1. 首頁
  2. 問答
  3. Java SSL握手警報no_negotiation

Java SSL握手警報no_negotiation

2015-10-27 91 views
0

與web服務通信時發生此錯誤。Java SSL握手警報no_negotiation

客戶報告的錯誤:

javax.net.ssl.SSLException: Received fatal alert: unexpected_message 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) 
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1991) 
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1098) 
    at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:903) 
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:102) 
    at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) 
    at java.io.BufferedInputStream.read1(BufferedInputStream.java:275) 
    at java.io.BufferedInputStream.read(BufferedInputStream.java:334) 
    at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:687) 
    at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1324) 
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) 
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2223) 
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2192) 
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2036)

而且在服務器日誌中的錯誤

javax.net.ssl.SSLProtocolException: handshake_alert

來源

2015-10-27 Davor Hrg

回答

2

它看起來就像服務器沒有更新爲RFC 5746.

我偶然發現https://www.digicert.com/news/2011-06-03-ssl-renego.htm and foud

If the server does not respond in accordance with RFC 5746, the client MUST abort the renegotiation handshake.

後來我發現http://www.oracle.com/technetwork/java/javase/overview/tlsreadme2-176330.html

sun.security.ssl.allowUnsafeRenegotiation - Introduced in Phase 1, this controls whether legacy (unsafe) renegotiations are permitted.

一個臨時的解決是增加系統性能

-Dsun.security.ssl.allowUnsafeRenegotiation=true

但事實並非是真正的原因發生錯誤。真正的原因是我的客戶使用舊的SSL。

tlsClientParameters.setSecureSocketProtocol("SSL");

我評論說行,因此使用默認值:"TLS",之後的溝通工作就好了。

來源

2015-10-27 09:24:27

相關問題

 相關問題