使用 Dropbox Java SDK for API v2 时出现 SSLHandshakeException
Getting SSLHandshakeException when using Dropbox Java SDK for API v2
在 XPages 应用程序中,我想为 API v2 使用 Dropbox Java SDK (2.1.2) 获取有关我的 Dropbox 帐户的信息。以下代码用于检索对应的账户对象:
String atoken = "****";
DbxRequestConfig rc = new DbxRequestConfig("****");
DbxClientV2 client = new DbxClientV2(rc,atoken);
DbxUserUsersRequests users = client.users();
FullAccount acc = users.getCurrentAccount(); // Exception raised here
最后一行引发了以下异常:
com.dropbox.core.NetworkIOException: No appropriate protocol
at com.dropbox.core.DbxRequestUtil.startPostRaw(DbxRequestUtil.java:240)
...
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol
at com.ibm.jsse2.kb.c(kb.java:347)
...
从堆栈跟踪中我得出结论,IBMJSSE2 是用于处理 SSL 握手的安全提供程序。所以我 运行 在非 Domino JVM (JRE7) 中使用上面的代码,它使用 SunJSSE 安全提供程序并且它没有任何问题地工作。因此问题一定与 IBM 的 Domino JVM 有关,但我不知道如何解决它。
任何人都可以帮助我解决这个问题或提供解决方案的提示吗?
附加信息:
Domino 服务器版本:9.0.1 FP4 HF70
Java 运行时版本:pwa6460sr16fp4-20150414_01 (SR16 FP4) [22B8:0002-1E88]
JVM 版本:JRE 1.6.0 IBM J9 2.4 Windows 7 amd64-64 jvmwa6460sr16fp4-20150406_242976(启用 JIT,启用 AOT)J9VM - 20150406_242976 JIT - r9_20150402_88984 GC - GA24_Java6_SR16_20150406_1410_B242976
Domino JVM 中已安装不受限制的 JCE 策略文件。
IBMJSSE2 安全提供程序的属性:
Alg.Alias.TrustManagerFactory.IbmPKIX = PKIX
Alg.Alias.TrustManagerFactory.X.509 = PKIX
Alg.Alias.TrustManagerFactory.X509 = PKIX
KeyManagerFactory.IbmX509 = com.ibm.jsse2.rc$a_
KeyManagerFactory.NewIbmX509 = com.ibm.jsse2.rc$b_
Provider.id className = com.ibm.jsse2.IBMJSSEProvider2
Provider.id info = IBM JSSE provider2 (implements IbmX509 key/trust factories, SSLv3, TLSv1)
Provider.id name = IBMJSSE2
Provider.id version = 1.6
SSLContext.Default = com.ibm.jsse2.tc
SSLContext.SSL = com.ibm.jsse2.uc
SSLContext.SSL_TLS = com.ibm.jsse2.vc
SSLContext.SSL_TLSv2 = com.ibm.jsse2.wc
SSLContext.TLS = com.ibm.jsse2.yc
SSLContext.TLSv1 = com.ibm.jsse2.zc
SSLContext.TLSv1.1 = com.ibm.jsse2.ad
SSLContext.TLSv1.2 = com.ibm.jsse2.bd
TrustManagerFactory.IbmX509 = com.ibm.jsse2.ed$b_
TrustManagerFactory.PKIX = com.ibm.jsse2.ed$a_
异常的完整堆栈跟踪:
com.dropbox.core.NetworkIOException: No appropriate protocol
at com.dropbox.core.DbxRequestUtil.startPostRaw(DbxRequestUtil.java:240)
at com.dropbox.core.v2.DbxRawClientV2.execute(DbxRawClientV2.java:100)
at com.dropbox.core.v2.DbxRawClientV2.executeRetriable(DbxRawClientV2.java:256)
at com.dropbox.core.v2.DbxRawClientV2.rpcStyle(DbxRawClientV2.java:97)
at com.dropbox.core.v2.users.DbxUserUsersRequests.getCurrentAccount(DbxUserUsersRequests.java:120)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.ibm.jscript.types.JavaAccessObject.call(JavaAccessObject.java:321)
at com.ibm.jscript.types.FBSObject.call(FBSObject.java:161)
at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:197)
at com.ibm.jscript.ASTTree.ASTAssign.interpret(ASTAssign.java:91)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTTry.interpret(ASTTry.java:109)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTTry.interpret(ASTTry.java:109)
at com.ibm.jscript.std.FunctionObject._executeFunction(FunctionObject.java:261)
at com.ibm.jscript.std.FunctionObject.executeFunction(FunctionObject.java:185)
at com.ibm.jscript.std.FunctionObject.call(FunctionObject.java:171)
at com.ibm.jscript.types.FBSObject.call(FBSObject.java:161)
at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:197)
at com.ibm.jscript.ASTTree.ASTAssign.interpret(ASTAssign.java:91)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTIf.interpret(ASTIf.java:85)
at com.ibm.jscript.ASTTree.ASTProgram.interpret(ASTProgram.java:119)
at com.ibm.jscript.types.FBSGlobalObject$GlobalMethod.call(FBSGlobalObject.java:280)
at com.ibm.jscript.types.FBSObject.call(FBSObject.java:161)
at com.ibm.jscript.types.FBSGlobalObject$GlobalMethod.call(FBSGlobalObject.java:219)
at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:197)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTIf.interpret(ASTIf.java:85)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTTry.interpret(ASTTry.java:109)
at com.ibm.jscript.std.FunctionObject._executeFunction(FunctionObject.java:261)
at com.ibm.jscript.std.FunctionObject.executeFunction(FunctionObject.java:185)
at com.ibm.jscript.std.FunctionObject.call(FunctionObject.java:171)
