:TLS_DHE_DSS_WITH_AES_256_CBC_SHA256忽略
不支持的加密算法套件:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256忽略
不支持密码套件:TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
忽略不支持的加密算法套件:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
忽略不支持的加密算法套件:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384忽略不支持密码
套房:TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384忽略不支持
密码套件:TLS_RSA_WITH_AES_256_CBC_SHA256忽略不可用
密码套件:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA忽略
不支持的加密算法套件:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
忽略不支持的加密算法套件:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384忽略不可用的密码
套房:TLS_DHE_DSS_WITH_AES_256_CBC_SHA忽略不支持密码
套房:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384忽略不支持
密码套件:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256忽略
不支持的加密算法套件:TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
忽略不可用的加密套件:TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
忽略不可用的加密套件:TLS_RSA_WITH_AES_256_CBC_SHA
忽略不支持的加密算法套件:TLS_RSA_WITH_AES_128_CBC_SHA256
允许不安全的重新协商:false允许遗留问候消息:true是
初始握手:是安全重新协商:false %%没有缓存
客户端会话
* ClientHello,TLSv1 RandomCookie :格林尼治标准时间:14775 93324字节= {140,171,214,217,33,165,60,228,102,207,88,112,29,40,198,242,
159,61,172,89,116, 98,如图7所示,195,182,144,159,226}会话ID:
{}密码套件:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA ,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA ,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_RC4_128_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Comp ression方法:{0}扩展椭圆曲线,曲线名称:
{secp256r1,sect163k1,sect163r2,secp192r1,secp224r1,sect233k1,
sect233r1,sect283k1,sect283r1,secp384r1,sect409k1,sect409r1,
secp521r1 ,sect571k1,sect571r1,secp160k1,secp160r1,secp160r2,
sect163r1,secp192k1,sect193r1,sect193r2,secp224k1,sect239k1,
secp256k1}扩展ec_point_formats,格式:[未压缩]
扩展server_name,server_name: [host_name:
integration.swiggy.com]
[write] MD5和SHA1哈希:len = 180 0000:01 00 00 B0 03 01 58 12 49 EC 8C AB D6 D9 21 A5 ...... XI ....! 0010:3C E4 66 CF 58 70
1D 28 C6 F2 9F 3D AC 59 74 62< .f.Xp。(... =。Ytb 0020:07 C3 B6 90 9F
E2 00 00 2A C0 09 C0 13 00 2F C0 ........ ..... /。0030:04 C0 0E 00
33 00 32 C0 08 C0 12 00 0A C0 03 C0。 ...... 3.2 ......... 0040:0D 00 16
00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ............... 。0050:04 00
FF 01 00 00 5D 00 0A 00 34 00 32 00 17 00 ......] ...... 4.2 ... 0060:01
00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................ 0070:
18 00 0B 00 0C 00 19 00 0 00 00 0E 00 0F 00 10 00 ... ............... $ b $ 00 0080:11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00
........... ..... 0090:0 00 00 02 01 00 00 00 00 1 00 00 00 00 00 16 69
6E .............. 00A0:74 65 67 72 61 74 69 6F 6E 2E 73 77 69 67
67 79 tegration.swiggy 00B0:2E 63 6F 6D
.com main,WRITE:TLSv1握手,长度= 180 [原始写入]:长度=
185 0000:16 03 01 00 B4 01 00 00 B0 03 01 58 12 49 EC 8C
.. ......... XI。0010:AB D6 D9 21 A5 3C E4 66 CF 58 70 1D 28 C6 F2
9F ...!。< .f.Xp。(... 0020 :3D AC 59 74 62 07 C3 B6 90 9F E2 00 00 2A
C0 09 = .Ytb ........ * .. 0030:C0 13 00 2F C0 04 C0 0E 00 33 00 32 C0
08 C0 12 ... / ..... 3.2 .... 0040:00 0A C0 03 C0 0D 00 16 00 13 C0 07
C0 11 00 05 ....... ......... 0050:C0 02 C0 0C 00 04 00 FF 01 00 00
5D 00 0A 00 34 ...........] ... 4 0060:00 32 00 17 00 01 00 03 00 13
00 15 00 06 00 07 .2 .............. 0070:00 09 00 0A 00 18 00 0B 00
0C 00 19 00 0D 00 0E ................ 0080:00 0F 00 10 00 11 00 02
00 12 00 04 00 05 00 14 .. ..................................................................................... .. 00A0:00 00 16 69 6E 74
65 67 72 61 74 69 6F 6E 2E 73 ... integration.s 00B0:77 69 67 67 79
2E 63 6F 6D wiggy.com例外情况thread
mainjavax.net.ssl.SSLHandshakeException:收到致命警报:
handshake_failure
sun.security.ssl.Alerts.getSSLException(Alerts.java:192)at
sun.security.ssl.Alerts.getSSLException(Alerts.java:154)at
sun .security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)at
