JDK 11.0.610中的SSLHandshake错误,但在Java8中可以正常工作
比较了cacerts文件并更新了JDK11,但缺少证书。无帮助。 甚至尝试使用-Djavax.net.ssl.trustStore选项从java8加载cacert文件 这里是错误,我使用的是-Djavax.net.debug=ssl:handshake参数。从Java8迁移到JDK11时需要记住什么JDK 11.0.610中的SSLHandshake错误,但在Java8中可以正常工作,java,ssl,Java,Ssl,比较了cacerts文件并更新了JDK11,但缺少证书。无帮助。 甚至尝试使用-Djavax.net.ssl.trustStore选项从java8加载cacert文件 这里是错误,我使用的是-Djavax.net.debug=ssl:handshake参数。从Java8迁移到JDK11时需要记住什么 javax.net.ssl|DEBUG|1B|https-jsse-nio-443-exec-9|2020-09-10 12:57:42.782 PDT|Alert.java:238|Receive
javax.net.ssl|DEBUG|1B|https-jsse-nio-443-exec-9|2020-09-10 12:57:42.782 PDT|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|ERROR|1B|https-jsse-nio-443-exec-9|2020-09-10 12:57:42.797 PDT|TransportContext.java:312|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:291)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:180)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at com.okta.commons.http.httpclient.HttpClientRequestExecutor.executeRequest(HttpClientRequestExecutor.java:186) at com.okta.commons.http.RetryRequestExecutor.doExecuteRequest(RetryRequestExecutor.java:147)
at com.okta.commons.http.RetryRequestExecutor.executeRequest(RetryRequestExecutor.java:120)
at com.okta.sdk.impl.ds.DefaultDataStore.execute(DefaultDataStore.java:443)
at com.okta.sdk.impl.ds.DefaultDataStore.lambda$getResourceData$1(DefaultDataStore.java:196)
at com.okta.sdk.impl.ds.DefaultFilterChain.filter(DefaultFilterChain.java:47)
at com.okta.sdk.impl.ds.cache.WriteCacheFilter.filter(WriteCacheFilter.java:34)
at com.okta.sdk.impl.ds.DefaultFilterChain.filter(DefaultFilterChain.java:52)
at com.okta.sdk.impl.ds.cache.ReadCacheFilter.filter(ReadCacheFilter.java:42)
at com.okta.sdk.impl.ds.DefaultFilterChain.filter(DefaultFilterChain.java:52)
at com.okta.sdk.impl.ds.DefaultDataStore.getResourceData(DefaultDataStore.java:208)
at com.okta.sdk.impl.ds.DefaultDataStore.getResource(DefaultDataStore.java:177)
at com.okta.sdk.impl.client.DefaultClient.listUsers(DefaultClient.java:2244)
at org.sutterhealth.accountlinker.service.okta.OktaService.getUserByGuid(OktaService.java:104)
at org.sutterhealth.accountlinker.web.controller.ValidateController.validateAndRedirect(ValidateController.java:59)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:878)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:792)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:92)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:109)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)}
)
javax.net.ssl|DEBUG|1B|https-jsse-nio-443-exec-9|2020-09-10 12:57:42.797 PDT|SSLSocketImpl.java:1360|close the underlying socket
javax.net.ssl|DEBUG|1B|https-jsse-nio-443-exec-9|2020-09-10 12:57:42.797 PDT|SSLSocketImpl.java:1379|close the SSL connection (initiative)
Extension: psk_key_exchange_modes (len=2)
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
Extension: key_share (len=71)
Type: key_share (51)
Length: 71
Key Share extension
javax.net.ssl | INFO | 16 | https-jsse-nio-443-exec-4 | 2020-09-14 09:27:29.814 PDT | AlpnExtension.java:161 |没有可用的应用程序协议
javax.net.ssl | DEBUG | 16 | https-jsse-nio-443-exec-4 | 2020-09-14 09:27:29.814 PDT | SSLExtensions.java:257 |忽略,上下文不可用扩展:应用程序层|协议|
