问题描述
使用https网络服务时出现严重错误。在Java 6中运行客户端时出现该错误。我无法更改Jdk的版本。我尝试过使用jdk8,并且效果很好。
什么可能导致此错误?
我添加了UnlimitedJCEPolicyJDK6 JAR;
我的客户代码:
System.setProperty("javax.net.ssl.trustStore","bci-to-scoring-keystore-client.jks");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
//connection.setSSLSocketFactory(ssl.getSocketFactory());
connection.setRequestMethod("POST");
connection.setDoOutput(true);
connection.setRequestProperty("Content-Type","text/xml");
connection.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname,SSLSession session) {
return true;
}
});
connection.connect();
例外:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
at com.bci.test.JavaApplication7.execute(JavaApplication7.java:70)
at com.bci.test.JavaApplication7.main(JavaApplication7.java:33)
使用-Djavax.net.debug=ssl运行时,我有以下提示:
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: bci-to-scoring-keystore-client.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=*.BCITESTES.LOCAL,OU=DSI - Direccao de Sistemas de Informacao,O="BCI - Banco Comercial e de Investimentos,SA",L=Maputo,ST=Maputo,C=MZ
Issuer: CN=BCI Enterprise Certificate Authority,DC=BCIFOMENTO,DC=CO,DC=MZ
Algorithm: RSA; Serial number: 0x43000000b6661aefae5816d09c0002000000b6
Valid from Wed Jun 03 09:10:22 CAT 2020 until Fri Jun 03 09:10:22 CAT 2022
adding as trusted cert:
Subject: CN=cliente.bci.scoring.co.mz,O=BCI - Banco Comercial e de Investimentos,C=MZ,L=Maputo
Issuer: CN=cliente.bci.scoring.co.mz,L=Maputo
Algorithm: RSA; Serial number: 0x5f50ffd3
Valid from Thu Sep 03 16:38:11 CAT 2020 until Sat Aug 10 16:38:11 CAT 2120
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello,TLSv1
RandomCookie: GMT: 1599232592 bytes = { 73,169,83,102,108,21,161,215,189,29,218,198,42,47,144,160,202,94,179,118,28,239,54,38,199,59,222,43 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
main,WRITE: TLSv1 Handshake,length = 81
main,WRITE: SSLv2 client hello message,length = 110
main,READ: UnkNown-3.3 Alert,length = 2
main,RECV TLSv1 ALERT: fatal,handshake_failure
main,called closeSocket()
main,handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)