at com.ibm.jscript.std.FunctionPrototype$FunctionMethod.call(FunctionPrototype.java:169)
at com.ibm.jscript.types.FBSObject.call(FBSObject.java:161)
at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:197)
at com.ibm.jscript.ASTTree.ASTAssign.interpret(ASTAssign.java:91)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTIf.interpret(ASTIf.java:85)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTTry.interpret(ASTTry.java:109)
at com.ibm.jscript.ASTTree.ASTProgram.interpret(ASTProgram.java:119)
at com.ibm.jscript.ASTTree.ASTProgram.interpretEx(ASTProgram.java:139)
at com.ibm.jscript.JSExpression._interpretExpression(JSExpression.java:435)
at com.ibm.jscript.JSExpression.access(JSExpression.java:424)
at com.ibm.jscript.JSExpression.run(JSExpression.java:414)
at java.security.AccessController.doPrivileged(AccessController.java:448)
at com.ibm.jscript.JSExpression.interpretExpression(JSExpression.java:410)
at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:251)
at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:234)
at com.ibm.xsp.javascript.JavaScriptInterpreter.interpret(JavaScriptInterpreter.java:222)
at com.ibm.xsp.binding.javascript.JavaScriptMethodBinding.invoke(JavaScriptMethodBinding.java:111)
at com.ibm.xsp.component.UIViewRootEx.invokePhaseMethodBinding(UIViewRootEx.java:1735)
at com.ibm.xsp.controller.FacesControllerImpl.invokePhaseMethodBinding(FacesControllerImpl.java:450)
at com.ibm.xsp.controller.FacesControllerImpl.access[=15=](FacesControllerImpl.java:444)
at com.ibm.xsp.controller.FacesControllerImpl$ViewPhaseListener.afterPhase(FacesControllerImpl.java:512)
at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:218)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:120)
at com.ibm.xsp.controller.FacesControllerImpl.render(FacesControllerImpl.java:270)
at com.ibm.xsp.webapp.FacesServlet.serviceView(FacesServlet.java:261)
at com.ibm.xsp.webapp.FacesServletEx.serviceView(FacesServletEx.java:157)
at com.ibm.xsp.webapp.FacesServlet.service(FacesServlet.java:160)
at com.ibm.xsp.webapp.FacesServletEx.service(FacesServletEx.java:138)
at com.ibm.xsp.webapp.DesignerFacesServlet.service(DesignerFacesServlet.java:103)
at com.ibm.designer.runtime.domino.adapter.ComponentModule.invokeServlet(ComponentModule.java:576)
at com.ibm.domino.xsp.module.nsf.NSFComponentModule.invokeServlet(NSFComponentModule.java:1335)
at com.ibm.designer.runtime.domino.adapter.ComponentModule$AdapterInvoker.invokeServlet(ComponentModule.java:853)
at com.ibm.designer.runtime.domino.adapter.ComponentModule$ServletInvoker.doService(ComponentModule.java:796)
at com.ibm.designer.runtime.domino.adapter.ComponentModule.doService(ComponentModule.java:565)
at com.ibm.domino.xsp.module.nsf.NSFComponentModule.doService(NSFComponentModule.java:1319)
at com.ibm.domino.xsp.module.nsf.NSFService.doServiceInternal(NSFService.java:662)
at com.ibm.domino.xsp.module.nsf.NSFService.doService(NSFService.java:482)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.doService(LCDEnvironment.java:357)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.service(LCDEnvironment.java:313)
at com.ibm.domino.xsp.bridge.http.engine.XspCmdManager.service(XspCmdManager.java:272)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol
at com.ibm.jsse2.kb.c(kb.java:347)
at com.ibm.jsse2.SSLSocketImpl.i(SSLSocketImpl.java:363)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:650)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:669)
at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:95)
at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:162)
at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:36)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1044)
at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:53)
at com.dropbox.core.http.StandardHttpRequestor.getOutputStream(StandardHttpRequestor.java:123)
at com.dropbox.core.http.StandardHttpRequestor.access[=15=]0(StandardHttpRequestor.java:28)
at com.dropbox.core.http.StandardHttpRequestor$Uploader.(StandardHttpRequestor.java:133)
at com.dropbox.core.http.StandardHttpRequestor.startPost(StandardHttpRequestor.java:72)
at com.dropbox.core.http.StandardHttpRequestor.startPost(StandardHttpRequestor.java:28)
at com.dropbox.core.DbxRequestUtil.startPostRaw(DbxRequestUtil.java:232)
...
