Java JDK 7 SSL问题_Java_Ssl_Jce - Fatal编程技术网

Java JDK 7 SSL问题

java ssl

Java JDK 7 SSL问题,java,ssl,jce,Java,Ssl,Jce,我面临着一个非常奇怪的问题，我被阻止了好几天我有一个基于SSL的WS客户端；使用JDK1.5时，所有Works都很好；升级到JDK 1.7时出现错误“javax.net.ssl.SSLHandshakeException:收到致命警报：握手失败” 所以我调试并编写了一个非常简单而愚蠢的Java main；在JDK1.5中，它可以工作；在JDK1.7中没有。通过搜索和阅读Oracle文档，我在JDK 1.7环境中执行了以下步骤：安装了从以下URL下载的JDK 1.7 JCE扩展：使用ke

我面临着一个非常奇怪的问题，我被阻止了好几天我有一个基于SSL的WS客户端；使用JDK1.5时，所有Works都很好；升级到JDK 1.7时出现错误“javax.net.ssl.SSLHandshakeException:收到致命警报：握手失败” 所以我调试并编写了一个非常简单而愚蠢的Java main；在JDK1.5中，它可以工作；在JDK1.7中没有。通过搜索和阅读Oracle文档，我在JDK 1.7环境中执行了以下步骤：

安装了从以下URL下载的JDK 1.7 JCE扩展：
使用keytool命令导入证书：keytool-importcert-file C:\certificato\mycert.spcoop.gov\u 25\u 05\u 15.der-alias prenotazioni-keystore cacerts
添加了以下JVM参数：-Djavax.net.debug=all-Dhttps.protocols=“TLSv1.2，TLSv1.1，TLSv1，SSLv3”

这是我的Java代码：

SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
URL url = new URL(https_url);
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);
InputStream inputstream = conn.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
String string = null;
while ((string = bufferedreader.readLine()) != null) {
System.out.println("Received " + string);
}

当我执行我的代码时，在JDK5中一切正常；在JDK 7中，我有一个错误：

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at test.TestWs.main(TestWs.java:261)

我在JDK 7中的javax.net调试如下：

keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\jdk1.7.0_79\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 10:36:00 CEST 2006 until Sat Oct 25 10:36:00
adding as trusted cert:
Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 01 02:00:00 CEST 2009 until Fri Jan 01 00:59:59 CET 2038
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
Ignoring disabled protocol: SSLv3
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1432571160 bytes = { 183, 74, 138, 30, 148, 63, 201, 75, 45, 62, 236, 97, 105, 77, 43, 2, 165, 41, 236, 66, 136, 199, 69, 218, 51, 222, 160, 173 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [host_name: regionepuglia.spcoop.gov.it]
***

*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=regionepuglia.spcoop.gov.it, OU=regionepuglia, O=SPCoop, L=Unknown, ST=Unknown, C=IT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 132618727249398576547024477808858924367105537553637063046075664049606165829826937799440779441085443715757852311051661228801872537170391304848984401153128450313724384093034858857147382765618549007154165424372327503199963670471207807167735896793431454627395348393490603992708106531483375397586992903157954592719
public exponent: 65537
Validity: [From: Tue Oct 09 15:49:47 CEST 2012,
To: Fri Oct 09 16:49:47 CEST 2015]
Issuer: CN=SPCoop CA1, OU=Servizi di Sicurezza e Certificazione, O=DigitPA, C=IT
SerialNumber: [ f4]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 0B E1 2F 63 C8 02 65 44 1E 00 BD E9 91 8A 43 CE ../c..eD......C.
0010: B3 6F 5E 19 .o^.
]
[CN=SPCoop CA1, OU=Servizi di Sicurezza e Certificazione, O=DigitPA, C=IT]
SerialNumber: [ 01]
]
[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap://ldapca2.pcoop.gov.it/cn%3DSPCoop%20CA1,ou%3DServizi%20di%20sicurezza%20e%20certificazione,o%3DDigitPA,C%3DIT?certificateRevocationList]
]]
[3]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.76.16.3.4.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 61 2E 53 50 43 6F .*http://ca.SPCo
0010: 6F 70 2E 67 6F 76 2E 69 74 2F 43 50 53 2F 53 50 op.gov.it/CPS/SP
0020: 43 6F 6F 70 5F 43 50 53 2E 68 74 6D Coop_CPS.htm
]] ]
]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
]
[5]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: BD 71 AE 3E 75 F2 CC 46 F2 11 5B 48 6C 29 F3 8E .q.>u..F..[Hl)..
0010: 82 09 98 8E ....
]
]
]
Algorithm: [SHA1withRSA]

