Rails和Play Framework之間的間歇SSL握手失敗

Question

我們有兩個服務，客戶端是Rails應用，服務器是使用Play框架構建的REST API。我們在Rails中使用HTTParty客戶端。

我們在這兩個服務之間得到間歇性的SSL握手錯誤。在遊戲中，我們得到以下錯誤：

Jan 09 14:37:47 graph-dev graph: org.jboss.netty.handler.ssl.SslHandler - SSLEngine.closeInbound() raised an exception after a handshake failure. 
Jan 09 14:37:47 graph-dev javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? 
Jan 09 14:37:47 graph-dev at: sun.security.ssl.Alerts.getSSLException(Alerts.java:208) 
Jan 09 14:37:47 graph-dev at: sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619) 
Jan 09 14:37:47 graph-dev at: sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587) 
Jan 09 14:37:47 graph-dev at: sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1517) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1407) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1293) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:913) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) 
Jan 09 14:37:47 graph-dev at: java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 
Jan 09 14:37:47 graph-dev at: java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
Jan 09 14:37:47 graph-dev at: java.lang.Thread.run(Thread.java:744) 

On Rails的，相應的錯誤：

Error: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert handshake failure 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `connect' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `block in connect' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/timeout.rb:52:in `timeout' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `connect' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:862:in `do_start' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:851:in `start' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:1367:in `request' 

我們的SSL證書由頒發的RapidSSL。在Play上，我們包含由Equifax驗證GeoTrust簽署的跨根證書。

我們一直在試圖弄清楚這幾天，現在我們真的很茫然。

Answer 1

在Play郵件列表上提供了一個答案。我們在$JAVA_HOME/jre/lib/security/java.security中添加了DiffieHellman到jdk.tls.disabledAlgorithms的默認值的末尾，並解決了這個問題。

信用可以在該列表中選擇Will Sargent。

https://groups.google.com/forum/#!topic/play-framework/ECee_w2wlrU