Java 8 支持 TLS 1.2,但 Java 7 不支持
TLS 1.2 was supported in Java 8 but not in Java 7
当我尝试使用 Java 7 连接 URL(支持 TLS 1.2 且之前使用 Java 7 时运行良好的供应商之一 URL)时,我发现以下异常:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1943)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1059)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1321)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1305)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:523)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1087)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
所以我启用了 -Dhttps.protocols=TLSv1.2
、-Djavax.net.ssl.trustStore=<keystoreFilePath>
和 -Djavax.net.ssl.trustStorePassword=<password>
之后我也遇到了同样的问题。然后我将 Java 版本升级到 8,这样它就可以连接到 URL 而不会出现任何 SSL 问题。
根据 this blog,在 Java 8 中,TLS 1.2 是默认设置,TLS 1.2 可以通过 Java 7 中的 属性 -Dhttps.protocols
进行调整. 在 Java 7 中,如果我根据过去的经验启用上述属性,我可以毫无问题地访问 URL。
但是对于URL,我被要求升级Java版本。 Java 7 中提到的上述异常可能导致供应商方面发生什么变化?如果不升级 Java 8,我不能访问 URL 吗?
尝试使用 -Djavax.net.debug=all
时,我得到的结果低于 log
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
qtp11284997-17, setSoTimeout(0) called
qtp11284997-18, setSoTimeout(0) called
%% No cached client session
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: *** ClientHello, TLSv1.2
RandomCookie: GMT: 1465902650 bytes = { GMT: 1465902650 bytes = { 113156, , 91, 215, 64, 8, 63, 32, 255, 223, 156, 170, 50, 244, 156, 18, 241, 241, 229, 169, 35, 160, 22, 15, 111, 204, 231, 28, 25, 203, 70, 164, 77, 14, 181, 126, 159, 152, 111, 221, 254, 59 }
Session ID: {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [host_name: postprod1.ratetiger.com]
***
[write] MD5 and SHA1 hashes: len = 211
0000: 01 00 00 CF 03 03 57 60 E6 3A 71 D7 40 08 3F FF ......W`.:q.@.?.
0010: 9C 32 9C F1 E5 23 16 6F E7 19 46 A4 4D 0E B5 7E .2...#.o..F.M...
0020: 9F 98 6F DD FE 3B 00 00 2A 00 33 C0 04 00 16 00 ..o..;..*.3.....
0030: 05 C0 03 C0 11 C0 02 C0 07 C0 13 C0 08 C0 0C 00 ................
0040: FF C0 0D C0 0E C0 09 00 2F C0 12 00 04 00 32 00 ......../.....2.
0050: 13 00 0A 01 00 00 7C 00 0A 00 34 00 32 00 17 00 ..........4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0242, E119, 001, 0F19, 00164, 1081, 3, 0063, 176, 255, .42, .23, .252, .164 }
Session ID: .{}
..Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { .0 }
........
0080: 11Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
00Extension ec_point_formats, formats: [uncompressed]
02Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [host_name: postprod1.ratetiger.com]
***
[write] MD5 and SHA1 hashes: len = 211
0000: 01 00 00 CF 03 03 57 60 E6 3A 9C 5B 20 DF AA F4 ......W`.:.[ ...
0010: 12 F1 A9 A0 0F CC 1C CB F2 77 01 13 A4 51 03 3F .........w...Q.?
0020: B0 FF 2A 17 FC A4 00 00 2A 00 33 C0 04 00 16 00 ..*.....*.3.....
0030: 05 C0 03 C0 11 C0 02 C0 0700 C0 131 C02 0 008 0 C04 0C 000 0 . 0.5. .0.0 14 00 08 00 16 00 .......................
.0.0.4.0
0090: : 0BF 00F 0 C02 0 01D 0 C00 0 00E 0 C0D 0 009 1A0 000 1 8 2 06F 0 C03 1 062 0 001 0 05 ................
00A0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................
00B0: 02 01 01 00 00 00 1C 00 1A 00 00 17 70 6F 73 74 ............post
00C0: 70 72 6F 64 31 2E 72 61 74 65 74 69 67 65 72 2E prod1.ratetiger.
00D0: 63 6F 6D com
4 00 32 00 ......../.....2.
0050: 13 00 0A 01 00 00 7C 00 0A 00 34 00 32 00 17 00 ..........4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 qtp11284997-17, WRITE: TLSv1.2 Handshake, length = 211
.........[Raw write]: length = 216
......0.0
0000: 168 030 0: 113 0 000 D 023 0 010 0 120 00 040 000 05 00C 14F 0 030 0 083 00 165 007 6.0. .E6. .3.A. .7.1. . ..........