javax.net.ssl | DEBUG | 16 | https-jsse-nio-443-exec-4 | 2020-09-14 09:27:29.814 PDT | SSLExtensions.java:257 |忽略,上下文不可用扩展名:cookie
javax.net.ssl | DEBUG | 16 | https-jsse-nio-443-exec-4 | 2020-09-14 09:27:29.814 PDT | SSLExtensions.java:257 |忽略,上下文不可用扩展:重新协商|
javax.net.ssl | DEBUG | 16 | https-jsse-nio-443-exec-4 | 2020-09-14 09:27:29.814 PDT | PreSharedKeyExtension.java:633 |无需恢复会话。
javax.net.ssl | DEBUG | 16 | https-jsse-nio-443-exec-4 | 2020-09-14 09:27:29.814 PDT | SSLExtensions.java:257 |忽略,上下文不可用扩展:pre|u共享|
javax.net.ssl | DEBUG | 16 | https-jsse-nio-443-exec-4 | 2020-09-14 09:27:29.829 PDT | ClientHello.java:653 |生成的ClientHello握手消息(
“ClientHello”:{
“客户端版本”:“TLSv1.2”,
“随机”:“4A 90 84 06 22 50 AA 16 13 00 5E E2 66 42 55 CF 18 C2 AB A9 39 97 17 C3 C3 C1 7F 47 7B 41 91 D3”,
“会话id:“AF 3A 8B 45 00 7B 4E 37 77 DD 7C F5 50 D7 90 8B 50 6B 0D 18 0B FB 3B 25 D4 5A 93 57 40 A 87 15”,
“密码套件”是以下几类密码的“密码套件”:以下是“[TLS(1.0x1301)、TLS(0.1302)、TLS(0.1302)、TLS(0.1302)、TLS(10.8)和TLS(10.8)AES(8.8)AES(10.13万1)、TLS(8.8)AES(8)AES(8)AES(8)AES(8)AES(8)AES(10.256)AES(8)AES(8)AES(0.256)AES(8)AES(8)AES)U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U-256-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-U-AES 256 GCM SHA384(0xC02E)(0xC032),他们的研究所用的RSA(含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含含TLS_ECDH_RSA_,带AES_128_GCM_SHA256(0xC031)(0x009E)是这样的,他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教是他们的宗教信仰是他们的宗教是他们的宗教是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教信仰是他们的宗教是他们的宗教是他们的宗教128带AES的TLS\U ECDH\U RSA\U 256\U CBC\U SHA384(0xC02A)(0x006B B),他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用256用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用256用他们用他们用他们用256用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用256用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们DH_RSA_与_AES_256_CBC_SHA(0xC00F),TLS_DHE_RSA_与_AES_256_CBC_SHA(0x0039)(0x0038)8个,他们的宗教信仰和他们的宗教信仰和他们的宗教信仰和他们的宗教信仰和他们的DSA和他们的宗教信仰和他们的宗教信仰和他们的宗教信仰和他们的宗教信仰和128个128个128个CBC的CBC的SHA256(0xC023)(0x0038 8(0x0038(0x0038.0038 8 8 8 8 8 8 8 0 0 8)沙(0x0038 8 8),他们的宗教信仰他们的宗教信仰和他们的宗教信仰和他们的ECDSAA和他们的数字数字签名和他们的数字签名和他们的数字签名和他们的数字签名和他们的数字签名和带有他们的数字签名和他们的数字签名和他们的数字签名和他们的宗教和他们的宗教信仰和他们的宗教信仰和他们的宗教和他们的宗教信仰和他们的宗教信仰和他们的宗教和他们的宗教和他们的宗教和他们的宗教信仰和他们的宗教信仰和他们的宗教和他们的宗教信仰和他们的宗教信仰和他们的宗教和他们的宗教和他们U DHE_RSA_与_AES_128_CBC_SHA256(0x0067)(0x0040 40),他们的宗教信仰和他们的宗教信仰和他们的宗教信仰和他们的宗教信仰和他们的ECDSA和他们的宗教信仰和他们的ECDSA和他们的宗教信仰和他们的宗教信仰和128和128和他们的128和他们的128和他们的CBC的长沙(0xC009)(0xC040(0xC040(0xC013)(0xC010(0xC013)(40 40 40 4040 40 40 40 40 40 40 40 40 40 40 40 40 40),他们的)、他们的宗教信仰和他们的宗教信仰和他们的宗教信仰和他们的宗教信仰和他们的宗教信仰和他们的宗教信仰和他们的ECDSAA和他们的ECDSAA和他们的ECDSAA和他们的ECDSAA和他们的ECDSAA和他们和他们的ECDSA和他们和他们的DSA和他们和他们的数字签名和他们和他们的宗教信仰和他们的宗教信仰和他们的他们的宗教和他们的他们的宗教信仰和他们的宗教和他们的他们的宗教信仰和他们的宗教和他们e_RSA_与AES_128_CBC_SHA(0x0033),TLS_DHE_DSS_与AES_128_CBC_SHA(0x0032),TLS_EMPTY_regotiation_INFO_SCSV(0x00FF)]“,
“压缩方法”:“00”,
“扩展”:[
“服务器名称(0)”:{
类型=主机名(0),值=xxxxxx.okta.com
},
“状态请求(5)”:{
“证书状态类型”:ocsp
“OCSP状态请求”:{
“响应者id”:
“请求扩展”:{
}
}
},
“受支持的_组(10)”:{
“版本”:[secp256r1、secp384r1、secp521r1、ffdhe2048、ffdhe3072、ffdhe4096、ffdhe6144、ffdhe8192]
},
“ec_point_格式(11)”:{
“格式”:[未压缩]
},
“签名算法(13)”:{
