Java8、JBoss AS5、SSLException:"Received fatal alert: handshake_failure"
Java8, JBoss AS5, SSLException: "Received fatal alert: handshake_failure"
我的 java 应用程序是 运行 by JBoss AS 5。我试图通过 URL 连接以下载图像,但我收到下一个异常: javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure
我已将 trust-managet 配置为 "all-trusting trust manager":
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
HostnameVerifier hv = new HostnameVerifier() {
@Override
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
我的简单java代码:
URL url = new URL("https://cdn.hotelbeds.com/giata/62/623081/623081a_hb_ro_007.jpg");
url.openConnection().connect();
我已激活 ssl 调试模式 (-Djavax.net.debug=ssl) 并收到以下日志:
`18:20:23,030 INFO [STDOUT] Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
18:20:23,031 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361], setSoTimeout(0) called
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
.......................
18:20:23,036 INFO [STDOUT] Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
18:20:23,036 INFO [STDOUT] Compression Methods: {0}
18:20:23,036 INFO [STDOUT] Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
18:20:23,036 INFO [STDOUT] Extension ec_point_formats, formats: [uncompressed]
18:20:23,036 INFO [STDOUT] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
18:20:23,037 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361], WRITE: TLSv1.2 Handshake, length = 161
18:20:23,065 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361], READ: TLSv1.2 Alert, length = 2
18:20:23,066 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361]
18:20:23,066 INFO [STDOUT] RECV TLSv1.2 ALERT: fatal, handshake_failure
18:20:23,066 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361], called closeSocket()
18:20:23,066 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
我也尝试使用 属性 以下 'solutions':
- https.protocols=TLSv1.2,TLSv1.1,TLSv1
- crypto.policy=无限制
java 版本为 1.8.0_131。我应该怎么做才能连接到这个网站并下载这个图片?
提前致谢。
从我根据 SSLLabs 检查您的网站时看到的内容和调试输出中不存在的 扩展名 来看,它看起来很像副本。请参阅 了解我的答案和解决方案(升级 Java)。
我的 java 应用程序是 运行 by JBoss AS 5。我试图通过 URL 连接以下载图像,但我收到下一个异常: javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure
我已将 trust-managet 配置为 "all-trusting trust manager":
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
HostnameVerifier hv = new HostnameVerifier() {
@Override
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
我的简单java代码:
URL url = new URL("https://cdn.hotelbeds.com/giata/62/623081/623081a_hb_ro_007.jpg");
url.openConnection().connect();
我已激活 ssl 调试模式 (-Djavax.net.debug=ssl) 并收到以下日志:
`18:20:23,030 INFO [STDOUT] Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
18:20:23,031 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361], setSoTimeout(0) called
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
18:20:23,032 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
.......................
18:20:23,036 INFO [STDOUT] Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
18:20:23,036 INFO [STDOUT] Compression Methods: {0}
18:20:23,036 INFO [STDOUT] Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
18:20:23,036 INFO [STDOUT] Extension ec_point_formats, formats: [uncompressed]
18:20:23,036 INFO [STDOUT] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
18:20:23,037 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361], WRITE: TLSv1.2 Handshake, length = 161
18:20:23,065 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361], READ: TLSv1.2 Alert, length = 2
18:20:23,066 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361]
18:20:23,066 INFO [STDOUT] RECV TLSv1.2 ALERT: fatal, handshake_failure
18:20:23,066 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361], called closeSocket()
18:20:23,066 INFO [STDOUT] WorkerThread#1[10.0.0.38:52361], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
我也尝试使用 属性 以下 'solutions':
- https.protocols=TLSv1.2,TLSv1.1,TLSv1
- crypto.policy=无限制
java 版本为 1.8.0_131。我应该怎么做才能连接到这个网站并下载这个图片?
提前致谢。
从我根据 SSLLabs 检查您的网站时看到的内容和调试输出中不存在的 扩展名 来看,它看起来很像副本。请参阅