Java SSLHandshakeException:没有通用密码套件-spray can SSL配置_Java_Https_Ssl Certificate_Spray_Sslhandshakeexception

Java SSLHandshakeException:没有通用密码套件-spray can SSL配置

java https

Java SSLHandshakeException:没有通用密码套件-spray can SSL配置,java,https,ssl-certificate,spray,sslhandshakeexception,Java,Https,Ssl Certificate,Spray,Sslhandshakeexception,我正在尝试安装我从Comodo为我的域获得的SSL证书，但得到了一个 SSLHandshakeException:没有通用的密码套件我已经通读了关于这个主题的多个问题，但没有一个建议的答案对我有帮助科摩多提供了四份证书： AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt STAR_示例_com.crt 我正在Dockerfile中设置服务器，以将问题

我正在尝试安装我从Comodo为我的域获得的SSL证书，但得到了一个

SSLHandshakeException:没有通用的密码套件

我已经通读了关于这个主题的多个问题，但没有一个建议的答案对我有帮助

科摩多提供了四份证书：

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
STAR_示例_com.crt

我正在Dockerfile中设置服务器，以将问题与本地开发环境隔离开来：

from google/debian:wheezy
# Server binary and certificates are copied in before this
RUN apt-get update && apt-get install -y openjdk-7-jre
ADD UnlimitedJCEPolicyJDK7.zip /
RUN unzip UnlimitedJCEPolicyJDK7.zip && cp UnlimitedJCEPolicy/*.jar /usr/lib/jvm/java-1.7.0-openjdk-amd64/jre/lib/security/
RUN keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore /example.com.jks -storepass changeit -noprompt
RUN keytool -import -trustcacerts -alias int-1 -file COMODORSAAddTrustCA.crt -keystore /example.com.jks  -storepass changeit -noprompt
RUN keytool -import -trustcacerts -alias int-2 -file COMODORSADomainValidationSecureServerCA.crt -keystore /example.com.jks  -storepass changeit -noprompt
RUN keytool -import -trustcacerts -alias mykey -file STAR_example_com.crt -keystore /example.com.jks  -storepass changeit -noprompt

Docker中keytool命令的输出：

Step 10 : RUN keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore /example.com.jks -storepass changeit -noprompt
 ---> Running in 949afa47c891
Certificate was added to keystore
 ---> 1df5ff85c32a
Removing intermediate container 949afa47c891
Step 11 : RUN keytool -import -trustcacerts -alias int-1 -file COMODORSAAddTrustCA.crt -keystore /example.com.jks  -storepass changeit -noprompt
 ---> Running in 6cc802ee61f9
Certificate was added to keystore
 ---> f6eee577e7d5
Removing intermediate container 6cc802ee61f9
Step 12 : RUN keytool -import -trustcacerts -alias int-2 -file COMODORSADomainValidationSecureServerCA.crt -keystore /example.com.jks  -storepass changeit -noprompt
 ---> Running in 22e6bc1e70a6
Certificate was added to keystore
 ---> d7a0472a9e1f
Removing intermediate container 22e6bc1e70a6
Step 13 : RUN keytool -import -trustcacerts -alias mykey -file STAR_example_com.crt -keystore /example.com.jks  -storepass changeit -noprompt
 ---> Running in 9a812b1182ca
Certificate was added to keystore

假设最后一条“证书已添加到密钥库”消息应为“证书回复已安装在密钥库中”。在安装域证书时，我应该做些什么

Spray中的SSL配置如下所示：

trait SslConfiguration {
  implicit def sslContext: SSLContext = {
    val password = "changeit"
    val keyStoreResource = "/example.com.jks"

    val keyStore = KeyStore.getInstance("jks")
    keyStore.load(new FileInputStream(keyStoreResource), password.toCharArray)
    val keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm)
    keyManagerFactory.init(keyStore, password.toCharArray)
    val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm)
    trustManagerFactory.init(keyStore)
    val context = SSLContext.getInstance("TLS")

    context.init(keyManagerFactory.getKeyManagers, null, new SecureRandom)
    context
  }

  implicit def sslEngineProvider: ServerSSLEngineProvider = {
    ServerSSLEngineProvider { engine =>
      engine.setEnabledCipherSuites(Array("TLS_RSA_WITH_AES_256_CBC_SHA"))
      engine.setEnabledProtocols(Array("SSLv3", "TLSv1"))
      engine
    }
  }
}

