问题描述
try {
sslcontext = SSLContexts.custom().loadKeyMaterial(getwindowsKeyStore(),getSSLKeyPassword().tochararray()).build();
sslcontext.init(new KeyManager[0],new TrustManager[] {new DefaultTrustManager()},new SecureRandom());
SSLContext.setDefault(sslcontext);
} catch (Exception e1) {
e1.printstacktrace();
}
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext,new String[] {"SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2" },// important
null,SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(30000)
.setConnectTimeout(10000).setSocketTimeout(60000).build();
PoolingHttpClientConnectionManager httpClientConnectionManager = getHttpCLientConnManager(
RegistryBuilder.<ConnectionSocketFactory>create()
.register("http",PlainConnectionSocketFactory.getSocketFactory()).register("https",sslsf)
.build());
DefaultConnectionKeepAliveStrategy keepAliveStrat = new DefaultConnectionKeepAliveStrategy() {
@Override
public long getKeepAliveDuration(
HttpResponse response,HttpContext context) {
long keepAlive = super.getKeepAliveDuration(response,context);
if (keepAlive == -1) {
keepAlive = 5000;
}
return keepAlive;
}
};
httpclient = HttpClients.custom()
.setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) .setSSLSocketFactory(sslsf)
.setDefaultRequestConfig(requestConfig)
.setConnectionTimetoLive(30,TimeUnit.SECONDS)
.setConnectionManager(httpClientConnectionManager)
.setKeepAliveStrategy(keepAliveStrat)
.setRetryHandler(new DefaultHttpRequestRetryHandler(10,true))
.setMaxConnPerRoute(20).setMaxConnTotal(100)
.build();
return httpclient;
}
private static KeyStore getwindowsKeyStore() {
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance("Windows-MY","SunMSCAPI");
String sslPassword = getSSLKeyPassword();
keyStore.load(null,sslPassword.tochararray());
List<String> alias = Collections.list(keyStore.aliases()).stream().collect(Collectors.toList());
System.out.println("alias name: " + alias.get(1));
Certificate certificate = keyStore.getCertificate(alias.get(1));
keyStore.setCertificateEntry("cert",certificate);
} catch (KeyStoreException | NoSuchProviderException | NoSuchAlgorithmException | CertificateException | IOException e) {
e.printstacktrace();
}
return keyStore;
}
我尝试了多种选择,例如:
-
使用的SSL版本不兼容服务器:TLS v1,而客户端SSL v3
-
客户端和服务器使用的密码套件不兼容。
-
服务器证书的不完整信任路径;
-
将httpclient升级到4.5.6
Stacktrace:
pool-48-thread-1,写:TLSv1.2握手,长度= 40 池48线程1,等待close_notify或警报:状态1 pool-48-thread-1,等待关闭java.net.socketException时发生异常:软件导致连接中止:recv失败 pool-48-thread-1,处理异常:java.net.socketException:软件导致连接中止:recv失败 %%无效:[Session-79,SSL_NULL_WITH_NULL_NULL] %%无效:[会话178,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] 池48线程1,发送TLSv1.2警报:致命的,描述=意外消息 pool-48-thread-1,写:TLSv1.2警报,长度= 26 pool-48-thread-1,异常发送警报:java.net.socketException:软件导致连接中止:套接字写入错误 池48线程1,称为closeSocket() javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure 在sun.security.ssl.Alerts.getSSLException(未知来源) 在sun.security.ssl.Alerts.getSSLException(未知来源) 在sun.security.ssl.SSLSocketImpl.recvAlert(未知来源) 在sun.security.ssl.SSLSocketImpl.readRecord(未知来源) 在sun.security.ssl.SSLSocketImpl.performInitialHandshake(未知来源) 在sun.security.ssl.SSLSocketImpl.startHandshake(未知来源) 在sun.security.ssl.SSLSocketImpl.startHandshake(未知来源) org.apache.http.impl上的org.apache.http.conn.ssl.SSLConnectionSocketFactory.createlayeredSocket(SSLConnectionSocketFactory.java:396)在org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)在org.apache.http.impl。 org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)上的conn.DefaultHttpClientConnectionoperator.connect(DefaultHttpClientConnectionoperator.java:142)在org.apache.http.impl.execchain.MainClientExec。建立路由(MainClientExec。 java381),网址为org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) 在org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) 在org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) 在org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)上在org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)在org.apache.http.impl。 org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)上的client.CloseableHttpClient.execute(CloseableHttpClient.java:83) [pool-20-thread-1]调试org.apache.http.impl.conn.Poolinjavax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure 在sun.security.ssl.Alerts.getSSLException(未知来源) 在sun.security.ssl.Alerts.getSSLException(未知来源) 在sun.security.ssl.SSLSocketImpl.recvAlert(未知来源) 在sun.security.ssl.SSLSocketImpl.readRecord(未知来源) 在sun.security.ssl.SSLSocketImpl.performInitialHandshake(未知来源) 在sun.security.ssl.SSLSocketImpl.startHandshake(未知来源) 在sun.security.ssl.SSLSocketImpl.startHandshake(未知来源) org.apache.http.impl上的org.apache.http.conn.ssl.SSLConnectionSocketFactory.createlayeredSocket(SSLConnectionSocketFactory.java:396)在org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)在org.apache.http.impl。 conn.DefaultHttpClientConnectionoperator.connect(DefaultHttpClientConnectionoperator.java:142)在org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) java.net.socketException:套接字已关闭 在java.net.socket.setSoLinger(未知源)在org.apache.http.impl.BhttpconnectionBase.shutdown(BhttpconnectionBase.java:305) 在org.apache.http.impl.conn.LoggingManagedHttpClientConnection.shutdown(LoggingManagedHttpClientConnection.java:98)的org.apache.http.impl.conn.DefaultManagedHttpClientConnection.shutdown(DefaultManagedHttpClientConnection.java:95) 在org.apache.http.impl.conn.CPoolEntry.shutdownConnection(CPoolEntry.java:75) 在org.apache.http.impl.conn.CPoolProxy.shutdown(CPoolProxy.java:94)
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)