0
鑑於這種球衣初始化代碼:壞SSL握手澤西
boolean clientMode = false,
needClientAuth = true,
wantClientAuth = true;
SSLContext sslcconf = SSLContext.getDefault();
SSLEngineConfigurator ssleconf = new SSLEngineConfigurator(sslcconf, clientMode, needClientAuth, wantClientAuth);
boolean secure = true,
start = true;
ResourceConfig resconf = new ResourceConfig(classes);
HttpServer server = GrizzlyHttpServerFactory.createHttpServer(
new URI("https://localhost:8080"),
resconf, secure, ssleconf, start);
的所有客戶端試圖連接到該服務器拋出通用SSL握手錯誤。特別是:
$ openssl s_client -debug -msg -connect localhost:8080
CONNECTED(00000003)
write to 0xa024118 [0xa024b48] (118 bytes => 118 (0x76))
0000 - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00 .t....K... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../.......
0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 ................
0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @...............
0050 - 00 00 03 02 00 80 bf 3e-48 68 ef c9 6f aa 65 88 .......>Hh..o.e.
0060 - 86 e7 eb 77 e9 be 3c 69-67 0b 3c ae 3a dc 69 5f ...w..<ig.<.:.i_
0070 - ad c0 c4 93 61 ce ....a.
>>> SSL 2.0 [length 0074], CLIENT-HELLO
01 03 01 00 4b 00 00 00 20 00 00 39 00 00 38 00
00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00
33 00 00 32 00 00 2f 03 00 80 00 00 05 00 00 04
01 00 80 00 00 15 00 00 12 00 00 09 06 00 40 00
00 14 00 00 11 00 00 08 00 00 06 04 00 80 00 00
03 02 00 80 bf 3e 48 68 ef c9 6f aa 65 88 86 e7
eb 77 e9 be 3c 69 67 0b 3c ae 3a dc 69 5f ad c0
c4 93 61 ce
read from 0xa024118 [0xa02a0a8] (7 bytes => 0 (0x0))
21856:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
具有良好的請求到不同的服務器比較:
CONNECTED(00000003)
write to 0xa024138 [0xa024b48] (118 bytes => 118 (0x76))
0000 - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00 .t....K... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../.......
0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 ................
0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @...............
0050 - 00 00 03 02 00 80 b1 33-32 65 f0 53 60 2d aa 85 .......32e.S`-..
0060 - b1 5c 19 1f f2 5b 8b 1a-2d 8a ed 8f c0 79 f7 72 .\...[..-....y.r
0070 - 9c 31 b3 ec 39 b5 .1..9.
>>> SSL 2.0 [length 0074], CLIENT-HELLO
01 03 01 00 4b 00 00 00 20 00 00 39 00 00 38 00
00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00
33 00 00 32 00 00 2f 03 00 80 00 00 05 00 00 04
01 00 80 00 00 15 00 00 12 00 00 09 06 00 40 00
00 14 00 00 11 00 00 08 00 00 06 04 00 80 00 00
03 02 00 80 b1 33 32 65 f0 53 60 2d aa 85 b1 5c
19 1f f2 5b 8b 1a 2d 8a ed 8f c0 79 f7 72 9c 31
b3 ec 39 b5
read from 0xa024138 [0xa02a0a8] (7 bytes => 7 (0x7))
0000 - 16 03 01 00 4a 02 ....J.
0007 - <SPACES/NULS>
...
編輯:
boolean clientMode = false,
needClientAuth = true,
wantClientAuth = true;
SSLContextConfigurator sslcconf = new SSLContextConfigurator();
sslcconf.setSecurityProtocol("TLSv1.2");
SSLEngineConfigurator ssleconf = new SSLEngineConfigurator(sslcconf, clientMode, needClientAuth, wantClientAuth);
ssleconf.setEnabledProtocols(new String[] { "TLSv1.2" });
ssleconf.setEnabledCipherSuites(new String[] {
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA256",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
});
// SSLContext sslcconf = SSLContext.getDefault();
boolean secure = true,
start = true;
ResourceConfig resconf = new ResourceConfig(classes);
HttpServer server = GrizzlyHttpServerFactory.createHttpServer(
new URI("https://localhost:8080"),
resconf, secure, ssleconf, start);
嘗試在s_client中使用-ssl2選項。如果可行,你應該知道sslv2有很多問題。 – Khanna111 2014-12-01 19:31:33