Java 8,TSL v1和javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了Java 8,TSL v1和javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含5410字,纯文字阅读大概需要8分钟。
内容图文
当我尝试将Java 8应用程序连接到Web服务时,我得到SSLHandshakeException.
www.ssllabs.com说我的Web服务不支持TLSv1.1和TSLv1.2.
所以我执行SSLPoke:
java -Djavax.net.debug=all -Djdk.tls.client.protocols="TLSv1" -Dhttps.protocol="TLSv1" SSLPoke ws.seur.com 443
我得到:
*** ClientHello, TLSv1
RandomCookie: GMT: 1450188882 bytes = { 215, 201, 145, 239, 52, 121, 175, 184, 120, 99, 193, 227, 113, 25, 222, 207, 145, 219, 37, 4, 82, 26, 128, 21, 217, 243, 4, 139 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [type=host_name (0), value=ws.seur.com]
***
[write] MD5 and SHA1 hashes: len = 171
0000: 01 00 00 A7 03 01 56 70 20 52 D7 C9 91 EF 34 79 ......Vp R....4y
0010: AF B8 78 63 C1 E3 71 19 DE CF 91 DB 25 04 52 1A ..xc..q.....%.R.
0020: 80 15 D9 F3 04 8B 00 00 2C C0 0A C0 14 00 35 C0 ........,.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 0D 00 ..3.2...........
0050: 16 00 13 00 FF 01 00 00 52 00 0A 00 34 00 32 00 ........R...4.2.
0060: 17 00 01 00 03 00 13 00 15 00 06 00 07 00 09 00 ................
0070: 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 ................
0080: 10 00 11 00 02 00 12 00 04 00 05 00 14 00 08 00 ................
0090: 16 00 0B 00 02 01 00 00 00 00 10 00 0E 00 00 0B ................
00A0: 77 73 2E 73 65 75 72 2E 63 6F 6D ws.seur.com
main, WRITE: TLSv1 Handshake, length = 171
[Raw write]: length = 176
0000: 16 03 01 00 AB 01 00 00 A7 03 01 56 70 20 52 D7 ...........Vp R.
0010: C9 91 EF 34 79 AF B8 78 63 C1 E3 71 19 DE CF 91 ...4y..xc..q....
0020: DB 25 04 52 1A 80 15 D9 F3 04 8B 00 00 2C C0 0A .%.R.........,..
0030: C0 14 00 35 C0 05 C0 0F 00 39 00 38 C0 09 C0 13 ...5.....9.8....
0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A ./.....3.2......
0050: C0 03 C0 0D 00 16 00 13 00 FF 01 00 00 52 00 0A .............R..
0060: 00 34 00 32 00 17 00 01 00 03 00 13 00 15 00 06 .4.2............
0070: 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D ................
0080: 00 0E 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 ................
0090: 00 14 00 08 00 16 00 0B 00 02 01 00 00 00 00 10 ................
00A0: 00 0E 00 00 0B 77 73 2E 73 65 75 72 2E 63 6F 6D .....ws.seur.com
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
at SSLPoke.main(SSLPoke.java:31)
为什么我得到RECV TLSv1.2 ALERT:致命,握手_failure如果我强迫TLSv1?
在Java 7上它工作正常,但Java 8不起作用.
解决方法:
如用户1516873的answer所示,客户端(Java 8u51或更高版本)和服务器(ws.seur.com)不支持通用密码套件.默认情况下,客户端中的Java 8 Update 51 removed support for RC4 ciphers被认为是弱的并且受到损害.
Area: security-libs/javax.net.ssl Synopsis: Prohibit RC4 cipher suites
RC4 is now considered as a compromised cipher. RC4 cipher suites have
been removed from both client and server default enabled cipher suite
list in Oracle JSSE implementation. These cipher suites can still be
enabled by SSLEngine.setEnabledCipherSuites() and
SSLSocket.setEnabledCipherSuites() methods.See JDK-8077109 (not public).
虽然最好的做法是联系WebService提供商并让他们更新TLS配置,但在发布说明中描述了在客户端启用RC4的解决方法.但请注意,出于某种原因删除了对RC4的支持,并且通过重新启用它,您将使客户端的用户暴露于较低的安全标准.
内容总结
以上是互联网集市为您收集整理的Java 8,TSL v1和javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure全部内容,希望文章能够帮你解决Java 8,TSL v1和javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。