服务器启动：

object Server extends SimpleRoutingApp with SprayJsonSupport with SslConfiguration {
  def apply(config: Configuration, router: ActorRef)(implicit actorSystem: ActorSystem) = {
    val settings = ServerSettings(actorSystem).copy(sslEncryption = true)
    startServer("0.0.0.0", config.notifyPort, serviceActorName = "notify-server", settings = Some(settings)) {
      path("ping") {
        complete("OK")
      }
    }
  }
}

握手调试输出：

卷曲

使用SSLEngineImpl。
使用SSLEngineImpl。
使用SSLEngineImpl。
使用SSLEngineImpl。
允许不安全的重新协商：false
允许旧版hello消息：true
第一次握手是否正确
是否安全重新谈判：错误
忽略不支持的密码套件：TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
忽略不支持的密码套件：TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
忽略不支持的密码套件：TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello
忽略不支持的密码套件：TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
忽略不支持的密码套件：TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
忽略不支持的密码套件：TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello
忽略不支持的密码套件：TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv2Hello
忽略不支持的密码套件：TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
忽略不支持的密码套件：TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
忽略不支持的密码套件：TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
忽略不支持的密码套件：TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
忽略不支持的密码套件：TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
忽略不支持的密码套件：TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
忽略不支持的密码套件：TLS_DHE_DSS_WITH_AES_256_CBC_SHA256用于TLSv1
忽略不支持的密码套件：TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
忽略不支持的密码套件：TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
忽略不支持的密码套件：TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
忽略不支持的密码套件：TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
忽略不支持的密码套件：TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
忽略不支持的密码套件：TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
忽略不支持的密码套件：TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
[原始读取]：长度=5
0000:16030100 BF。。。。。
[原始读取]：长度=191
0000:01 00 00 BB 03 55 9C 69 B9 0E 94 CA 61 A4 3C…U.i…a<
0010:95 0B A5 81 B6 BA D4 90 3D 4B 8C 4E BB 35 17 8F……..=K.N.5。。
0020:19 9E B6 D0 2E BB 00 00 5E 00 FF C0 24 C0 23 C0……。^…$。
0030:0A C0 09 C0 07 C0 08 C0 28 C0 27 C0 14 C0 13 C0…….（.....）。。。。。
0040:11 C0 12 C0 26 C0 25 C0 2A C0 29 C0 05 C0 04 C0…..&.%.*）。。。。。
0050:02 C0 03 C0 0F C0 0E C0 0C C0 0D 00 3D 00 3C 00………..。我遇到了完全相同的问题，这是由于缺少Java加密扩展。您可以从这里下载并安装它
通常，JDK（不是JRE）附带一些已经安装的库。
当我随后在密钥库中安装证书和私钥时，问题得到了解决。我遵循的说明假定此步骤已经完成。
对我来说，这是由于使用了错误的密钥库造成的
我在同一个应用程序中有两个模块，另一个模块根据自己的喜好初始化了javax.net.ssl，然后抛出上面列出的异常的部分才开始工作
一旦javax.net.ssl初始化一次，更改密钥和信任库系统属性将不再影响任何事情
我通过将-Djavax.net.debug=ssl放入原始的应用程序服务器命令行调用中来解决这个问题，以确保在轮到其他人之前设置了该选项。然后你可以在STDOUT上看到谁初始化了存储以及使用了什么。
可能会有所帮助-我的local_policy.jar对加密算法没有任何限制，很遗憾，这对我没有帮助。引发的异常在哪里？在客户端或服务器端。服务器端。我仅尝试通过浏览器或curl进行连接。默认的local\u policy.jar受到限制。所以如果你没有，你应该换掉它。最后不是这个。这与我如何设置密钥库有关。我没有正确安装私钥+证书
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
[Raw read]: length = 5
0000: 16 03 01 00 BF                                     .....
[Raw read]: length = 191
0000: 01 00 00 BB 03 03 55 9C   69 B9 0E 94 CA 61 A4 3C  ......U.i....a.<
0010: 95 0B A5 81 B6 BA D4 90   3D 4B 8C 4E BB 35 17 8F  ........=K.N.5..