SerialNumber: [ 01]
Certificate Extensions: 6
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 0B E1 2F 63 C8 02 65 44 1E 00 BD E9 91 8A 43 CE ../c..eD......C.
0010: B3 6F 5E 19 .o^.
]
[CN=SPCoop CA1, OU=Servizi di Sicurezza e Certificazione, O=DigitPA, C=IT]
SerialNumber: [ 01]
]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap://ldapca.spcoop.gov.it/cn%3DSPCoop%20CA1,ou%3DServizi%20di%20sicurezza%20e%20certificazione,o%3DDigitPA,C%3DIT?authorityRevocationList]
]]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.76.16.3.4.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 61 2E 53 50 43 6F .*http://ca.SPCo
0010: 6F 70 2E 67 6F 76 2E 69 74 2F 43 50 53 2F 53 50 op.gov.it/CPS/SP
0020: 43 6F 6F 70 5F 43 50 53 2E 68 74 6D Coop_CPS.htm
]] ]
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[6]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0B E1 2F 63 C8 02 65 44 1E 00 BD E9 91 8A 43 CE ../c..eD......C.
0010: B3 6F 5E 19 .o^.
]
]
]
Algorithm: [SHA1withRSA]
Signature:

***
Found trusted certificate:
[
[
Version: V3
Subject: CN=regionepuglia.spcoop.gov.it, OU=regionepuglia, O=SPCoop, L=Unknown, ST=Unknown, C=IT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus 132618727249398576547024477808858924367105537553637063046075664049606165829826937799440779441085443715757852311051661228801872537170391304848984401153128450313724384093034858857147382765618549007154165424372327503199963670471207807167735896793431454627395348393490603992708106531483375397586992903157954592719
public exponent: 65537
Validity: [From: Tue Oct 09 15:49:47 CEST 2012,
To: Fri Oct 09 16:49:47 CEST 2015]
Issuer: CN=SPCoop CA1, OU=Servizi di Sicurezza e Certificazione, O=DigitPA, C=IT
SerialNumber: [ f4]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 0B E1 2F 63 C8 02 65 44 1E 00 BD E9 91 8A 43 CE ../c..eD......C.
0010: B3 6F 5E 19 .o^.
]
[CN=SPCoop CA1, OU=Servizi di Sicurezza e Certificazione, O=DigitPA, C=IT]
SerialNumber: [ 01]
]
[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap://ldapca2.spcoop.gov.it/cn%3DSPCoop%20CA1,ou%3DServizi%20di%20sicurezza%20e%20certificazione,o%3DDigitPA,C%3DIT?certificateRevocationList]
]]
[3]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.76.16.3.4.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 61 2E 53 50 43 6F .*http://ca.SPCo
0010: 6F 70 2E 67 6F 76 2E 69 74 2F 43 50 53 2F 53 50 op.gov.it/CPS/SP
0020: 43 6F 6F 70 5F 43 50 53 2E 68 74 6D Coop_CPS.htm
]] ]
]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
]
[5]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: BD 71 AE 3E 75 F2 CC 46 F2 11 5B 48 6C 29 F3 8E .q.>u..F..[Hl)..
0010: 82 09 98 8E ....
]
]
]
Algorithm: [SHA1withRSA]
Signature:

