Java SSLHandshakeException:使用asynchttpclient和使用自签名证书的wiremock没有常见的密码套件
我有一个使用asynchttpclient库编写的java客户机。在集成测试过程中,我正在设置一个wiremock服务器进行测试。连接需要通过ssl进行 因此,我正在为我的域生成自签名证书:localhost.my-domain.com,它指向127.0.0.1 证书生成 生成的证书如下所示:Java SSLHandshakeException:使用asynchttpclient和使用自签名证书的wiremock没有常见的密码套件,java,ssl,asynchttpclient,wiremock,spark-framework,Java,Ssl,Asynchttpclient,Wiremock,Spark Framework,我有一个使用asynchttpclient库编写的java客户机。在集成测试过程中,我正在设置一个wiremock服务器进行测试。连接需要通过ssl进行 因此,我正在为我的域生成自签名证书:localhost.my-domain.com,它指向127.0.0.1 证书生成 生成的证书如下所示: #Generate the self signed keystore (first and last name use: localhost.my-domain.com) keytool -genkey
#Generate the self signed keystore (first and last name use: localhost.my-domain.com)
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changeit -validity 360 -keysize 2048
#Extract the public certificate
keytool -export -keystore keystore.jks -alias selfsigned -file public.cer
#Create the truststore
keytool -import -file public.cer -alias selfsigned -keystore public.truststore
#extract pkcs12 private key
keytool -importkeystore -srckeystore keystore.jks -destkeystore private.pkcs12 -deststoretype PKCS12
#Convert public.cer into public.pem
openssl x509 -inform der -in public.cer -out public.pem
#Convert pkcs12 key to pem format
openssl pkcs12 -in private.pkcs12 -out privatekey.pem -nocerts -nodes
@ClassRule
public static WireMockClassRule wireMockRule = new WireMockClassRule(wireMockConfig()
.port(9998)
.httpsPort(7777)
.needClientAuth(true)
.trustStorePath("/path/to/public.truststore")
.trustStorePassword("changeit")
.keystorePath("/path/to/keystore.jks")
.keystorePassword("changeit")
);
#Generate the self signed keystore (first and last name use: localhost.my-domain.com)
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changeit -validity 360 -keysize 2048
#Extract the public certificate
keytool -export -keystore keystore.jks -alias selfsigned -file public.cer
#Create the truststore
keytool -import -file public.cer -alias selfsigned -keystore public.truststore
#extract pkcs12 private key
keytool -importkeystore -srckeystore keystore.jks -destkeystore private.pkcs12 -deststoretype PKCS12
#Convert public.cer into public.pem
openssl x509 -inform der -in public.cer -out public.pem
#Convert pkcs12 key to pem format
openssl pkcs12 -in private.pkcs12 -out privatekey.pem -nocerts -nodes
@ClassRule
public static WireMockClassRule wireMockRule = new WireMockClassRule(wireMockConfig()
.port(9998)
.httpsPort(7777)
.needClientAuth(true)
.trustStorePath("/path/to/public.truststore")
.trustStorePassword("changeit")
.keystorePath("/path/to/keystore.jks")
.keystorePassword("changeit")
);
private DefaultAsyncHttpClient getSslConnection () {
final SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
final KeyManagerFactory keyManagerFactory;
try {
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(new File("/path/to/keystore.jks")), sslParameters.getKeystorePassword().toCharArray());
keyManagerFactory.init(keyStore, "changeit".toCharArray());
} catch (final Exception e) {
throw new IllegalStateException("failed", e);
}
sslContextBuilder.keyManager(keyManagerFactory);
final TrustManagerFactory trustManagerFactory;
try {
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
final KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(new File("/path/to/public.truststore")), "changeit".toCharArray());
trustManagerFactory.init(trustStore);
} catch (final Exception e) {
throw new IllegalStateException("failed", e);
}
sslContextBuilder.trustManager(trustManagerFactory);
final SslContext sslContext;
try {
sslContext = sslContextBuilder
.build();
} catch (final SSLException e) {
throw new IllegalStateException("Unable to create SslContext", e);
}
return new DefaultAsyncHttpClient(generateGenericHttpClientConfiguration()
.setSslContext(sslContext)
.build());
}