更新:设置 javax.net.debug=ssl:handshake:data 后(如 Jigar Joshi 所建议)错误日志和跟踪日志提供以下附加信息:
证书主题 EMAILADDRESS=****, CN=****, O=****, L=****, ST=****, C=****,由 CN=****, OU=****, O=****, C=****, 发布的不可信。验证失败,错误 3659.
CommonBaseEventLogRecord:sourceClassName = com.ibm.domino.napi.ssl.DominoX509TrustManager
CommonBaseEventLogRecord:sourceMethodName = checkServerTrusted
<sourcecomponentid component="Expeditor 6.2" componentidtype="ProductName" instanceid="" location="****" locationtype="Hostname" subcomponent="com.ibm.domino.napi.ssl" threadid="5" componenttype="http://www.w3.org/2001/XMLSchema-instance">
不受信任的证书是我自己的,即使所有证书和私钥都已导入到我的密钥库中。密钥库在非 Domino JVM 中工作的事实让我得出结论,密钥库文件应该是有效的。然而,当 运行 Domino JVM 中的代码时,证书仍然不受信任。
Update:调试输出的核心部分(javax.net.debug=ssl:handshake)是
SSLContextImpl: Using X509ExtendedKeyManager com.ibm.jsse2.hd
SSLContextImpl: Using X509TrustManager com.ibm.jsse2.pc
IBMJSSE2 will ignore com.ibm.jsse2.overrideDefaultProtocol since was set to a non recognized value TLSv1
Installed Providers = IBMJSSE2, IBMJCE, IBMJGSSProvider, IBMCertPath, IBMSASL, IBMXMLCRYPTO, IBMXMLEnc, Policy, IBMSPNEGO
JsseJCE: Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.2
trigger seeding of SecureRandom
done seeding SecureRandom
IBMJSSE2 will enable CBC protection
IBMJSSE2 to send SCSV Cipher Suite on initial ClientHello
JsseJCE: Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.2
IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default
IBMJSSE2 will not allow unsafe server certificate change during renegotiation per jdk.tls.allowUnsafeServerCertChange set to FALSE or default
Is initial handshake: true
JsseJCE: Using KeyAgreement ECDH from provider IBMJCE version 1.2
JsseJCE: Using signature SHA1withECDSA from provider TBD via init
JsseJCE: Using signature NONEwithECDSA from provider TBD via init
JsseJCE: Using KeyFactory EC from provider IBMJCE version 1.2
JsseJCE: Using KeyPairGenerator EC from provider TBD via init
JsseJce: EC is available
Ignoring disabled cipher suite: SSL_RENEGO_PROTECTION_REQUEST for TLSv1
No available cipher suite for TLSv1
Thread-8, handling exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol
Thread-8, SEND TLSv1 ALERT: fatal,
description = handshake_failure
"TLSv1 没有可用的密码套件" 似乎是我问题的根源。
更新:获取默认的 SSL 服务器套接字工厂 (SSLServerSocketFactory.getDefault()) 以及相应的默认和支持的密码套件 (getDefaultCipherSuites() / getSupportedCipherSuites()) 显示只有 SSL 密码套件可用:
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA [supported]
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA [default]
SSL_DHE_DSS_WITH_AES_128_CBC_SHA [default]
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 [supported]
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 [supported]
SSL_DHE_DSS_WITH_AES_256_CBC_SHA [default]
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 [supported]
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 [supported]
SSL_DHE_DSS_WITH_DES_CBC_SHA [default]
SSL_DHE_DSS_WITH_RC4_128_SHA [supported]
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA [supported]
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA [default]
SSL_DHE_RSA_WITH_AES_128_CBC_SHA [default]
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_DHE_RSA_WITH_AES_256_CBC_SHA [default]
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 [supported]
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_DHE_RSA_WITH_DES_CBC_SHA [default]
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA [supported]
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 [supported]
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA [supported]
SSL_DH_anon_WITH_AES_128_CBC_SHA [supported]
SSL_DH_anon_WITH_AES_128_CBC_SHA256 [supported]
SSL_DH_anon_WITH_AES_128_GCM_SHA256 [supported]
SSL_DH_anon_WITH_AES_256_CBC_SHA [supported]
SSL_DH_anon_WITH_AES_256_CBC_SHA256 [supported]
SSL_DH_anon_WITH_AES_256_GCM_SHA384 [supported]
SSL_DH_anon_WITH_DES_CBC_SHA [supported]
SSL_DH_anon_WITH_RC4_128_MD5 [supported]
SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA [supported]
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [supported]