*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
[write] MD5 and SHA1 hashes: len = 134
0000: 10 00 00 82 00 80 B0 92 DE FA 46 DC 18 8A FA 3F ..........F....?
0010: AA D1 BE E0 6A 9F E3 0D 45 6A FB FB E1 B0 CC 3E ....j...Ej.....>
0020: 74 89 A0 AD 0C 49 C1 79 E5 23 1F B0 AA 41 73 F6 t....I.y.#...As.
0030: 45 CA ED E4 A3 0E F4 76 46 CE 41 FB 18 FF D2 33 E......vF.A....3
0040: F4 F5 F7 05 80 7F B2 71 BB B8 EF 5D 62 46 C5 49 .......q...]bF.I
0050: 1F 5D 97 FD 23 2D 4B 80 C6 9A 75 DE 7C 76 6F CE .]..#-K...u..vo.
0060: F1 95 27 79 E5 E4 59 60 F4 7D FF 32 4F C9 58 88 ..'y..Y`...2O.X.
0070: 2D AB 76 FD 9E C2 27 51 2B 40 38 2F 75 2A 70 A8 -.v...'Q+@8/u*p.
0080: 9F FE 85 74 9C 19 ...t..
main, WRITE: TLSv1 Handshake, length = 134
[Raw write]: length = 139
0000: 16 03 01 00 86 10 00 00 82 00 80 B0 92 DE FA 46 ...............F
0010: DC 18 8A FA 3F AA D1 BE E0 6A 9F E3 0D 45 6A FB ....?....j...Ej.
0020: FB E1 B0 CC 3E 74 89 A0 AD 0C 49 C1 79 E5 23 1F ....>t....I.y.#.
0030: B0 AA 41 73 F6 45 CA ED E4 A3 0E F4 76 46 CE 41 ..As.E......vF.A
0040: FB 18 FF D2 33 F4 F5 F7 05 80 7F B2 71 BB B8 EF ....3.......q...
0050: 5D 62 46 C5 49 1F 5D 97 FD 23 2D 4B 80 C6 9A 75 ]bF.I.]..#-K...u
0060: DE 7C 76 6F CE F1 95 27 79 E5 E4 59 60 F4 7D FF ..vo...'y..Y`...
0070: 32 4F C9 58 88 2D AB 76 FD 9E C2 27 51 2B 40 38 2O.X.-.v...'Q+@8
0080: 2F 75 2A 70 A8 9F FE 85 74 9C 19 /u*p....t..
SESSION KEYGEN:
PreMaster Secret:
0000: 03 03 5E 36 BB 09 5E 03 97 7F 61 4A 47 A3 A9 10 ..^6..^...aJG...
0010: 01 B4 66 BE 3B C0 2E CF B7 F4 20 A6 A9 64 EE 39 ..f.;..... ..d.9
0020: F5 CA D6 55 91 E5 A8 7B 55 E5 E4 79 51 34 9E 74 ...U....U..yQ4.t
CONNECTION KEYGEN:
Client Nonce:
0000: 55 63 4D 18 B7 4A 8A 1E 94 3F C9 4B 2D 3E EC 61 UcM..J...?.K->.a
0010: 69 4D 2B 02 A5 29 EC 42 88 C7 45 DA 33 DE A0 AD iM+..).B..E.3...
Server Nonce:
0000: 55 63 4D 16 FD 2D 24 0C 63 46 70 A4 E7 83 CC 37 UcM..-$.cFp....7
0010: 79 11 24 F8 58 C8 E1 6D 0D 9D 58 77 FA FE 05 8D y.$.X..m..Xw....
Master Secret:
0000: 7E B7 46 B7 05 03 33 54 F0 90 85 F5 72 36 AF 0E ..F...3T....r6..
0010: 56 76 82 8E CE 79 CA 6D 63 94 00 49 89 34 54 6C Vv...y.mc..I.4Tl
0020: E0 06 CD AE 5D 89 3B 77 5B C0 36 4A F5 09 A9 05 ....].;w[.6J....
Client MAC write Secret:
0000: 3F 61 6A 32 17 24 69 5C D0 65 46 71 17 6F 49 D0 ?aj2.$i\.eFq.oI.
0010: 69 6A E9 93 ij..
Server MAC write Secret:
0000: BF 56 23 2C F4 8D B2 38 3F D7 D9 66 D3 B4 7E 58 .V#,...8?..f...X
0010: 93 42 43 86 .BC.
Client write key:
0000: E6 EF BB 72 42 C4 FA 9D 07 55 D0 B0 E5 C6 5B 15 ...rB....U....[.
0010: 89 C1 0D 5F 51 42 C0 5A 2B 16 A1 49 69 00 13 14 ..._QB.Z+..Ii...
Server write key:
0000: 7C 6B 06 B8 1F 7D 1D 8E F9 C8 DC CE B1 69 C3 80 .k...........i..
0010: 66 F1 2E FE 34 CD 55 C2 DE 15 0A 24 7F 5D BD 3F f...4.U....$.].?
Client write IV:
0000: CF FC 8E D5 D0 7E 70 21 38 2C 6D 03 2D 03 80 A8 ......p!8,m.-...
Server write IV:
0000: 4A 2A 03 05 96 AC 85 93 9A D9 26 CD 32 8A 74 BF J*........&.2.t.
main, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 237, 199, 24, 108, 153, 108, 61, 88, 201, 55, 157, 18 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C ED C7 18 6C 99 6C 3D 58 C9 37 9D 12 .......l.l=X.7..
Padded plaintext before ENCRYPTION: len = 48
0000: 14 00 00 0C ED C7 18 6C 99 6C 3D 58 C9 37 9D 12 .......l.l=X.7..
0010: D0 E6 5D 93 43 CE CE E7 58 F1 9A 99 EA 81 8C 17 ..].C...X.......
0020: 4C 37 EC 44 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B L7.D............
main, WRITE: TLSv1 Handshake, length = 48
[Raw write]: length = 53
0000: 16 03 01 00 30 6A 2C 11 84 25 E5 6B AA A5 E0 96 ....0j,..%.k....
0010: C9 FA CB C7 16 AF 57 FD 31 BC A3 3E 4A 09 1A 53 ......W.1..>J..S
0020: 19 69 92 AB 63 3D 75 38 EA 44 33 FC F7 A6 65 51 .i..c=u8.D3...eQ
0030: 84 E8 77 6E 44 ..wnD
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at test.TestWs.main(TestWs.java:261)

由于javax.net完整调试消息太长，我不能在这里发布；如果您需要，可以在此处找到：

注意：此链接仅在10天内处于活动状态。

请尝试在JDK7安装中对jdk/jre/lib/security/java.security中的jdk.tls.disabledAlgorithms进行注释。

您看到了吗答案：问题发生在服务器端，请查看那里有关问题（日志、stderr…）的详细信息。由于该问题在握手过程中出现得很晚，并且没有使用DH或ECDH密码，因此可能与密码或协议版本或证书问题无关。与论坛网站不同，我们不使用“感谢”或“感谢任何帮助”或签名。请参阅“@SteffenUllrich IMHO我不认为问题出在服务器端；如果问题出在服务器端，那么问题应该在JDK 1.5和JDK 1.4中出现（我尝试了JDK 1.4，所有这些都工作得很好）；它只在JDK>=1.7时出现（我没有检查JDK 1.6）@JohnSaunders OK；我将查看链接；我没有看到这些规则