Java SSLSocketImpl.startHandshake()在恢复缓存会话时抛出sslHakeException/eofeException
正在使用Apache FTPSClient列出文件(字符串) 在恢复SSL会话,然后从Apache FTPSClient代码调用sslSocketImpl.startHandshake()后,应用程序有时会崩溃 我将javax.net.debug设置为打印ssl信息。。。 setProperty(“javax.net.debug”、“all”) 这就是我得到的Java SSLSocketImpl.startHandshake()在恢复缓存会话时抛出sslHakeException/eofeException,java,ssl,apache-commons,ftps,Java,Ssl,Apache Commons,Ftps,正在使用Apache FTPSClient列出文件(字符串) 在恢复SSL会话,然后从Apache FTPSClient代码调用sslSocketImpl.startHandshake()后,应用程序有时会崩溃 我将javax.net.debug设置为打印ssl信息。。。 setProperty(“javax.net.debug”、“all”) 这就是我得到的 %% Client cached [Session-3, SSL_RSA_WITH_3DES_EDE_CBC_SHA] %% Try r
%% Client cached [Session-3, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
%% Try resuming [Session-3, SSL_RSA_WITH_3DES_EDE_CBC_SHA] from port 4149
*** ClientHello, TLSv1
....
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
main, called closeSocket()
[Mon Aug 30 17:41:52 PDT 2010][class com.smgtec.sff.fileupload.poller.BasicFTPAccess] - Could not list directory: sqjavax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
at com.smgtec.sff.fileupload.poller.FixedFTPSClient._openDataConnection_(FixedFTPSClient.java:525)
at org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:2296)
at org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:2269)
Padded plaintext before ENCRYPTION: len = 32
0000: 50 41 at org.apache.commons.net.ftp.FTPClient.listFiles(FTPClient.java:2046)
at com.smgtec.sff.fileupload.poller.BasicFTPAccess.listFiles(BasicFTPAccess.java:100)
at com.smgtec.sff.fileupload.poller.FTPPoller.addFileForProcessing(FTPPoller.java:67)
at com.smgtec.sff.fileupload.poller.FTPPoller.main(FTPPoller.java:385)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
... 10 more
我们这里还有jscape FTPS客户端,它会产生同样的问题。我建议您在
FTPPoller
中包含一些重试逻辑-看起来主机正在关闭连接,而不是您的代码。我们过去常常看到远程主机错误关闭了偶尔的连接,这些错误最好通过重试来处理。我使用SSLSession.invalidate()解决了这个问题,现在似乎可以正常工作了。。。虽然我们不再使用FTPS了。如果这是一个真正的解决方案,则Apache commons net FTPSClient或我们连接的FTP服务器中存在问题
ftp = new FTPSClient()
{
private Socket socket;
protected Socket _openDataConnection_(int command, String arg) throws IOException
{
if (socket != null && socket instanceof SSLSocket)
{
// We have problems resuming cached SSL Sessions. Exceptions are
// thrown and the system crashes... So we invalidate each SSL
// session we used last.
SSLSocket sslSocket = (SSLSocket) socket;
sslSocket.getSession().invalidate();
}
socket = super._openDataConnection_(command, arg);
return socket;
}
};
顺便说一句,我相信我们正在连接一个FileZilla FTP服务器。我怀疑此修复程序将导致更多的网络聊天来回传递密钥/证书等