收到致命警报:handshake_failure,调试未显示原因

Received fatal alert: handshake_failure, debug does not show the cause

我正在尝试使用 Java HTTP 客户端从 HTTPS 服务器下载图像...

System.setProperty("javax.net.debug", "all");
System.setProperty("jsse.enableSNIExtension", "false");

 URL url = new URL("https://secureserver.com/media/hot-jlaw-image.jpg")
 HttpURLConnection urlConn =  url.openConnection()
 urlConn.setRequestMethod("GET")

 File myImg = new File("/Users/joe/Downloads/myImage.jpg")
 myImg.append(urlConn.getInputStream())

我的客户是 运行 Java 8。打开调试后,我看到了以下内容...

 *** ClientHello, TLSv1.2
 RandomCookie:  GMT: 1478629170 bytes = { 23, 147, 128, 164, 76, 36, 0, 143, 175, 43, 227, 154, 16, 212, 209, 112, 224, 227, 0, 109, 196, 178, 231, 43, 112, 198, 36, 235 }
 Session ID:  {}
 Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

main, WRITE: TLSv1.2 Handshake, length = 193

Caught: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[Raw read]: length = 5
0000: 15 03 03 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT:  fatal, handshake_failure

所以似乎发送了 Client Hello 和 Handshake,但除了有关握手失败的警报外,没有从服务器发回任何内容。

This answer 提出了可能发生此错误的几个原因,例如不兼容的密码套件或不完整的信任路径,并建议打开调试。

但在我的案例中,调试并没有揭示罪魁祸首。关于其他尝试的任何建议?

原来是这一行的问题

 System.setProperty("jsse.enableSNIExtension", "false");'

他们的服务器一定是虚拟的,因为some posts表明这不适用于此类服务器。