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [supported]
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [supported]
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_ECDHE_ECDSA_WITH_NULL_SHA [supported]
SSL_ECDHE_ECDSA_WITH_RC4_128_SHA [supported]
SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [supported]
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA [supported]
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA [supported]
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [supported]
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_ECDHE_RSA_WITH_NULL_SHA [supported]
SSL_ECDHE_RSA_WITH_RC4_128_SHA [supported]
SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA [supported]
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA [supported]
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA [supported]
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 [supported]
SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_ECDH_ECDSA_WITH_NULL_SHA [supported]
SSL_ECDH_ECDSA_WITH_RC4_128_SHA [supported]
SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA [supported]
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA [supported]
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA [supported]
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384 [supported]
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_ECDH_RSA_WITH_NULL_SHA [supported]
SSL_ECDH_RSA_WITH_RC4_128_SHA [supported]
SSL_ECDH_anon_WITH_3DES_EDE_CBC_SHA [supported]
SSL_ECDH_anon_WITH_AES_128_CBC_SHA [supported]
SSL_ECDH_anon_WITH_AES_256_CBC_SHA [supported]
SSL_ECDH_anon_WITH_NULL_SHA [supported]
SSL_ECDH_anon_WITH_RC4_128_SHA [supported]
SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5 [supported]
SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA [supported]
SSL_KRB5_EXPORT_WITH_RC4_40_MD5 [supported]
SSL_KRB5_EXPORT_WITH_RC4_40_SHA [supported]
SSL_KRB5_WITH_3DES_EDE_CBC_MD5 [supported]
SSL_KRB5_WITH_3DES_EDE_CBC_SHA [supported]
SSL_KRB5_WITH_DES_CBC_MD5 [supported]
SSL_KRB5_WITH_DES_CBC_SHA [supported]
SSL_KRB5_WITH_RC4_128_MD5 [supported]
SSL_KRB5_WITH_RC4_128_SHA [supported]
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA [supported]
SSL_RSA_EXPORT_WITH_RC4_40_MD5 [supported]
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA [default]
SSL_RSA_FIPS_WITH_DES_CBC_SHA [default]
SSL_RSA_WITH_3DES_EDE_CBC_SHA [default]
SSL_RSA_WITH_AES_128_CBC_SHA [default]
SSL_RSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_RSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_RSA_WITH_AES_256_CBC_SHA [default]
SSL_RSA_WITH_AES_256_CBC_SHA256 [supported]
SSL_RSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_RSA_WITH_DES_CBC_SHA [default]
SSL_RSA_WITH_NULL_MD5 [supported]
SSL_RSA_WITH_NULL_SHA [supported]
SSL_RSA_WITH_NULL_SHA256 [supported]
SSL_RSA_WITH_RC4_128_MD5 [supported]
SSL_RSA_WITH_RC4_128_SHA [supported]
谁能告诉我如何在服务器套接字工厂中使用 TLS 密码套件?
回复
com.dropbox.core.NetworkIOException: No appropriate protocol
我最好的猜测是这一行强烈暗示了您的问题:
Provider.id info = IBM JSSE provider2 (implements IbmX509 key/trust factories, SSLv3, TLSv1)
"No appropriate protocol" 听起来可能是在告诉您端点不支持 SSLv3 或 TLSv1。
我不知道 Dropbox,但由于已知的安全问题,许多服务提供商正在弃用那些旧协议。
您可能会在 these two IBM technotes 中找到一些有用的信息。
问题似乎是 Dropbox Java SDK limits the enabled cipher suites in the SSL sockets based on a hard-coded list. All relevant cipher suite names in that list 以“TLS_”开头。但是,在 Domino JVM 密码套件名称中始终以“SSL_”开头,即使它们相关的 SSL 上下文具有协议 TLSv1 或更高版本。
我现在已经停止使用 Dropbox Java SDK 并开始使用 Dropbox API 通过使用 HttpsUrlConnection 发布 HTTP 帖子。这不如 Java SDK 方便,但至少与 TLSv1 的 SSL 握手按预期工作。
在 XPages 应用程序中,我想为 API v2 使用 Dropbox Java SDK (2.1.2) 获取有关我的 Dropbox 帐户的信息。以下代码用于检索对应的账户对象:
String atoken = "****";
DbxRequestConfig rc = new DbxRequestConfig("****");
DbxClientV2 client = new DbxClientV2(rc,atoken);
DbxUserUsersRequests users = client.users();
FullAccount acc = users.getCurrentAccount(); // Exception raised here
最后一行引发了以下异常:
com.dropbox.core.NetworkIOException: No appropriate protocol
at com.dropbox.core.DbxRequestUtil.startPostRaw(DbxRequestUtil.java:240)
...