.0.0.9.0.: .W`0.:qB
000 020 011 000 0: D70 4 0D0 00 0 1A8 00 183 06F 03 06F 01F 05 9 C. .3.2. .9.C. . .F.1. .E.5. .2.3
00A0 : 031 056 0 6F1 E 047 0 193 4 046 01 0 3.@ . 03? 0.3.2 01. 02. 0.#3.o 02. 01. F02
0 0.2.0.: .A.4. .4.D. .0.E. .B.5. .7E
9F0 980 6FB 0 D: D02 FE 01 3B01 0000 0000 2A00 001C 3300 1A. M00. 00. 1.7..o .7.;0. .*6.3F
0030 : C07 043 0 740 1.6. .0.0. .0.5. .C.0. .post0
300C0 : 70 C072 6F1 641 3 C0 02 C0 07 C0 13 ................
0040: C0 08 C0 0C 00 FF C0 0D C0 0E C0 09 00 2F C0 12 ............./..
0050: 00 04 00 32 00 13 00 0A 01 00 00 7C 00 0A 00 34 ...2...........4
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ...1. .2...........
0090: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 1A 00 18 ................
00A0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ............E 72 61 74 65 74 69 67 65 72 2E prod1.ratetiger.
00D0: 63 6F 6D com
qtp11284997-18, WRITE: TLSv1.2 Handshake, length = 211
[Raw write]: length = 216
0000: 16 03 03 00 D3 01 00 00 CF 03 03 57 60 E6 3A 9C ...........W`.:.
0010: 5B 20 DF AA F4 12 F1 A9 A0 0F CC 1C CB F2 77 01 [ ..............
00B0: 02 03 02 01 02 02 01 01 00 00 00 1C 00 1A 00 00 ................
00C0: 17 70 6F 73 74 70 72 6F 64 31 2E 72 61 74 65 74 .postprod1.ratet
00D0: 69 67 65 72 2E 63 6F 6D iger.com
..w.
0020: 13 A4 51 03 3F B0 FF 2A 17 FC A4 00 00 2A 00 33 ..Q.?..*.....*.3
0030: C0 04 00 16 00 05 C0 03 C0 11 C0 02 C0 07 C0 13 ................
0040: C0 08 C0 0C 00 FF C0 0D C0 0E C0 09 00 2F C0 12 ............./..
0050: 00 04 00 32 00 13 00 0A 01 00 00 7C 00 0A 00 34 ...2...........4
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................
0090: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 1A 00 18 ................
00A0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ................
00B0: 02 03 02 01 02 02 01 01 00 00 00 1C 00 1A 00 00 ................
00C0: 17 70 6F 73 74 70 72 6F 64 31 2E 72 61 74 65 74 .postprod1.ratet
00D0: 69 67 65 72 2E 63 6F 6D iger.com
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
[Raw read]: length = 5
0000: 02000 280 : 15 03 03 00 02 .(
..qtp11284997-17, READ: TLSv1.2 Alert, length = 2
..qtp11284997-17, RECV TLSv1 ALERT: fatal, handshake_failure
.
[Raw read]: length = 2
0000: 02 28qtp11284997-17, called closeSocket()
qtp11284997-17, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
qtp11284997-17, called close()
.(qtp11284997-17, called closeInternal(true)
qtp11284997-18, READ: TLSv1.2 Alert, length = 2
qtp11284997-18, RECV TLSv1 ALERT: fatal, handshake_failure
2016-06-15 10:53:06,722 WARN [ride.intermediate.connect.ratetiger.ConnectRateTiger] -- Exception in InputStream Close--java.lang.NullPointerException
qtp11284997-17, called close()
qtp11284997-17, called closeInternal(true)
qtp11284997-18, called closeSocket()
qtp11284997-18, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
qtp11284997-18, called close()
qtp11284997-18, called closeInternal(true)
我在启动基于 swing 的应用程序时也遇到了类似的问题。似乎在 java7 的某些版本中,默认情况下未启用 TLS1.2。我启用了它,然后它工作正常。
您可以从 Java 控制面板 -> 高级 -> 单击 'Use TLS 1.2'
启用它
希望它也适用于您的情况。
如果您使用 SSLLabs 测试 URL,该网站允许 4 个密码:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
但是如果您阅读 ciphers list for Java 7,则不支持任何密码(也可以在调试消息中看到)。即使为 Java 7 启用 TLS 1.2,我认为它也找不到任何有效的密码。该站点必须更改其配置。
无需升级到 Java 8,您可以将 Java 7 版本升级到 1.7。0_131-b31
对于 JRE 1.7。0_131-b31 在 Oracle 站点中:
TLSv1.2 and TLSv1.1 are now enabled by default on the TLS client end-points. This is similar behavior to what already happens in JDK 8 releases.
