Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
是什么导致javax.net.ssl.SSLHandshakeException:握手期间远程主机关闭连接_Java_Ssl_Ssl Certificate_Sslhandshakeexception - Fatal编程技术网
Fatal编程技术网
  • java/
  • 是什么导致javax.net.ssl.SSLHandshakeException:握手期间远程主机关闭连接

是什么导致javax.net.ssl.SSLHandshakeException:握手期间远程主机关闭连接

java ssl

是什么导致javax.net.ssl.SSLHandshakeException:握手期间远程主机关闭连接,java,ssl,ssl-certificate,sslhandshakeexception,Java,Ssl,Ssl Certificate,Sslhandshakeexception,在尝试通过API与服务器通信时,我遇到了javax.net.ssl.SSLHandshakeException 这里的问题非常具体。只有在特定的客户机上,才会发生此异常 我正在使用java8。在调用api时,我没有看到api在服务器端被命中,并且在调用api 17分钟后会看到此异常。为什么抛出异常要花这么多时间?有什么东西阻止它被调用吗 然后通过命令行使用“CURL”调用api。。可以看到响应,但不能通过代码看到。我错过了什么 还有许多其他客户机能够成功地使用此服务。为什么我只在特定的客户机上看

在尝试通过API与服务器通信时,我遇到了javax.net.ssl.SSLHandshakeException

这里的问题非常具体。只有在特定的客户机上,才会发生此异常

我正在使用java8。在调用api时,我没有看到api在服务器端被命中,并且在调用api 17分钟后会看到此异常。为什么抛出异常要花这么多时间?有什么东西阻止它被调用吗

然后通过命令行使用“CURL”调用api。。可以看到响应,但不能通过代码看到。我错过了什么

还有许多其他客户机能够成功地使用此服务。为什么我只在特定的客户机上看到这个问题?我已经更新了http JAR并检查了机器上的openssl是最新版本,因此它支持TLSv1.1和TLSv1.2

openssl不是问题,因为当通过命令行点击时,我从同一台机器获得响应。这意味着没有证书问题,对吗

我错过了什么?有什么办法可以解决这个问题

编辑: 启用值为ssl的调试日志后,将记录故障

 *** ClientHello, TLSv1.2
RandomCookie:  GMT: 1507603485 bytes = { 46, 25, 233, 155, 229, 192, 23, 113, 70, 0, 128, 243, 228, 234, 162, 74, 80, 65, 193, 20, 103, 234, 209, 36, 211, 97, 196, 245 }
Session ID:  {6, 123, 53, 216, 50, 219, 185, 178, 236, 232, 9, 154, 213, 12, 174, 171, 131, 30, 8, 105, 18, 70, 74, 35, 157, 100, 145, 53, 206, 33, 38, 9}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
***
main, WRITE: TLSv1.2 Handshake, length = 225
main, READ: TLSv1.2 Handshake, length = 89
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1948502716 bytes = { 112, 134, 167, 149, 222, 252, 155, 36, 55, 155, 23, 201, 237, 66, 69, 180, 176, 185, 86, 45, 222, 254, 228, 92, 211, 113, 21, 198 }
Session ID:  {6, 123, 53, 216, 50, 219, 185, 178, 236, 232, 9, 154, 213, 12, 174, 171, 131, 30, 8, 105, 18, 70, 74, 35, 157, 100, 145, 53, 206, 33, 38, 9}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
***
CONNECTION KEYGEN:
Client Nonce:
0000: 5A DC 34 1D 2E 19 E9 9B   E5 C0 17 71 46 00 80 F3  Z.4........qF...
0010: E4 EA A2 4A 50 41 C1 14   67 EA D1 24 D3 61 C4 F5  ...JPA..g..$.a..
Server Nonce:
0000: 74 24 CB BC 70 86 A7 95   DE FC 9B 24 37 9B 17 C9  t$..p......$7...
0010: ED 42 45 B4 B0 B9 56 2D   DE FE E4 5C D3 71 15 C6  .BE...V-...\.q..
Master Secret:
0000: 9C 71 48 89 F3 C2 47 A4   08 99 E2 90 10 41 A7 B2  .qH...G......A..
0010: B9 AD E4 94 77 42 2A 03   1B 5A 85 43 48 6A E8 F6  ....wB*..Z.CHj..
0020: 19 AC 45 A7 A7 A1 10 31   AF 47 22 EA 06 08 02 D3  ..E....1.G".....
... no MAC keys used for this cipher
Client write key:
0000: 09 29 08 5C 46 74 F3 F4   25 E8 5E BB 58 F9 B2 87  .).\Ft..%.^.X...
Server write key:
0000: AA 0B 79 6C EE D1 5D 5B   95 24 85 38 66 04 36 BB  ..yl..][.$.8f.6.
Client write IV:
0000: DC FA A6 A3                                        ....
Server write IV:
0000: A5 E7 72 C9                                        ..r.
%% Server resumed [Session-5, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
main, READ: TLSv1.2 Handshake, length = 40
Keep-Alive-Timer, called close()
Keep-Alive-Timer, called closeInternal(true)
Keep-Alive-Timer, SEND TLSv1.2 ALERT:  warning, description = close_notify
Keep-Alive-Timer, WRITE: TLSv1.2 Alert, length = 26
Keep-Alive-Timer, called closeSocket(true)
main, received **EOFException**: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated:  [Session-5, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
main, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
事实上,
openssl s_客户端
成功并没有建立服务器证书,因为
s_客户端
被设计为一个忽略(大多数)证书错误的测试工具。但证书问题不会导致17分钟的延迟。根据,请尝试使用sysprop
javax.net.debug=ssl
运行,以获取Java/JSSE正在执行的操作的详细信息以及它看到的响应。@dave_thompson_085我刚刚通过运行带有选项-Djavax.net.debug=ssl的命令从捕获的日志中更新了描述。请看一看。您的客户发送了
close\u notify
。服务器只是正确响应。看起来您的客户端超时了请求。@EJP:服务器Hello同意恢复请求,所以服务器应该立即发送CCS并完成,但客户端没有收到。Deepak:要检查这一点,请尝试
openssl s_client-connect host:port-sess_out tempfile相应地运行这两个命令,并在描述中发布。当我运行sess_时,它在结尾没有说“完成”,也没有返回光标。。

