1. 首頁
  2. 問答
  3. 錯誤連接到站點通過SSL

錯誤連接到站點通過SSL

2012-03-23 136 views
2

早上好,錯誤連接到站點通過SSL

我試圖使用SSL連接到一個網站,並始終得到相同的異常(javax.net.ssl.SSLException:收到致命警報:unexpected_message)。我使用站點證書創建信任庫,並在運行時加載它們。這是代碼:

import java.net.URL; 
import java.security.cert.CertificateException; 
import java.security.cert.X509Certificate; 

import javax.net.ssl.HostnameVerifier; 
import javax.net.ssl.HttpsURLConnection; 
import javax.net.ssl.SSLSession; 
import javax.net.ssl.X509TrustManager; 

public class SSLTest { 

public static void main(String [] args) throws Exception { 
    System.setProperty("javax.net.debug" , "ssl"); 
    System.setProperty("javax.net.ssl.trustStorePassword","123456"); 
    System.setProperty("javax.net.ssl.trustStore","C:\\Projectos\\GapM\\WebServiceTes\\src\\truststore.jks"); 

    URL url = new URL("https://www.segurnet.pt"); 
    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); 
    conn.setHostnameVerifier(new HostnameVerifier() { 
     public boolean verify(String arg0, SSLSession arg1) { 
      return true; 
     } 
    }); 
    System.out.println(conn.getResponseCode()); 
    System.out.println(conn.getResponseMessage()); 

    conn.disconnect(); 
} 

private static class DefaultTrustManager implements X509TrustManager { 

    public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} 

    public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} 

    public X509Certificate[] getAcceptedIssuers() { 
     return null; 
    } 

} 

}

這就是我得到:

keyStore is : 
keyStore type is : jks 
keyStore provider is : 
init keystore 
init keymanager of type SunX509 
trustStore is: C:\Projectos\GapM\WebServiceTest\src\truststore.jks 
trustStore type is : jks 
trustStore provider is : 
init truststore 
adding as trusted cert: 
    Subject: CN=luis gomes, OU=dti, O=acoreana, L=lisboa, ST=Unknown, C=pt 
    Issuer: CN=luis gomes, OU=dti, O=acoreana, L=lisboa, ST=Unknown, C=pt 
    Algorithm: RSA; Serial number: 0x181b641e 
    Valid from Thu Mar 22 14:42:39 GMT 2012 until Thu Mar 29 15:42:39 BST 2012 

adding as trusted cert: 
    Subject: CN=www.segurnet.pt, OU=Web Server, OU=Associacao Portuguesa de Seguradores, OU=Corporate, OU=CERTIPOR - RA, O=MULTICERT-CA, C=PT 
    Issuer: CN=MULTICERT-CA 02, O=MULTICERT-CA, C=pt 
    Algorithm: RSA; Serial number: 0x426e98cd 
    Valid from Fri Mar 16 14:54:03 GMT 2012 until Mon Apr 16 15:45:18 BST 2012 

adding as trusted cert: 
    Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US 
    Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US 
    Algorithm: RSA; Serial number: 0x1a5 
    Valid from Thu Aug 13 01:29:00 BST 1998 until Tue Aug 14 00:59:00 BST 2018 

adding as trusted cert: 
    Subject: CN=MULTICERT-CA 02, O=MULTICERT-CA, C=pt 
    Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US 
    Algorithm: RSA; Serial number: 0x7273ce5 
    Valid from Wed Jun 03 14:50:37 BST 2009 until Wed Oct 02 14:49:20 BST 2013 

trigger seeding of SecureRandom 
done seeding SecureRandom 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 
Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
main, setSoTimeout(0) called 
%% No cached client session 
*** ClientHello, TLSv1 
RandomCookie: GMT: 1332495399 bytes = { 155, 93, 98, 157, 254, 204, 71, 133, 69, 221, 204, 14, 28, 124, 97, 184, 91, 139, 73, 188, 199, 75, 93, 224, 243, 135, 185, 67 } 
Session ID: {} 
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] 
Compression Methods: { 0 } 
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
Extension server_name, server_name: [host_name: www.segurnet.pt] 
*** 
main, WRITE: TLSv1 Handshake, length = 173 
main, READ: SSLv3 Alert, length = 2 
main, RECV TLSv1 ALERT: fatal, unexpected_message 
main, called closeSocket() 
main, handling exception: javax.net.ssl.SSLException: Received fatal alert: unexpected_message

任何幫助apreciated。

由於提前, 路易斯

來源

2012-03-23 user1287902

回答

4

我懷疑你需要強制使用SSLv3的。

這種失敗:

openssl s_client -connect www.segurnet.pt:443

鑑於此作品:

openssl s_client -ssl3 -connect www.segurnet.pt:443

如果可能的話,一個更好的解決辦法是讓遠端正確地配置自己的網站。他們目前所擁有的並不是很安全。

來源

2012-03-23 10:23:32 TonyM

+2

謝謝@TonyM我triyng到System.setProperty(「https.protocols」,「SSLv3」);並獲得相同的錯誤...但嘗試此System.setProperty(「https.protocols」,「SSLv3,SSLv2Hello」);和工作。 – user1287902 2012-03-23 16:20:10

相關問題

 相關問題