“签名方案”是以下“签名方案”的“签名方案::[ecdsa我们的签名方案:[ecdsa我们的SecP2561 1我们的sha256,ecdsa我们的SecP521我们的sha512,ecdsa我们的ecdsa我们的Secp22我们的Secp2p2p2561我们的签名是256,ecdsa我们的ecdsa我们的SecP我们的Secp2281我们的sha512,ecdsa我们的SecP521我们的SecP521我们的sha512,rsa我们的pss我们的pss我们的S我们的S我们的S我们的S我们的S我们的S我们的S我们的S我们的S我们的S我们的Sa512,sha512,sha512,sha512,rsa我们的Sa512,rsa的S我们的S我们的S我们的S我们的S我们的S我们的S我们的SecP5P5P5P5P5P5P5P5P5P521我们的Secp51511我们的S我们的S我们的Secp511我们的SecP5P5P5_sha1]
},
“签名证书(50)”:{
“签名方案”是以下“签名方案”的“签名方案::[ecdsa我们的签名方案:[ecdsa我们的SecP2561 1我们的sha256,ecdsa我们的SecP521我们的sha512,ecdsa我们的ecdsa我们的Secp22我们的Secp2p2p2561我们的签名是256,ecdsa我们的ecdsa我们的SecP我们的Secp2281我们的sha512,ecdsa我们的SecP521我们的SecP521我们的sha512,rsa我们的pss我们的pss我们的S我们的S我们的S我们的S我们的S我们的S我们的S我们的S我们的S我们的S我们的Sa512,sha512,sha512,sha512,rsa我们的Sa512,rsa的S我们的S我们的S我们的S我们的S我们的S我们的S我们的SecP5P5P5P5P5P5P5P5P5P521我们的Secp51511我们的S我们的S我们的Secp511我们的SecP5P5P5_sha1]
},
“状态请求2(17)”:{
“证书状态请求”:{
“证书状态类型”:ocsp_multi
“OCSP状态请求”:{
“响应者id”:
“请求扩展”:{
}
}
}
},
“扩展的秘密(23)”:{
},
“受支持的_版本(43)”:{
“版本”:[TLSv1.3、TLSv1.2、TLSv1.1、TLSv1]
},
“psk密钥交换模式(45)”:{
“KEU模式”:[psk_dhe_ke]
},
“关键股份(51)”:{
“客户股份”:[
{
“命名组”:secp256r1
“密钥交换”:{
0000:04 3B B3 A1 E8 30 E8 AA 5D 8D E1 C1 DB 07 75 1C;…0…]…u。
0010:D4 F6 48 29 31 B8 FC BD A9 B1 56 86 57
javax.net.ssl|INFO|16|https-jsse-nio-443-exec-4|2020-09-14 09:27:29.814 PDT|AlpnExtension.java:161|No available application protocols
javax.net.ssl|DEBUG|16|https-jsse-nio-443-exec-4|2020-09-14 09:27:29.814 PDT|SSLExtensions.java:257|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|16|https-jsse-nio-443-exec-4|2020-09-14 09:27:29.814 PDT|SSLExtensions.java:257|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|16|https-jsse-nio-443-exec-4|2020-09-14 09:27:29.814 PDT|SSLExtensions.java:257|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|16|https-jsse-nio-443-exec-4|2020-09-14 09:27:29.814 PDT|PreSharedKeyExtension.java:633|No session to resume.
javax.net.ssl|DEBUG|16|https-jsse-nio-443-exec-4|2020-09-14 09:27:29.814 PDT|SSLExtensions.java:257|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|16|https-jsse-nio-443-exec-4|2020-09-14 09:27:29.829 PDT|ClientHello.java:653|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "4A 90 84 06 22 50 AA 16 13 00 5E E2 66 42 55 CF 18 C2 AB A9 39 97 17 C3 C3 C1 7F 47 7B 41 91 D3",
"session id" : "AF 3A 8B 45 00 7B 4E 37 77 DD 7C F5 50 D7 90 8B 50 6B 0D 18 0B FB 3B 25 D4 5A 93 57 40 0A 87 15",
"cipher suites" : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=xxxxxx.okta.com
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": secp256r1
"key_exchange": {
0000: 04 3B B3 A1 E8 30 E8 AA 5D 8D E1 C1 DB 07 75 1C .;...0..].....u.
0010: D4 F6 48 29 31 B8 FC BD A9 B1 56 86 57 99 76 7C ..H)1.....V.W.v.
0020: A6 D0 62 56 AC BA D3 1A 29 09 2B 46 F6 0B CC A7 ..bV....).+F....
0030: E6 BE FB C3 C7 84 E2 6F 77 97 9F 27 FB 39 1C 8D .......ow..'.9..
0040: 5C
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|16|https-jsse-nio-443-exec-4|2020-09-14 09:27:29.845 PDT|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|ERROR|16|https-jsse-nio-443-exec-4|2020-09-14 09:27:29.861 PDT|TransportContext.java:312|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:291)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:180)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)