$ openssl s_client -connect 40.dataloader.IRXXX.XXX.com:443 -sess_out tempfile </dev/null
CONNECTED(00000003)
depth=0 C = US, ST = Massachusetts, L = Waltham, O = XXX, OU = IRXXX, CN = IRXXX.XXX.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = Massachusetts, L = Waltham, O = XXX, OU = IRXXX, CN = IRXXX.XXX.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = US, ST = Massachusetts, L = Waltham, O = XXX, OU = IRXXX, CN = IRXXX.XXX.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Massachusetts/L=Waltham/O=XXX/OU=IRXXX/CN=IRXXX.XXX.com
   i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
---
Server certificate
-----BEGIN CERTIFICATE-----
...
XXX
XXX
...
-----END CERTIFICATE-----
subject=/C=US/ST=Massachusetts/L=Waltham/O=XXX/OU=IRXXX/CN=IRXXX.XXX.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
---
No client certificate CA names sent
---
SSL handshake has read 2318 bytes and written 421 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 850ECBF2236A86B1267114E6F547CA1B52F30EAB36015E1AFAD5FDE5AFCAEA7A
    Session-ID-ctx: 
    Master-Key: 382EB56038856142D140479A3A936B1112FC117268039093AFD938D3A710774DD0CE8544B15B6C1FAD13C1A7E5B2FB77
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1524422784
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
DONE



$ openssl s_client -connect 40.dataloader.IRXXX.XXX.com:443 -sess_in tempfile
    CONNECTED(00000003)
    depth=0 C = US, ST = Massachusetts, L = Waltham, O = XXX, OU = IRXXX, CN = IRXXX.XXX.com
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 C = US, ST = Massachusetts, L = Waltham, O = XXX, OU = IRXXX, CN = IRXXX.XXX.com
    verify error:num=27:certificate not trusted
    verify return:1
    depth=0 C = US, ST = Massachusetts, L = Waltham, O = XXX, OU = IRXXX, CN = IRXXX.XXX.com
    verify error:num=21:unable to verify the first certificate
    verify return:1
    ---
    Certificate chain
     0 s:/C=US/ST=Massachusetts/L=Waltham/O=XXX/OU=IRXXX/CN=IRXXX.XXX.com
       i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    ...
    XXX
    XXX
    ...
    -----END CERTIFICATE-----
    subject=/C=US/ST=Massachusetts/L=Waltham/O=XXX/OU=IRXXX/CN=IRXXX.XXX.com
    issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 2318 bytes and written 453 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES128-GCM-SHA256
        Session-ID: 5DD784DD1BA46EF3251638D4651DB412FC807ECA7CD257CB98C0F1A888859809
        Session-ID-ctx: 
        Master-Key: DC58588177FB5F7192C9972FC705BA070120DB4B1004CA594C1097EDA3DA376E7F8B153BFBFCC1BE557C516E21CCB43D
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        Start Time: 1524423133
        Timeout   : 300 (sec)
        Verify return code: 21 (unable to verify the first certificate)
    ---