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol
at com.ibm.jsse2.kb.c(kb.java:347)
...
从堆栈跟踪中我得出结论,IBMJSSE2 是用于处理 SSL 握手的安全提供程序。所以我 运行 在非 Domino JVM (JRE7) 中使用上面的代码,它使用 SunJSSE 安全提供程序并且它没有任何问题地工作。因此问题一定与 IBM 的 Domino JVM 有关,但我不知道如何解决它。
任何人都可以帮助我解决这个问题或提供解决方案的提示吗?
附加信息:
Domino 服务器版本:9.0.1 FP4 HF70
Java 运行时版本:pwa6460sr16fp4-20150414_01 (SR16 FP4) [22B8:0002-1E88]
JVM 版本:JRE 1.6.0 IBM J9 2.4 Windows 7 amd64-64 jvmwa6460sr16fp4-20150406_242976(启用 JIT,启用 AOT)J9VM - 20150406_242976 JIT - r9_20150402_88984 GC - GA24_Java6_SR16_20150406_1410_B242976
Domino JVM 中已安装不受限制的 JCE 策略文件。
IBMJSSE2 安全提供程序的属性:
Alg.Alias.TrustManagerFactory.IbmPKIX = PKIX
Alg.Alias.TrustManagerFactory.X.509 = PKIX
Alg.Alias.TrustManagerFactory.X509 = PKIX
KeyManagerFactory.IbmX509 = com.ibm.jsse2.rc$a_
KeyManagerFactory.NewIbmX509 = com.ibm.jsse2.rc$b_
Provider.id className = com.ibm.jsse2.IBMJSSEProvider2
Provider.id info = IBM JSSE provider2 (implements IbmX509 key/trust factories, SSLv3, TLSv1)
Provider.id name = IBMJSSE2
Provider.id version = 1.6
SSLContext.Default = com.ibm.jsse2.tc
SSLContext.SSL = com.ibm.jsse2.uc
SSLContext.SSL_TLS = com.ibm.jsse2.vc
SSLContext.SSL_TLSv2 = com.ibm.jsse2.wc
SSLContext.TLS = com.ibm.jsse2.yc
SSLContext.TLSv1 = com.ibm.jsse2.zc
SSLContext.TLSv1.1 = com.ibm.jsse2.ad
SSLContext.TLSv1.2 = com.ibm.jsse2.bd
TrustManagerFactory.IbmX509 = com.ibm.jsse2.ed$b_
TrustManagerFactory.PKIX = com.ibm.jsse2.ed$a_
异常的完整堆栈跟踪:
com.dropbox.core.NetworkIOException: No appropriate protocol
at com.dropbox.core.DbxRequestUtil.startPostRaw(DbxRequestUtil.java:240)
at com.dropbox.core.v2.DbxRawClientV2.execute(DbxRawClientV2.java:100)
at com.dropbox.core.v2.DbxRawClientV2.executeRetriable(DbxRawClientV2.java:256)
at com.dropbox.core.v2.DbxRawClientV2.rpcStyle(DbxRawClientV2.java:97)
at com.dropbox.core.v2.users.DbxUserUsersRequests.getCurrentAccount(DbxUserUsersRequests.java:120)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.ibm.jscript.types.JavaAccessObject.call(JavaAccessObject.java:321)
at com.ibm.jscript.types.FBSObject.call(FBSObject.java:161)
at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:197)
at com.ibm.jscript.ASTTree.ASTAssign.interpret(ASTAssign.java:91)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTTry.interpret(ASTTry.java:109)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTTry.interpret(ASTTry.java:109)
at com.ibm.jscript.std.FunctionObject._executeFunction(FunctionObject.java:261)
at com.ibm.jscript.std.FunctionObject.executeFunction(FunctionObject.java:185)
at com.ibm.jscript.std.FunctionObject.call(FunctionObject.java:171)
at com.ibm.jscript.types.FBSObject.call(FBSObject.java:161)
at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:197)
at com.ibm.jscript.ASTTree.ASTAssign.interpret(ASTAssign.java:91)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTIf.interpret(ASTIf.java:85)
at com.ibm.jscript.ASTTree.ASTProgram.interpret(ASTProgram.java:119)
at com.ibm.jscript.types.FBSGlobalObject$GlobalMethod.call(FBSGlobalObject.java:280)
at com.ibm.jscript.types.FBSObject.call(FBSObject.java:161)
at com.ibm.jscript.types.FBSGlobalObject$GlobalMethod.call(FBSGlobalObject.java:219)
at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:197)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTIf.interpret(ASTIf.java:85)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTTry.interpret(ASTTry.java:109)
at com.ibm.jscript.std.FunctionObject._executeFunction(FunctionObject.java:261)
at com.ibm.jscript.std.FunctionObject.executeFunction(FunctionObject.java:185)
at com.ibm.jscript.std.FunctionObject.call(FunctionObject.java:171)
at com.ibm.jscript.std.FunctionPrototype$FunctionMethod.call(FunctionPrototype.java:169)
at com.ibm.jscript.types.FBSObject.call(FBSObject.java:161)
at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:197)
at com.ibm.jscript.ASTTree.ASTAssign.interpret(ASTAssign.java:91)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTIf.interpret(ASTIf.java:85)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
