Java8，JBoss AS5，SSLException：“收到致命警报：handshake_failure” [英] Java8, JBoss AS5, SSLException: "Received fatal alert: handshake_failure"

问题描述

我的Java应用程序由JBoss AS 5运行。我正在尝试通过URL连接下载图像，但我收到下一个异常：javax.net.ssl.SSLHandshakeException：收到致命警报：handshake_failure

My java application is running by JBoss AS 5. I'm trying to connect by URL to download image, but I receive the next exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

我将trust-managet配置为所有信任的信任经理：

I've configurated trust-managet as "all-trusting trust manager":

 TrustManager[] trustAllCerts = new TrustManager[]{
        new X509TrustManager() {
            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
            @Override
            public void checkClientTrusted(
                java.security.cert.X509Certificate[] certs, String authType) {
            }
            @Override
            public void checkServerTrusted(
                java.security.cert.X509Certificate[] certs, String authType) {
            }
        }
    };

    // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("TLSv1.2");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
    }

    HostnameVerifier hv = new HostnameVerifier() {
        @Override
        public boolean verify(String urlHostName, SSLSession session) {
            return true;
        }
    };
    HttpsURLConnection.setDefaultHostnameVerifier(hv);

我简单的java代码：

My simple java code:

URL url = new URL("https://cdn.hotelbeds.com/giata/62/623081/623081a_hb_ro_007.jpg");
        url.openConnection().connect();

我已激活ssl调试模式（-Djavax.net.debug = ssl）并收到以下内容日志：

I've activated ssl debug mode (-Djavax.net.debug=ssl) and received the following logs:

`18:20:23,030 INFO  [STDOUT] Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
18:20:23,031 INFO  [STDOUT] WorkerThread#1[10.0.0.38:52361], setSoTimeout(0) called
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO  [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
.......................
18:20:23,036 INFO  [STDOUT] Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
18:20:23,036 INFO  [STDOUT] Compression Methods:  {0}
18:20:23,036 INFO  [STDOUT] Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
18:20:23,036 INFO  [STDOUT] Extension ec_point_formats, formats: [uncompressed]
18:20:23,036 INFO  [STDOUT] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
18:20:23,037 INFO  [STDOUT] WorkerThread#1[10.0.0.38:52361], WRITE: TLSv1.2 Handshake, length = 161
18:20:23,065 INFO  [STDOUT] WorkerThread#1[10.0.0.38:52361], READ: TLSv1.2 Alert, length = 2
18:20:23,066 INFO  [STDOUT] WorkerThread#1[10.0.0.38:52361]
18:20:23,066 INFO  [STDOUT] RECV TLSv1.2 ALERT: fatal, handshake_failure
18:20:23,066 INFO  [STDOUT] WorkerThread#1[10.0.0.38:52361], called closeSocket()
18:20:23,066 INFO  [STDOUT] WorkerThread#1[10.0.0.38:52361], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

此外，我尝试使用以下'解决方案'的属性：

Also I've tried to use property the following 'solutions':

• https.protocols = TLSv1.2，TLSv1.1，TLSv1


• crypto.policy = unlimited

java版本是1.8.0_131。如何连接本网站并下载此图片？

The java version is 1.8.0_131. What should I do to connect with this website and download this image?

提前致谢。

推荐答案

从我在SSLLabs检查您的网站时看到的内容和调试输出中缺少的扩展名时，它看起来非常复杂。有关我的答案和解决方案（升级Java），请参见此处。

It very looks like a duplicate from what I see when checking your site against SSLLabs and from the Extension name being absent in the debug output. See here for my answer and the solution (upgrading Java).

这篇关于Java8，JBoss AS5，SSLException：“收到致命警报：handshake_failure”的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！