Java 客户端ECC SSL证书包含；“未知命名曲线”；_Java_Ssl_Netty_Openjdk_Elliptic Curve

Java 客户端ECC SSL证书包含；“未知命名曲线”；

java ssl netty

Java 客户端ECC SSL证书包含；“未知命名曲线”；,java,ssl,netty,openjdk,elliptic-curve,Java,Ssl,Netty,Openjdk,Elliptic Curve,问题: 我在一个现有的库中工作，该库在远程服务器上使用SSL和netty框架。我遇到SSL/TLS握手错误。错误如下： javax.net.ssl.SSLProtocolException: java.io.IOException: Unknown named curve: 1.2.840.10045.3.1.1 at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1345) ~[na:1.7.0_79] at s

问题: 我在一个现有的库中工作，该库在远程服务器上使用SSL和netty框架。我遇到SSL/TLS握手错误。错误如下：

javax.net.ssl.SSLProtocolException: java.io.IOException: Unknown named curve: 1.2.840.10045.3.1.1
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1345) ~[na:1.7.0_79]
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519) ~[na:1.7.0_79]
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:799) ~[na:1.7.0_79]
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:767) ~[na:1.7.0_79]
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_79]
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:982) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:908) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:854) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:130) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at java.lang.Thread.run(Thread.java:745) ~[na:1.7.0_79]
Caused by: javax.net.ssl.SSLProtocolException: java.io.IOException: Unknown named curve: 1.2.840.10045.3.1.1
    at sun.security.ssl.HandshakeMessage$CertificateMsg.<init>(HandshakeMessage.java:451) ~[na:1.7.0_79]
    at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:222) ~[na:1.7.0_79]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901) ~[na:1.7.0_79]
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:841) ~[na:1.7.0_79]
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:839) ~[na:1.7.0_79]
    at java.security.AccessController.doPrivileged(Native Method) ~[na:1.7.0_79]
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273) ~[na:1.7.0_79]
    at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1015) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:927) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
    ... 14 common frames omitted
Caused by: java.security.cert.CertificateParsingException: java.io.IOException: Unknown named curve: 1.2.840.10045.3.1.1
    at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:171) ~[na:1.7.0_79]
    at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1781) ~[na:1.7.0_79]
    at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:196) ~[na:1.7.0_79]
    at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:97) ~[na:1.7.0_79]
    at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339) ~[na:1.7.0_79]
    at sun.security.ssl.HandshakeMessage$CertificateMsg.<init>(HandshakeMessage.java:449) ~[na:1.7.0_79]
    ... 22 common frames omitted
Caused by: java.io.IOException: Unknown named curve: 1.2.840.10045.3.1.1
    at sun.security.ec.ECParameters.decodeParameters(ECParameters.java:197) ~[na:1.7.0_79]
    at sun.security.ec.ECParameters.engineInit(ECParameters.java:319) ~[na:1.7.0_79]
    at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) ~[na:1.7.0_79]
    at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:139) ~[na:1.7.0_79]
    at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114) ~[na:1.7.0_79]
    at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:382) ~[na:1.7.0_79]
    at sun.security.x509.X509Key.parse(X509Key.java:168) ~[na:1.7.0_79]
    at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75) ~[na:1.7.0_79]
    at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:705) ~[na:1.7.0_79]
    at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169) ~[na:1.7.0_79]
    ... 27 common frames omitted