sun.security.ssl.SSLSocketImpl.performInitialHandshake (SSLSocketImpl.java:1332)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at
sun.security.ssl.SSLSocketImpl.startHandshake (SSLSocketImpl.java:1343)
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
at
org.apache.http .conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
at
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
at
org。 apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
at
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec .java:184)
at
org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at
org.apache.http.impl .execchain.RedirectExec.execute(RedirectExec.java:110)
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at
HttpURLConnectionExample.sendGet1(HttpURLConnectionExample.java:83)
at HttpURLConnectionExample.main(HttpURLConnectionExample.java:48)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)at
com.intellij.rt。 execution.application.AppMain.main(AppMain.java:144)
[原始读取]:长度= 5 0000:15 03 01 00 02
..... [原始读取]: length = 2 0000:02 28
。(main,READ:TLSv1 Alert,length = 2 main,RECV TLSv1 ALERT:致命,
handshake_failure main,名为closeSocket()main,处理异常:
javax.net.ssl.SSLHandshakeException:收到致命警报:
handshake_failure
trigger seeding of SecureRandom done seeding SecureRandom Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false %% No cached client session * ClientHello, TLSv1 RandomCookie: GMT: 1477593324 bytes = { 140, 171, 214, 217, 33, 165, 60, 228, 102, 207, 88, 112, 29, 40, 198, 242, 159, 61, 172, 89, 116, 98, 7, 195, 182, 144, 159, 226 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension server_name, server_name: [host_name: integration.swiggy.com] [write] MD5 and SHA1 hashes: len = 180 0000: 01 00 00 B0 03 01 58 12 49 EC 8C AB D6 D9 21 A5 ......X.I.....!. 0010: 3C E4 66 CF 58 70 1D 28 C6 F2 9F 3D AC 59 74 62 <.f.Xp.(...=.Ytb 0020: 07 C3 B6 90 9F E2 00 00 2A C0 09 C0 13 00 2F C0 ............./. 0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 ....3.2......... 0040: 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ................ 0050: 04 00 FF 01 00 00 5D 00 0A 00 34 00 32 00 17 00 ......]...4.2... 0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................ 0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................ 0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................ 0090: 0B 00 02 01 00 00 00 00 1B 00 19 00 00 16 69 6E ..............in 00A0: 74 65 67 72 61 74 69 6F 6E 2E 73 77 69 67 67 79 tegration.swiggy 00B0: 2E 63 6F 6D
.com main, WRITE: TLSv1 Handshake, length = 180 [Raw write]: length = 185 0000: 16 03 01 00 B4 01 00 00 B0 03 01 58 12 49 EC 8C ...........X.I.. 0010: AB D6 D9 21 A5 3C E4 66 CF 58 70 1D 28 C6 F2 9F ...!.<.f.Xp.(... 0020: 3D AC 59 74 62 07 C3 B6 90 9F E2 00 00 2A C0 09 =.Ytb........*.. 0030: C0 13 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 .../.....3.2.... 0040: 00 0A C0 03 C0 0D 00 16 00 13 C0 07 C0 11 00 05 ................ 0050: C0 02 C0 0C 00 04 00 FF 01 00 00 5D 00 0A 00 34 ...........]...4 0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2.............. 0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................ 0080: 00 0F 00 10 00 11 00 02
00 12 00 04 00 05 00 14 ................ 0090: 00 08 00 16 00 0B 00 02 01 00 00 00 00 1B 00 19 ................ 00A0: 00 00 16 69 6E 74 65 67 72 61 74 69 6F 6E 2E 73 ...integration.s 00B0: 77 69 67 67 79 2E 63 6F 6D wiggy.com Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at HttpURLConnectionExample.sendGet1(HttpURLConnectionExample.java:83) at HttpURLConnectionExample.main(HttpURLConnectionExample.java:48) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144) [Raw read]: length = 5 0000: 15 03 01 00 02
..... [Raw read]: length = 2 0000: 02 28
.( main, READ: TLSv1 Alert, length = 2 main, RECV TLSv1 ALERT: fatal, handshake_failure main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
我尝试了很多东西,但无法弄清楚到底是什么问题。
I have tried many things, but cannot figure out what exactly is the issue.