当我尝试使用 Java 7 连接 URL(支持 TLS 1.2 且之前使用 Java 7 时运行良好的供应商之一 URL)时,我发现以下异常:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1943)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1059)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1321)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1305)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:523)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1087)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
所以我启用了 -Dhttps.protocols=TLSv1.2
、-Djavax.net.ssl.trustStore=<keystoreFilePath>
和 -Djavax.net.ssl.trustStorePassword=<password>
之后我也遇到了同样的问题。然后我将 Java 版本升级到 8,这样它就可以连接到 URL 而不会出现任何 SSL 问题。
根据 this blog,在 Java 8 中,TLS 1.2 是默认设置,TLS 1.2 可以通过 Java 7 中的 属性 -Dhttps.protocols
进行调整. 在 Java 7 中,如果我根据过去的经验启用上述属性,我可以毫无问题地访问 URL。
但是对于URL,我被要求升级Java版本。 Java 7 中提到的上述异常可能导致供应商方面发生什么变化?如果不升级 Java 8,我不能访问 URL 吗?
尝试使用 -Djavax.net.debug=all
时,我得到的结果低于 log
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
qtp11284997-17, setSoTimeout(0) called
qtp11284997-18, setSoTimeout(0) called
%% No cached client session
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: *** ClientHello, TLSv1.2
RandomCookie: GMT: 1465902650 bytes = { GMT: 1465902650 bytes = { 113156, , 91, 215, 64, 8, 63, 32, 255, 223, 156, 170, 50, 244, 156, 18, 241, 241, 229, 169, 35, 160, 22, 15, 111, 204, 231, 28, 25, 203, 70, 164, 77, 14, 181, 126, 159, 152, 111, 221, 254, 59 }
Session ID: {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [host_name: postprod1.ratetiger.com]
***
[write] MD5 and SHA1 hashes: len = 211
0000: 01 00 00 CF 03 03 57 60 E6 3A 71 D7 40 08 3F FF ......W`.:q.@.?.
0010: 9C 32 9C F1 E5 23 16 6F E7 19 46 A4 4D 0E B5 7E .2...#.o..F.M...
0020: 9F 98 6F DD FE 3B 00 00 2A 00 33 C0 04 00 16 00 ..o..;..*.3.....
0030: 05 C0 03 C0 11 C0 02 C0 07 C0 13 C0 08 C0 0C 00 ................
0040: FF C0 0D C0 0E C0 09 00 2F C0 12 00 04 00 32 00 ......../.....2.
0050: 13 00 0A 01 00 00 7C 00 0A 00 34 00 32 00 17 00 ..........4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0242, E119, 001, 0F19, 00164, 1081, 3, 0063, 176, 255, .42, .23, .252, .164 }
Session ID: .{}
..Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { .0 }
........
0080: 11Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
00Extension ec_point_formats, formats: [uncompressed]
02Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [host_name: postprod1.ratetiger.com]
***
[write] MD5 and SHA1 hashes: len = 211
0000: 01 00 00 CF 03 03 57 60 E6 3A 9C 5B 20 DF AA F4 ......W`.:.[ ...
0010: 12 F1 A9 A0 0F CC 1C CB F2 77 01 13 A4 51 03 3F .........w...Q.?
0020: B0 FF 2A 17 FC A4 00 00 2A 00 33 C0 04 00 16 00 ..*.....*.3.....
0030: 05 C0 03 C0 11 C0 02 C0 0700 C0 131 C02 0 008 0 C04 0C 000 0 . 0.5. .0.0 14 00 08 00 16 00 .......................
.0.0.4.0
0090: : 0BF 00F 0 C02 0 01D 0 C00 0 00E 0 C0D 0 009 1A0 000 1 8 2 06F 0 C03 1 062 0 001 0 05 ................
00A0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................
00B0: 02 01 01 00 00 00 1C 00 1A 00 00 17 70 6F 73 74 ............post
00C0: 70 72 6F 64 31 2E 72 61 74 65 74 69 67 65 72 2E prod1.ratetiger.
00D0: 63 6F 6D com
4 00 32 00 ......../.....2.
0050: 13 00 0A 01 00 00 7C 00 0A 00 34 00 32 00 17 00 ..........4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 qtp11284997-17, WRITE: TLSv1.2 Handshake, length = 211
.........[Raw write]: length = 216
......0.0
0000: 168 030 0: 113 0 000 D 023 0 010 0 120 00 040 000 05 00C 14F 0 030 0 083 00 165 007 6.0. .E6. .3.A. .7.1. . ..........