0020: 19 9E B6 D0 2E BB 00 00   5E 00 FF C0 24 C0 23 C0  ........^...$.#.
0030: 0A C0 09 C0 07 C0 08 C0   28 C0 27 C0 14 C0 13 C0  ........(.'.....
0040: 11 C0 12 C0 26 C0 25 C0   2A C0 29 C0 05 C0 04 C0  ....&.%.*.).....
0050: 02 C0 03 C0 0F C0 0E C0   0C C0 0D 00 3D 00 3C 00  ............=.<.
0060: 2F 00 05 00 04 00 35 00   0A 00 67 00 6B 00 33 00  /.....5...g.k.3.
0070: 39 00 16 00 AF 00 AE 00   8D 00 8C 00 8A 00 8B 00  9...............
0080: B1 00 B0 00 2C 00 3B 01   00 00 34 00 00 00 0E 00  ....,.;...4.....
0090: 0C 00 00 09 6C 6F 63 61   6C 68 6F 73 74 00 0A 00  ....localhost...
00A0: 08 00 06 00 17 00 18 00   19 00 0B 00 02 01 00 00  ................
00B0: 0D 00 0C 00 0A 05 01 04   01 02 01 04 03 02 03     ...............
notify-server-akka.actor.default-dispatcher-6, READ: TLSv1 Handshake, length = 191
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1419536569 bytes = { 14, 148, 202, 97, 164, 60, 149, 11, 165, 129, 182, 186, 212, 144, 61, 75, 140, 78, 187, 53, 23, 143, 25, 158, 182, 208, 46, 187 }
Session ID:  {}
Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA384, TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_256_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_RC4_128_SHA, TLS_PSK_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_NULL_SHA384, TLS_PSK_WITH_NULL_SHA256, TLS_PSK_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256]
Compression Methods:  { 0 }
Extension server_name, server_name: [host_name: localhost]
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA384withRSA, SHA256withRSA, SHA1withRSA, SHA256withECDSA, SHA1withECDSA
***
[read] MD5 and SHA1 hashes:  len = 191
0000: 01 00 00 BB 03 03 55 9C   69 B9 0E 94 CA 61 A4 3C  ......U.i....a.<
0010: 95 0B A5 81 B6 BA D4 90   3D 4B 8C 4E BB 35 17 8F  ........=K.N.5..
0020: 19 9E B6 D0 2E BB 00 00   5E 00 FF C0 24 C0 23 C0  ........^...$.#.
0030: 0A C0 09 C0 07 C0 08 C0   28 C0 27 C0 14 C0 13 C0  ........(.'.....
0040: 11 C0 12 C0 26 C0 25 C0   2A C0 29 C0 05 C0 04 C0  ....&.%.*.).....
0050: 02 C0 03 C0 0F C0 0E C0   0C C0 0D 00 3D 00 3C 00  ............=.<.
0060: 2F 00 05 00 04 00 35 00   0A 00 67 00 6B 00 33 00  /.....5...g.k.3.
0070: 39 00 16 00 AF 00 AE 00   8D 00 8C 00 8A 00 8B 00  9...............
0080: B1 00 B0 00 2C 00 3B 01   00 00 34 00 00 00 0E 00  ....,.;...4.....
0090: 0C 00 00 09 6C 6F 63 61   6C 68 6F 73 74 00 0A 00  ....localhost...
00A0: 08 00 06 00 17 00 18 00   19 00 0B 00 02 01 00 00  ................
00B0: 0D 00 0C 00 0A 05 01 04   01 02 01 04 03 02 03     ...............
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
notify-server-akka.actor.default-dispatcher-6, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
notify-server-akka.actor.default-dispatcher-6, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
notify-server-akka.actor.default-dispatcher-6, WRITE: TLSv1.2 Alert, length = 2
notify-server-akka.actor.default-dispatcher-6, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
[ERROR] [07/08/2015 00:07:22.230] [notify-server-akka.actor.default-dispatcher-6] [akka://notify-server/user/IO-HTTP/listener-0/0] Aborting encrypted connection to 10.0.2.2/10.0.2.2:50790 due to [SSLHandshakeException:no cipher suites in common] -> [SSLHandshakeException:no cipher suites in common]