at com.ibm.jscript.ASTTree.ASTTry.interpret(ASTTry.java:109)
at com.ibm.jscript.ASTTree.ASTProgram.interpret(ASTProgram.java:119)
at com.ibm.jscript.ASTTree.ASTProgram.interpretEx(ASTProgram.java:139)
at com.ibm.jscript.JSExpression._interpretExpression(JSExpression.java:435)
at com.ibm.jscript.JSExpression.access(JSExpression.java:424)
at com.ibm.jscript.JSExpression.run(JSExpression.java:414)
at java.security.AccessController.doPrivileged(AccessController.java:448)
at com.ibm.jscript.JSExpression.interpretExpression(JSExpression.java:410)
at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:251)
at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:234)
at com.ibm.xsp.javascript.JavaScriptInterpreter.interpret(JavaScriptInterpreter.java:222)
at com.ibm.xsp.binding.javascript.JavaScriptMethodBinding.invoke(JavaScriptMethodBinding.java:111)
at com.ibm.xsp.component.UIViewRootEx.invokePhaseMethodBinding(UIViewRootEx.java:1735)
at com.ibm.xsp.controller.FacesControllerImpl.invokePhaseMethodBinding(FacesControllerImpl.java:450)
at com.ibm.xsp.controller.FacesControllerImpl.access[=15=](FacesControllerImpl.java:444)
at com.ibm.xsp.controller.FacesControllerImpl$ViewPhaseListener.afterPhase(FacesControllerImpl.java:512)
at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:218)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:120)
at com.ibm.xsp.controller.FacesControllerImpl.render(FacesControllerImpl.java:270)
at com.ibm.xsp.webapp.FacesServlet.serviceView(FacesServlet.java:261)
at com.ibm.xsp.webapp.FacesServletEx.serviceView(FacesServletEx.java:157)
at com.ibm.xsp.webapp.FacesServlet.service(FacesServlet.java:160)
at com.ibm.xsp.webapp.FacesServletEx.service(FacesServletEx.java:138)
at com.ibm.xsp.webapp.DesignerFacesServlet.service(DesignerFacesServlet.java:103)
at com.ibm.designer.runtime.domino.adapter.ComponentModule.invokeServlet(ComponentModule.java:576)
at com.ibm.domino.xsp.module.nsf.NSFComponentModule.invokeServlet(NSFComponentModule.java:1335)
at com.ibm.designer.runtime.domino.adapter.ComponentModule$AdapterInvoker.invokeServlet(ComponentModule.java:853)
at com.ibm.designer.runtime.domino.adapter.ComponentModule$ServletInvoker.doService(ComponentModule.java:796)
at com.ibm.designer.runtime.domino.adapter.ComponentModule.doService(ComponentModule.java:565)
at com.ibm.domino.xsp.module.nsf.NSFComponentModule.doService(NSFComponentModule.java:1319)
at com.ibm.domino.xsp.module.nsf.NSFService.doServiceInternal(NSFService.java:662)
at com.ibm.domino.xsp.module.nsf.NSFService.doService(NSFService.java:482)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.doService(LCDEnvironment.java:357)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.service(LCDEnvironment.java:313)
at com.ibm.domino.xsp.bridge.http.engine.XspCmdManager.service(XspCmdManager.java:272)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol
at com.ibm.jsse2.kb.c(kb.java:347)
at com.ibm.jsse2.SSLSocketImpl.i(SSLSocketImpl.java:363)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:650)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:669)
at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:95)
at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:162)
at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:36)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1044)
at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:53)
at com.dropbox.core.http.StandardHttpRequestor.getOutputStream(StandardHttpRequestor.java:123)
at com.dropbox.core.http.StandardHttpRequestor.access[=15=]0(StandardHttpRequestor.java:28)
at com.dropbox.core.http.StandardHttpRequestor$Uploader.(StandardHttpRequestor.java:133)
at com.dropbox.core.http.StandardHttpRequestor.startPost(StandardHttpRequestor.java:72)
at com.dropbox.core.http.StandardHttpRequestor.startPost(StandardHttpRequestor.java:28)
at com.dropbox.core.DbxRequestUtil.startPostRaw(DbxRequestUtil.java:232)
...
