我在Tomcat 8.5.8中有一個應用程序。我在Tomcat服務器前有Apache 2.4 webserver。我用ssl TLS1.2和ciphursuite配置了Apache:SSLCipherSuite「HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128」。無法將httpsUrlConnection創建爲servlet握手異常
現在,當我試圖讓HttpsURLConnection的調用這個servlet在我的應用程序,它拋出以下異常:
javax.net.ssl.SSLHandshakeException:收到致命警報: handshake_failure
我在想,理想情況下httpsurlconnection代碼不應特別啓用任何ciphursuites。請給我方向。
我使用的是JDK 1.8。
我換成Apache的配置項以上
的SSLCipherSuite 「HIGH:A零位:MD5:3DES:山茶花:!AES128」
與以下
的SSLCipherSuite「TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :EECDH + ECDSA + AESGCM:EECDH + ARSA + AESGCM:EECDH + ECDSA + SHA384:EECDH + ECDSA + SHA256:EECDH + ARSA + SHA384:EECDH + ARSA + SHA256:EECDH + ARSA + RC4:EECDH:EDH + ARSA:EECDH + AESGCM:EDH + AESGCM:AES256 + EECDH:AES256 + EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH E-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:kEDH + AESGCM:DHE-RSA- AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA: ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE- DSS-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA: AES128-SHA:AES256:AES128:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4「
它工作正常。客戶端代碼絕對沒有變化。
可能重複[收到致命警報:握手\ _failure通過SSLHandshakeException](http://stackoverflow.com/questions/6353849/received-fatal-alert-handshake-failure-through-sslhandshakeexception) – Akshay
特別是看到的答案由heez和Simon Yu提供,因爲您的Apache配置只允許使用AES-256和Oracle Java的密碼套件默認不支持256位加密(儘管OpenJDK的確如此,至少在我嘗試過的版本中)。 –