javax.net.ssl.SSLHandshakeException:收到致命警报：握手失败

我在

server.xml

中有以下连接器配置：

<Connector SSLEnabled="true" clientAuth="true"
        keystoreFile="${user.home}/kstore.jks" keystorePass="1234567"
        maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
        scheme="https" secure="true" 
        trustStoreFile="${user.home}/truststore" trustStorePass="1234567" 
        sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
        />

但当我用客户端点击HTTPS URL时，我得到以下握手异常：

keyStore is : C:\kstore.jks
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: C:\truststore
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
Subject: CN=CA, OU=AA, O=AA
Issuer:  CN=CA
Algorithm: RSA; Serial number: 0x1
Valid from Mon Sep 07 15:43:29 IST 2015 until Tue Sep 06 15:43:29 IST 2016

adding as trusted cert:
Subject: CN=Server, OU=AA, O=AA
Issuer:  CN=CA
Algorithm: RSA; Serial number: 0x1
Valid from Mon Sep 07 15:41:25 IST 2015 until Tue Sep 06 15:41:25 IST 2016

adding as trusted cert:
Subject: CN=CAroot, OU=AA, O=AA
Issuer:  CN=CA
Algorithm: RSA; Serial number: 0x1
Valid from Mon Sep 07 15:42:33 IST 2015 until Tue Sep 06 15:42:33 IST 2016

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
Ignoring disabled protocol: SSLv3
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1424914489 bytes = { 135, 3, 105, 154, 35, 164, 247,   246, 152, 195, 40, 99, 91, 75, 72, 93, 101, 43, 206, 224, 67, 22, 8, 132, 59, 187, 48, 100 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
***
[write] MD5 and SHA1 hashes:  len = 179
0000: 01 00 00 AF 03 03 55 EE   78 39 87 03 69 9A 23 A4  ......U.x9..i.#.
0010: F7 F6 98 C3 28 63 5B 4B   48 5D 65 2B CE E0 43 16  ....(c[KH]e+..C.
0020: 08 84 3B BB 30 64 00 00   2A C0 09 C0 13 00 2F C0  ..;.0d..*...../.
0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........
0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................
0050: 04 00 FF 01 00 00 5C 00   0A 00 34 00 32 00 17 00  ......\...4.2...
0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................
0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................
0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................
0090: 0B 00 02 01 00 00 0D 00   1A 00 18 06 03 06 01 05  ................
00A0: 03 05 01 04 03 04 01 03   03 03 01 02 03 02 01 02  ................
00B0: 02 01 01                                           ...
main, WRITE: TLSv1.2 Handshake, length = 179
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received       fatal alert: handshake_failure
Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://10.137.235.128:8443/multipart-http/inboundAdapter.htm":Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:580)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:530)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:448)
at org.springframework.integration.samples.multipart.MultipartRestGetClient.callForMultipartPush(MultipartRestGetClient.java:216)
at org.springframework.integration.samples.multipart.MultipartRestGetClient.callClient(MultipartRestGetClient.java:121)
at org.springframework.integration.samples.multipart.MultipartRestGetClient.main(MultipartRestGetClient.java:103)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:81)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:569)
... 5 more

---

我已经在不同的论坛中添加了类似情况下支持的密码套件，但仍然出现此错误。

您可能需要安装。

您的客户端日志显示其

c:\kstore.jks

中没有私钥和证书链，这意味着它将无法按照服务器配置的要求进行客户端身份验证，但你的错误就发生在那之前。也许你在服务器上也做了同样的事情？如果Java/JSSE服务器被赋予一个没有私钥和证书链的密钥库，它就不能执行任何经过身份验证的套件，而JSSE客户端默认情况下不会（也不应该）执行未经身份验证的套件，因此服务器会以警报40的方式次优地失败握手。检查服务器“kstore.jks”，确保它包含私钥和证书链。服务器上显示了什么错误？如果您不能提供服务器端错误，您的问题将不予回答。您需要确保服务器上启用的密码至少包括客户机在

ClientHello

的

Cipher Suites

部分发送的一个密码：我不打算涉猎所有这些。注意，这与我无关。

keyStore is : C:\kstore.jks
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: C:\truststore
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
Subject: CN=CA, OU=AA, O=AA
Issuer:  CN=CA
Algorithm: RSA; Serial number: 0x1
Valid from Mon Sep 07 15:43:29 IST 2015 until Tue Sep 06 15:43:29 IST 2016

adding as trusted cert:
Subject: CN=Server, OU=AA, O=AA
Issuer:  CN=CA
Algorithm: RSA; Serial number: 0x1
Valid from Mon Sep 07 15:41:25 IST 2015 until Tue Sep 06 15:41:25 IST 2016

adding as trusted cert:
Subject: CN=CAroot, OU=AA, O=AA
Issuer:  CN=CA
Algorithm: RSA; Serial number: 0x1
Valid from Mon Sep 07 15:42:33 IST 2015 until Tue Sep 06 15:42:33 IST 2016

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
Ignoring disabled protocol: SSLv3
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1424914489 bytes = { 135, 3, 105, 154, 35, 164, 247,   246, 152, 195, 40, 99, 91, 75, 72, 93, 101, 43, 206, 224, 67, 22, 8, 132, 59, 187, 48, 100 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
***
[write] MD5 and SHA1 hashes:  len = 179
0000: 01 00 00 AF 03 03 55 EE   78 39 87 03 69 9A 23 A4  ......U.x9..i.#.
0010: F7 F6 98 C3 28 63 5B 4B   48 5D 65 2B CE E0 43 16  ....(c[KH]e+..C.
0020: 08 84 3B BB 30 64 00 00   2A C0 09 C0 13 00 2F C0  ..;.0d..*...../.
0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........
0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................
0050: 04 00 FF 01 00 00 5C 00   0A 00 34 00 32 00 17 00  ......\...4.2...
0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................
0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................
0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................
0090: 0B 00 02 01 00 00 0D 00   1A 00 18 06 03 06 01 05  ................
00A0: 03 05 01 04 03 04 01 03   03 03 01 02 03 02 01 02  ................
00B0: 02 01 01                                           ...
main, WRITE: TLSv1.2 Handshake, length = 179
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received       fatal alert: handshake_failure
Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://10.137.235.128:8443/multipart-http/inboundAdapter.htm":Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:580)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:530)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:448)
at org.springframework.integration.samples.multipart.MultipartRestGetClient.callForMultipartPush(MultipartRestGetClient.java:216)
at org.springframework.integration.samples.multipart.MultipartRestGetClient.callClient(MultipartRestGetClient.java:121)
at org.springframework.integration.samples.multipart.MultipartRestGetClient.main(MultipartRestGetClient.java:103)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:81)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:569)
... 5 more