收到致命警报:handshake_failure,调试未显示原因
Received fatal alert: handshake_failure, debug does not show the cause
我正在尝试使用 Java HTTP 客户端从 HTTPS 服务器下载图像...
System.setProperty("javax.net.debug", "all");
System.setProperty("jsse.enableSNIExtension", "false");
URL url = new URL("https://secureserver.com/media/hot-jlaw-image.jpg")
HttpURLConnection urlConn = url.openConnection()
urlConn.setRequestMethod("GET")
File myImg = new File("/Users/joe/Downloads/myImage.jpg")
myImg.append(urlConn.getInputStream())
我的客户是 运行 Java 8。打开调试后,我看到了以下内容...
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1478629170 bytes = { 23, 147, 128, 164, 76, 36, 0, 143, 175, 43, 227, 154, 16, 212, 209, 112, 224, 227, 0, 109, 196, 178, 231, 43, 112, 198, 36, 235 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
main, WRITE: TLSv1.2 Handshake, length = 193
Caught: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
所以似乎发送了 Client Hello 和 Handshake,但除了有关握手失败的警报外,没有从服务器发回任何内容。
This answer 提出了可能发生此错误的几个原因,例如不兼容的密码套件或不完整的信任路径,并建议打开调试。
但在我的案例中,调试并没有揭示罪魁祸首。关于其他尝试的任何建议?
原来是这一行的问题
System.setProperty("jsse.enableSNIExtension", "false");'
他们的服务器一定是虚拟的,因为some posts表明这不适用于此类服务器。
我正在尝试使用 Java HTTP 客户端从 HTTPS 服务器下载图像...
System.setProperty("javax.net.debug", "all");
System.setProperty("jsse.enableSNIExtension", "false");
URL url = new URL("https://secureserver.com/media/hot-jlaw-image.jpg")
HttpURLConnection urlConn = url.openConnection()
urlConn.setRequestMethod("GET")
File myImg = new File("/Users/joe/Downloads/myImage.jpg")
myImg.append(urlConn.getInputStream())
我的客户是 运行 Java 8。打开调试后,我看到了以下内容...
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1478629170 bytes = { 23, 147, 128, 164, 76, 36, 0, 143, 175, 43, 227, 154, 16, 212, 209, 112, 224, 227, 0, 109, 196, 178, 231, 43, 112, 198, 36, 235 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
main, WRITE: TLSv1.2 Handshake, length = 193
Caught: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
所以似乎发送了 Client Hello 和 Handshake,但除了有关握手失败的警报外,没有从服务器发回任何内容。
This answer 提出了可能发生此错误的几个原因,例如不兼容的密码套件或不完整的信任路径,并建议打开调试。
但在我的案例中,调试并没有揭示罪魁祸首。关于其他尝试的任何建议?
原来是这一行的问题
System.setProperty("jsse.enableSNIExtension", "false");'
他们的服务器一定是虚拟的,因为some posts表明这不适用于此类服务器。