更新:设置 javax.net.debug=ssl:handshake:data 后(如 Jigar Joshi 所建议)错误日志和跟踪日志提供以下附加信息:
证书主题 EMAILADDRESS=****, CN=****, O=****, L=****, ST=****, C=****,由 CN=****, OU=****, O=****, C=****, 发布的不可信。验证失败,错误 3659.
CommonBaseEventLogRecord:sourceClassName = com.ibm.domino.napi.ssl.DominoX509TrustManager
CommonBaseEventLogRecord:sourceMethodName = checkServerTrusted
<sourcecomponentid component="Expeditor 6.2" componentidtype="ProductName" instanceid="" location="****" locationtype="Hostname" subcomponent="com.ibm.domino.napi.ssl" threadid="5" componenttype="http://www.w3.org/2001/XMLSchema-instance">
不受信任的证书是我自己的,即使所有证书和私钥都已导入到我的密钥库中。密钥库在非 Domino JVM 中工作的事实让我得出结论,密钥库文件应该是有效的。然而,当 运行 Domino JVM 中的代码时,证书仍然不受信任。
Update:调试输出的核心部分(javax.net.debug=ssl:handshake)是
SSLContextImpl: Using X509ExtendedKeyManager com.ibm.jsse2.hd
SSLContextImpl: Using X509TrustManager com.ibm.jsse2.pc
IBMJSSE2 will ignore com.ibm.jsse2.overrideDefaultProtocol since was set to a non recognized value TLSv1
Installed Providers = IBMJSSE2, IBMJCE, IBMJGSSProvider, IBMCertPath, IBMSASL, IBMXMLCRYPTO, IBMXMLEnc, Policy, IBMSPNEGO
JsseJCE: Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.2
trigger seeding of SecureRandom
done seeding SecureRandom
IBMJSSE2 will enable CBC protection
IBMJSSE2 to send SCSV Cipher Suite on initial ClientHello
JsseJCE: Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.2
IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default
IBMJSSE2 will not allow unsafe server certificate change during renegotiation per jdk.tls.allowUnsafeServerCertChange set to FALSE or default
Is initial handshake: true
JsseJCE: Using KeyAgreement ECDH from provider IBMJCE version 1.2
JsseJCE: Using signature SHA1withECDSA from provider TBD via init
JsseJCE: Using signature NONEwithECDSA from provider TBD via init
JsseJCE: Using KeyFactory EC from provider IBMJCE version 1.2
JsseJCE: Using KeyPairGenerator EC from provider TBD via init
JsseJce: EC is available
Ignoring disabled cipher suite: SSL_RENEGO_PROTECTION_REQUEST for TLSv1
No available cipher suite for TLSv1
Thread-8, handling exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol
Thread-8, SEND TLSv1 ALERT: fatal,
description = handshake_failure
"TLSv1 没有可用的密码套件" 似乎是我问题的根源。
更新:获取默认的 SSL 服务器套接字工厂 (SSLServerSocketFactory.getDefault()) 以及相应的默认和支持的密码套件 (getDefaultCipherSuites() / getSupportedCipherSuites()) 显示只有 SSL 密码套件可用:
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA [supported]
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA [default]
SSL_DHE_DSS_WITH_AES_128_CBC_SHA [default]
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 [supported]
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 [supported]
SSL_DHE_DSS_WITH_AES_256_CBC_SHA [default]
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 [supported]
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 [supported]
SSL_DHE_DSS_WITH_DES_CBC_SHA [default]
SSL_DHE_DSS_WITH_RC4_128_SHA [supported]
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA [supported]
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA [default]
SSL_DHE_RSA_WITH_AES_128_CBC_SHA [default]
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_DHE_RSA_WITH_AES_256_CBC_SHA [default]
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 [supported]
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_DHE_RSA_WITH_DES_CBC_SHA [default]
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA [supported]
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 [supported]
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA [supported]
SSL_DH_anon_WITH_AES_128_CBC_SHA [supported]
SSL_DH_anon_WITH_AES_128_CBC_SHA256 [supported]
SSL_DH_anon_WITH_AES_128_GCM_SHA256 [supported]
SSL_DH_anon_WITH_AES_256_CBC_SHA [supported]
SSL_DH_anon_WITH_AES_256_CBC_SHA256 [supported]