.0.0.9.0.: .W`0.:qB
000 020 011 000 0: D70 4 0D0 00 0 1A8 00 183 06F 03 06F 01F 05 9 C. .3.2. .9.C. . .F.1. .E.5. .2.3
00A0 : 031 056 0 6F1 E 047 0 193 4 046 01 0 3.@ . 03? 0.3.2 01. 02. 0.#3.o 02. 01. F02
0 0.2.0.: .A.4. .4.D. .0.E. .B.5. .7E
9F0 980 6FB 0 D: D02 FE 01 3B01 0000 0000 2A00 001C 3300 1A. M00. 00. 1.7..o .7.;0. .*6.3F
0030 : C07 043 0 740 1.6. .0.0. .0.5. .C.0. .post0
300C0 : 70 C072 6F1 641 3 C0 02 C0 07 C0 13 ................
0040: C0 08 C0 0C 00 FF C0 0D C0 0E C0 09 00 2F C0 12 ............./..
0050: 00 04 00 32 00 13 00 0A 01 00 00 7C 00 0A 00 34 ...2...........4
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ...1. .2...........
0090: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 1A 00 18 ................
00A0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ............E 72 61 74 65 74 69 67 65 72 2E prod1.ratetiger.
00D0: 63 6F 6D com
qtp11284997-18, WRITE: TLSv1.2 Handshake, length = 211
[Raw write]: length = 216
0000: 16 03 03 00 D3 01 00 00 CF 03 03 57 60 E6 3A 9C ...........W`.:.
0010: 5B 20 DF AA F4 12 F1 A9 A0 0F CC 1C CB F2 77 01 [ ..............
00B0: 02 03 02 01 02 02 01 01 00 00 00 1C 00 1A 00 00 ................
00C0: 17 70 6F 73 74 70 72 6F 64 31 2E 72 61 74 65 74 .postprod1.ratet
00D0: 69 67 65 72 2E 63 6F 6D iger.com
..w.
0020: 13 A4 51 03 3F B0 FF 2A 17 FC A4 00 00 2A 00 33 ..Q.?..*.....*.3
0030: C0 04 00 16 00 05 C0 03 C0 11 C0 02 C0 07 C0 13 ................
0040: C0 08 C0 0C 00 FF C0 0D C0 0E C0 09 00 2F C0 12 ............./..
0050: 00 04 00 32 00 13 00 0A 01 00 00 7C 00 0A 00 34 ...2...........4
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................
0090: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 1A 00 18 ................
00A0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ................
00B0: 02 03 02 01 02 02 01 01 00 00 00 1C 00 1A 00 00 ................
00C0: 17 70 6F 73 74 70 72 6F 64 31 2E 72 61 74 65 74 .postprod1.ratet
00D0: 69 67 65 72 2E 63 6F 6D iger.com
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
[Raw read]: length = 5
0000: 02000 280 : 15 03 03 00 02 .(
..qtp11284997-17, READ: TLSv1.2 Alert, length = 2
..qtp11284997-17, RECV TLSv1 ALERT: fatal, handshake_failure
.
[Raw read]: length = 2
0000: 02 28qtp11284997-17, called closeSocket()
qtp11284997-17, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
qtp11284997-17, called close()
.(qtp11284997-17, called closeInternal(true)
qtp11284997-18, READ: TLSv1.2 Alert, length = 2
qtp11284997-18, RECV TLSv1 ALERT: fatal, handshake_failure
2016-06-15 10:53:06,722 WARN [ride.intermediate.connect.ratetiger.ConnectRateTiger] -- Exception in InputStream Close--java.lang.NullPointerException
qtp11284997-17, called close()
qtp11284997-17, called closeInternal(true)
qtp11284997-18, called closeSocket()
qtp11284997-18, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
qtp11284997-18, called close()
qtp11284997-18, called closeInternal(true)
我在启动基于 swing 的应用程序时也遇到了类似的问题。似乎在 java7 的某些版本中,默认情况下未启用 TLS1.2。我启用了它,然后它工作正常。
您可以从 Java 控制面板 -> 高级 -> 单击 'Use TLS 1.2'
启用它希望它也适用于您的情况。
如果您使用 SSLLabs 测试 URL,该网站允许 4 个密码:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
但是如果您阅读 ciphers list for Java 7,则不支持任何密码(也可以在调试消息中看到)。即使为 Java 7 启用 TLS 1.2,我认为它也找不到任何有效的密码。该站点必须更改其配置。
无需升级到 Java 8,您可以将 Java 7 版本升级到 1.7。0_131-b31
对于 JRE 1.7。0_131-b31 在 Oracle 站点中:
TLSv1.2 and TLSv1.1 are now enabled by default on the TLS client end-points. This is similar behavior to what already happens in JDK 8 releases.