javax.net.ssl.SSLProtocolException:java.io.IOException:未知命名曲线：1.2.840.10045.3.1.1
在sun.security.ssl.Handshaker.checkshown（Handshaker.java:1345）~[na:1.7.079]
在sun.security.ssl.SSLEngineImpl.checktaskshorn（SSLEngineImpl.java:519）~[na:1.7.079]
在sun.security.ssl.SSLEngineImpl.readNetRecord（SSLEngineImpl.java:799）~[na:1.7.079]
在sun.security.ssl.sslenginimpl.unwrap（sslenginimpl.java:767）~[na:1.7.079]
在javax.net.ssl.SSLEngine.unwrap（SSLEngine.java:624）~[na:1.7.079]
在io.netty.handler.ssl.SslHandler.unwrap（SslHandler.java:982）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.handler.ssl.SslHandler.unwrap（SslHandler.java:908）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.handler.ssl.SslHandler.decode（SslHandler.java:854）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.handler.codec.ByteToMessageDecoder.callDecode（ByteToMessageDecoder.java:249）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.handler.codec.ByteToMessageDecoder.channelRead（ByteToMessageDecoder.java:149）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead（AbstractChannelHandlerContext.java:333）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.channel.AbstractChannelHandlerContext.fireChannelRead（AbstractChannelHandlerContext.java:319）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.channel.DefaultChannelPipeline.fireChannelRead（DefaultChannelPipeline.java:787）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.channel.nio.AbstractNioByteChannel$niobytuensafe.read（AbstractNioByteChannel.java:130）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.channel.nio.NioEventLoop.processSelectedKey（NioEventLoop.java:511）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized（NioEventLoop.java:468）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.channel.nio.NioEventLoop.processSelectedKeys（NioEventLoop.java:382）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.channel.nio.NioEventLoop.run（NioEventLoop.java:354）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.util.concurrent.SingleThreadEventExecutor$2.run（SingleThreadEventExecutor.java:116）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run（DefaultThreadFactory.java:137）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在java.lang.Thread.run（Thread.java:745）~[na:1.7.0_79]
原因：javax.net.ssl.SSLProtocolException:java.io.IOException:未知命名曲线：1.2.840.10045.3.1.1
在sun.security.ssl.HandshakeMessage$CertificateMsg.（HandshakeMessage.java:451）~[na:1.7.079]
在sun.security.ssl.ServerHandshaker.processMessage（ServerHandshaker.java:222）~[na:1.7.079]
在sun.security.ssl.Handshaker.processLoop（Handshaker.java:901）~[na:1.7.079]
在sun.security.ssl.Handshaker$1.run（Handshaker.java:841）~[na:1.7.0\u 79]
在sun.security.ssl.Handshaker$1.run（Handshaker.java:839）~[na:1.7.0\u 79]
在java.security.AccessController.doPrivileged（本机方法）~[na:1.7.079]
在sun.security.ssl.Handshaker$DelegatedTask.run（Handshaker.java:1273）~[na:1.7.079]
在io.netty.handler.ssl.SslHandler.runDelegatedTasks（SslHandler.java:1015）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
在io.netty.handler.ssl.SslHandler.unwrap（SslHandler.java:927）~[netty-all-4.0.23.Final.jar:4.0.23.Final]
... 省略14个公共框架
原因：java.security.cert.CertificateParsingException:java.io.IOException:未知命名曲线：1.2.840.10045.3.1.1
在sun.security.x509.X509CertInfo.（X509CertInfo.java:171）~[na:1.7.079]
在sun.security.x509.X509CertImpl.parse（X509CertImpl.java:1781）~[na:1.7.079]
在sun.security.x509.X509CertImpl.（X509CertImpl.java:196）~[na:1.7.079]
在sun.security.provider.X509Factory.EngineeGenerateCertificate（X509Factory.java:97）~[na:1.7.079]
在java.security.cert.CertificateFactory.generateCertificate（CertificateFactory.java:339）~[na:1.7.079]
在sun.security.ssl.HandshakeMessage$CertificateMsg.（HandshakeMessage.java:449）~[na:1.7.079]
... 省略22个公共帧
原因：java.io.IOException:未知命名曲线：1.2.840.10045.3.1.1
在sun.security.ec.ECParameters.decodeParameters（ECParameters.java:197）~[na:1.7.079]
在sun.security.ec.ECParameters.engineInit（ECParameters.java:319）~[na:1.7.079]
在java.security.AlgorithmParameters.init（AlgorithmParameters.java:293）~[na:1.7.079]
在sun.security.x509.AlgorithmId.decodeParams（AlgorithmId.java:139）~[na:1.7.079]
在sun.security.x509.AlgorithmId.（AlgorithmId.java:114）~[na:1.7.079]
在sun.security.x509.AlgorithmId.parse（AlgorithmId.java:382）~[na:1.7.079]
在sun.security.x509.X509Key.parse（X509Key.java:168）~[na:1.7.079]
在sun.security.x509.CertificateX509Key.（CertificateX509Key.java:75）~[na:1.7.079]
在sun.security.x509.X509CertInfo.parse（X509CertInfo.java:705）~[na:1.7.079]
在sun.security.x509.X509CertInfo.（X509CertInfo.java:169）~[na:1.7.079]
... 省略了27个公共框架

现在，这是我试图解决眼前这个问题的方法。此远程服务器需要客户端身份验证，并且该证书是使用椭圆曲线的证书（使用具有不同公钥算法和签名算法的客户端证书不会导致错误，这意味着客户端证书在此出错）。我跑

opensslx509-in-text-noout

客户端证书如下所示：
证书：
数据：
版本：3（0x2）
序列号：35850396156500022
openssl x509 -in <client_cert> -text -noout

The client certificate is as follows:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3585039615565000225 (0x31c09e8937746e21)
    Signature Algorithm: ecdsa-with-SHA1
        Issuer: <ISSUER>
        Validity
            Not Before: Dec  1 23:01:26 2014 GMT
            Not After : Nov 26 23:01:26 2034 GMT
        Subject: 1.3.6.1.4.1.41387.1.1=18B43000004C627B
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (192 bit)
                pub:
                    04:dc:ca:07:76:de:28:91:b8:94:16:08:12:01:85:
                    24:a5:a5:5e:48:84:aa:2b:f8:3a:fa:87:f1:30:70:
                    f3:7b:01:68:6a:f6:29:56:c7:17:60:71:fe:b7:c0:
                    d1:d5:1c:ad
                ASN1 OID: prime192v1
                NIST CURVE: P-192
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: critical
                TLS Web Client Authentication, TLS Web Server Authentication
            X509v3 Subject Key Identifier:
                <SUBJECT KEY IDENTIFIER>
            X509v3 Authority Key Identifier:
                keyid: <KEY ID>

    Signature Algorithm: ecdsa-with-SHA1
         <SIGNATURE GOES HERE>