private static DefaultAsyncHttpClientConfig.Builder generateGenericHttpClientConfiguration() {
final DefaultAsyncHttpClientConfig.Builder builder = new DefaultAsyncHttpClientConfig.Builder()
.setConnectTimeout(connectionTimeout)
.setReadTimeout(readTimeout)
.setHandshakeTimeout(handshakeTimeout)
.setRequestTimeout(requestTimeout)
.setShutdownTimeout(shutdownTimeout)
.setSslSessionTimeout(sslSessionTimeout)
.setPooledConnectionIdleTimeout(pooledConnectionIdleTimeout)
.setMaxConnections(maxTotal)
.setMaxConnectionsPerHost(maxRoute);
return builder;
}
#Generate the self signed keystore (first and last name use: localhost.my-domain.com)
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changeit -validity 360 -keysize 2048
#Extract the public certificate
keytool -export -keystore keystore.jks -alias selfsigned -file public.cer
#Create the truststore
keytool -import -file public.cer -alias selfsigned -keystore public.truststore
#extract pkcs12 private key
keytool -importkeystore -srckeystore keystore.jks -destkeystore private.pkcs12 -deststoretype PKCS12
#Convert public.cer into public.pem
openssl x509 -inform der -in public.cer -out public.pem
#Convert pkcs12 key to pem format
openssl pkcs12 -in private.pkcs12 -out privatekey.pem -nocerts -nodes
@ClassRule
public static WireMockClassRule wireMockRule = new WireMockClassRule(wireMockConfig()
.port(9998)
.httpsPort(7777)
.needClientAuth(true)
.trustStorePath("/path/to/public.truststore")
.trustStorePassword("changeit")
.keystorePath("/path/to/keystore.jks")
.keystorePassword("changeit")
);
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1036)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:739)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
at com.github.tomakehurst.wiremock.jetty6.DelayableSslSocketConnector$1.run(DelayableSslSocketConnector.java:52)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
java.util.concurrent.ExecutionException: java.net.ConnectException: Received fatal alert: handshake_failure
at org.asynchttpclient.netty.NettyResponseFuture.abort(NettyResponseFuture.java:239)
at org.asynchttpclient.netty.channel.NettyConnectListener.onFailure(NettyConnectListener.java:141)
at org.asynchttpclient.netty.channel.NettyConnectListener$1.onFailure(NettyConnectListener.java:109)
at org.asynchttpclient.netty.SimpleFutureListener.operationComplete(SimpleFutureListener.java:26)
at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:683)
at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:604)
at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:564)
at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:425)
at io.netty.handler.ssl.SslHandler.notifyHandshakeFailure(SslHandler.java:1239)
at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1234)
at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1209)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1064)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:904)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:387)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:245)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:528)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:485)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:399)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:371)
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)
at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.ConnectException: Received fatal alert: handshake_failure
at org.asynchttpclient.netty.channel.NettyConnectListener.onFailure(NettyConnectListener.java:138)
... 24 more
Caused by: javax.net.ssl.SSLException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1098)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:970)
... 14 more
trustStore is: C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0xc3517
Valid from Mon Jun 21 06:00:00 CEST 1999 until Mon Jun 22 06:00:00 CEST 2020
... and several others....
