1. 首頁
  2. 問答
  3. SSLHandshake異常

SSLHandshake異常

2012-02-08 37 views
0

我正在使用Apache HttpClient(4.0)與HTTP服務器(配置了SSL)進行通信。SSLHandshake異常

服務器正在使用自簽名證書。理想情況下,我希望HttpClient庫的行爲與瀏覽器的行爲相同,但是在完成一些Google之後,我明白我必須將證書導入JRE密鑰庫(cacert)。儘管在JRE密鑰庫中安裝了證書,但我仍然得到「SSLHandshake異常」。

這裏是一個SSL日誌,我不是這方面的專家,所以需要幫助來分析日誌的內容。

trigger seeding of SecureRandom 
done seeding SecureRandom 
log4j:WARN No appenders could be found for logger (org.apache.http.impl.conn.SingleClientConnManager). 
log4j:WARN Please initialize the log4j system properly. 
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. 
main, setSoTimeout(0) called 
main, setSoTimeout(0) called 
%% No cached client session 
*** ClientHello, TLSv1 
RandomCookie: GMT: 1328639128 bytes = { 1, 30, 97, 51, 147, 14, 89, 41, 43, 120, 56, 192, 4, 5, 113, 203, 165, 199, 153, 199, 137, 199, 98, 242, 166, 81, 208, 129 } 
Session ID: {} 
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] 
Compression Methods: { 0 } 
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
*** 
main, WRITE: TLSv1 Handshake, length = 161 
main, WRITE: SSLv2 client hello message, length = 146 
main, READ: TLSv1 Alert, length = 2 
main, RECV TLSv1 ALERT: fatal, handshake_failure 
main, called closeSocket() 
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
main, called close() 
main, called closeInternal(true) 
main, called close() 
main, called closeInternal(true) 
main, called close() 
main, called closeInternal(true)

這是我正在使用的代碼片段。

DefaultHttpClient httpClient = new DefaultHttpClient(); 

X509HostnameVerifier verifier = new X509HostnameVerifier() { 
    @Override 
    public boolean verify(String hostname, SSLSession session) { 
     return true; 
    } 

    @Override 
    public void verify(String arg0, String[] arg1, String[] arg2) throws SSLException { 
    } 

    @Override 
    public void verify(String arg0, X509Certificate arg1) throws SSLException { 
    } 

    @Override 
    public void verify(String arg0, SSLSocket arg1) throws IOException { 
    } 
}; 

private static class DefaultTrustManager implements X509TrustManager { 

    @Override 
    public void checkClientTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException { 
    } 

    @Override 
    public void checkServerTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException { 
    } 

    @Override 
    public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
     return null; 
    } 

} 

SSLContext sslContext = SSLContext.getInstance("TLSv1"); 
sslContext.init(null, new TrustManager[] {new DefaultTrustManager()}, new SecureRandom()); 
SSLContext.setDefault(sslContext); 

SSLSocketFactory sf = new SSLSocketFactory(sslContext,verifier); 
ClientConnectionManager ccm = httpClient.getConnectionManager(); 
SchemeRegistry sr = ccm.getSchemeRegistry(); 
sr.register(new Scheme("https", sf, 9002)); 

HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); 
HttpParams params = new BasicHttpParams(); 
httpClient = new DefaultHttpClient(ccm, params);

來源

2012-02-08 Mandar Kulkarni

+0

爲什麼不檢查這個有據可查的問題? http://stackoverflow.com/questions/2159586/jsse-handshake-failure-on-public-https-web-site – Alfabravo 2012-02-08 05:54:16

+0

或者這一個:http://stackoverflow.com/questions/2642777/trusting- all-certificates-using-httpclient-over-https – DagR 2012-02-08 06:25:36

回答

-1

沒有很多有用的信息在日誌中。但是,爲什麼不嘗試使用不同的SSL算法,比如說「SSLv2」而不是TLSv1?

來源

2012-02-08 05:52:24 dbrin

+0

更改服務器上的SSL版本可解決此問題。 – 2012-02-08 10:42:36

相關問題

 相關問題