SSL_DH_anon_WITH_AES_256_GCM_SHA384 [supported]
SSL_DH_anon_WITH_DES_CBC_SHA [supported]
SSL_DH_anon_WITH_RC4_128_MD5 [supported]
SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA [supported]
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [supported]
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [supported]
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [supported]
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_ECDHE_ECDSA_WITH_NULL_SHA [supported]
SSL_ECDHE_ECDSA_WITH_RC4_128_SHA [supported]
SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [supported]
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA [supported]
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA [supported]
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [supported]
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_ECDHE_RSA_WITH_NULL_SHA [supported]
SSL_ECDHE_RSA_WITH_RC4_128_SHA [supported]
SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA [supported]
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA [supported]
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA [supported]
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 [supported]
SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_ECDH_ECDSA_WITH_NULL_SHA [supported]
SSL_ECDH_ECDSA_WITH_RC4_128_SHA [supported]
SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA [supported]
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA [supported]
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA [supported]
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384 [supported]
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_ECDH_RSA_WITH_NULL_SHA [supported]
SSL_ECDH_RSA_WITH_RC4_128_SHA [supported]
SSL_ECDH_anon_WITH_3DES_EDE_CBC_SHA [supported]
SSL_ECDH_anon_WITH_AES_128_CBC_SHA [supported]
SSL_ECDH_anon_WITH_AES_256_CBC_SHA [supported]
SSL_ECDH_anon_WITH_NULL_SHA [supported]
SSL_ECDH_anon_WITH_RC4_128_SHA [supported]
SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5 [supported]
SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA [supported]
SSL_KRB5_EXPORT_WITH_RC4_40_MD5 [supported]
SSL_KRB5_EXPORT_WITH_RC4_40_SHA [supported]
SSL_KRB5_WITH_3DES_EDE_CBC_MD5 [supported]
SSL_KRB5_WITH_3DES_EDE_CBC_SHA [supported]
SSL_KRB5_WITH_DES_CBC_MD5 [supported]
SSL_KRB5_WITH_DES_CBC_SHA [supported]
SSL_KRB5_WITH_RC4_128_MD5 [supported]
SSL_KRB5_WITH_RC4_128_SHA [supported]
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA [supported]
SSL_RSA_EXPORT_WITH_RC4_40_MD5 [supported]
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA [default]
SSL_RSA_FIPS_WITH_DES_CBC_SHA [default]
SSL_RSA_WITH_3DES_EDE_CBC_SHA [default]
SSL_RSA_WITH_AES_128_CBC_SHA [default]
SSL_RSA_WITH_AES_128_CBC_SHA256 [supported]
SSL_RSA_WITH_AES_128_GCM_SHA256 [supported]
SSL_RSA_WITH_AES_256_CBC_SHA [default]
SSL_RSA_WITH_AES_256_CBC_SHA256 [supported]
SSL_RSA_WITH_AES_256_GCM_SHA384 [supported]
SSL_RSA_WITH_DES_CBC_SHA [default]
SSL_RSA_WITH_NULL_MD5 [supported]
SSL_RSA_WITH_NULL_SHA [supported]
SSL_RSA_WITH_NULL_SHA256 [supported]
SSL_RSA_WITH_RC4_128_MD5 [supported]
SSL_RSA_WITH_RC4_128_SHA [supported]
谁能告诉我如何在服务器套接字工厂中使用 TLS 密码套件?
回复
com.dropbox.core.NetworkIOException: No appropriate protocol
我最好的猜测是这一行强烈暗示了您的问题:
Provider.id info = IBM JSSE provider2 (implements IbmX509 key/trust factories, SSLv3, TLSv1)
"No appropriate protocol" 听起来可能是在告诉您端点不支持 SSLv3 或 TLSv1。
我不知道 Dropbox,但由于已知的安全问题,许多服务提供商正在弃用那些旧协议。
您可能会在 these two IBM technotes 中找到一些有用的信息。
问题似乎是 Dropbox Java SDK limits the enabled cipher suites in the SSL sockets based on a hard-coded list. All relevant cipher suite names in that list 以“TLS_”开头。但是,在 Domino JVM 密码套件名称中始终以“SSL_”开头,即使它们相关的 SSL 上下文具有协议 TLSv1 或更高版本。
我现在已经停止使用 Dropbox Java SDK 并开始使用 Dropbox API 通过使用 HttpsUrlConnection 发布 HTTP 帖子。这不如 Java SDK 方便,但至少与 TLSv1 的 SSL 握手按预期工作。