推荐答案
你的公关oblem是没有任何共同的密码套件由integration.swiggy.com和Java 7共享。启用TLSv1.2无济于事。
Your problem is that there aren't any common ciphersuites shared by integration.swiggy.com and Java 7. Enabling TLSv1.2 isn't going to help.
你可以下载来自的Java 7的JCE Unlimited Strength Jurisdiction Policy文件http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html 并在JRE的lib /下替换两个JAR(local_policy.jar,US_export_policy.jar)安全目录与下载的包中的安全目录。这将添加额外的(更强大的)密码套件,您应该能够连接而无需对代码进行任何更改或启用TLSv1.2。
You can download the JCE Unlimited Strength Jurisdiction Policy files for Java 7 from http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html and replace the two JARs (local_policy.jar, US_export_policy.jar) under your JRE's lib/security directory with the ones from the downloaded package. This will add additional (stronger) ciphersuites and you should be able to connect without having to make any changes to your code or enable TLSv1.2.
作为参考,这里有Java 7(1.7.0_79)中提供的密码套件:
For reference, here are the ciphersuites available in Java 7 (1.7.0_79):
Default Cipher
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
* SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
* SSL_RSA_WITH_RC4_128_MD5
* SSL_RSA_WITH_RC4_128_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_NULL_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_NULL_SHA
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_NULL_SHA
* TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_NULL_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
* TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5
TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_WITH_3DES_EDE_CBC_MD5
TLS_KRB5_WITH_3DES_EDE_CBC_SHA
TLS_KRB5_WITH_DES_CBC_MD5
TLS_KRB5_WITH_DES_CBC_SHA
TLS_KRB5_WITH_RC4_128_MD5
TLS_KRB5_WITH_RC4_128_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256
以下是使用无限字符串管辖权政策文件后:
and here are the ones after using the Unlimited Stringth Jurisdiction policy files:
Default Cipher
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
* SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
* SSL_RSA_WITH_RC4_128_MD5
* SSL_RSA_WITH_RC4_128_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA256
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_NULL_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_NULL_SHA
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_NULL_SHA
* TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_NULL_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
* TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5
TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_WITH_3DES_EDE_CBC_MD5
TLS_KRB5_WITH_3DES_EDE_CBC_SHA
TLS_KRB5_WITH_DES_CBC_MD5
TLS_KRB5_WITH_DES_CBC_SHA
TLS_KRB5_WITH_RC4_128_MD5
TLS_KRB5_WITH_RC4_128_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256
ciphersuites offe merge.swiggy.com的红色是:
The ciphersuites offered by integration.swiggy.com are:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS 256
这些都不在Java 7提供的标准密码集。但是,最后4个是通过Unlimited Strength Jurisdiction Policy文件添加的。
None of these are in the standard set of ciphersuites provided by Java 7. However, the last 4 get added via the Unlimited Strength Jurisdiction Policy files.
这篇关于使用Java版本“1.7.0_79”的SSL握手失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