***
found key for : selfsigned
chain [0] = [
[
Version: V3
Subject: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 22322185126194550795772462085219600605765741974258242212144535570744433693090067697037964532896095888501895176212954181087848506804238875167464582276363224932343212155653874664548116380333979698329196870411155489258120063788253980453150948066639518586839190752172742369244848200670971411040704766236660687310131008467164466602724947105963538159324675914388308835198923964161860881537353803508615054561772507456948494859333876540386345557203373685823145636638162034516089507658075673049538151350225012579285735891440944786147926900982654525113394239397843171301247569748674320790243789470675827095807550007258334440131
public exponent: 65537
Validity: [From: Wed Jun 08 17:24:26 CEST 2016,
To: Sat Jun 03 17:24:26 CEST 2017]
Issuer: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
SerialNumber: [ 3dad149a]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 80 EF E8 17 92 61 B0 D6 62 29 1A 4C 45 84 5E A0 .....a..b).LE.^.
0010: ED E7 16 00 ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 14 14 E7 30 68 39 F7 61 82 6C 29 52 EB F5 3A E6 ...0h9.a.l)R..:.
0010: 25 E8 49 3B 86 3F 63 D0 07 E7 82 D3 51 52 3E BD %.I;.?c.....QR>.
0020: 7F 18 A8 B8 53 4D C4 AC BC 66 7D 1D 16 99 56 5D ....SM...f....V]
0030: AA 77 70 D1 DF B6 4F 4D BC 45 3B F6 1E 18 10 7B .wp...OM.E;.....
0040: FD 8B 19 BC 9E 28 A5 2F B4 32 4D D6 1B 5A F4 EF .....(./.2M..Z..
0050: 0A C6 7E F4 6E 17 DE 44 39 6F 4C 36 FB 24 52 3A ....n..D9oL6.$R:
0060: EF 98 09 9D 33 E8 80 73 0C CC 8A 80 4B B6 A8 34 ....3..s....K..4
0070: D6 00 DF C3 DC CB 45 16 A0 60 67 8A 25 52 33 3D ......E..`g.%R3=
0080: 4B F9 A6 A7 AD 4A 91 7C 05 23 F8 DC 5B 76 09 05 K....J...#..[v..
0090: D6 E7 33 8C CD 0C EC 9F EB 20 62 E1 57 51 F7 A9 ..3...... b.WQ..
00A0: B9 9A ED 25 7D B9 D9 BA D4 2C 72 C5 62 F8 DB CB ...%.....,r.b...
00B0: C2 48 83 2F 8D A3 15 27 99 29 4E 34 3B 18 13 A7 .H./...'.)N4;...
00C0: 30 DF BE 49 30 1B 7A DF CE E0 C2 DA 97 1F 5D BA 0..I0.z.......].
00D0: 84 B9 92 64 34 8B 19 D2 C4 C7 96 A8 32 34 19 36 ...d4.......24.6
00E0: 7E 75 5D B7 85 F6 19 0E 1D 67 DE 50 29 02 FF CD .u]......g.P)...
00F0: 3B 64 40 AE 7B 13 30 FA 69 52 3C 13 8A 94 46 3B ;d@...0.iR<...F;
]
***
trigger seeding of SecureRandom
done seeding SecureRandom
adding as trusted cert:
Subject: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
Issuer: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
Algorithm: RSA; Serial number: 0x3dad149a
Valid from Wed Jun 08 17:24:26 CEST 2016 until Sat Jun 03 17:24:26 CEST 2017
trigger seeding of SecureRandom
done seeding SecureRandom
trustStore is: C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0xc3517
Valid from Mon Jun 21 06:00:00 CEST 1999 until Mon Jun 22 06:00:00 CEST 2020
.... and several others ....
trigger seeding of SecureRandom
done seeding SecureRandom***
found key for : selfsigned
chain [0] = [
[
Version: V3
Subject: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 22322185126194550795772462085219600605765741974258242212144535570744433693090067697037964532896095888501895176212954181087848506804238875167464582276363224932343212155653874664548116380333979698329196870411155489258120063788253980453150948066639518586839190752172742369244848200670971411040704766236660687310131008467164466602724947105963538159324675914388308835198923964161860881537353803508615054561772507456948494859333876540386345557203373685823145636638162034516089507658075673049538151350225012579285735891440944786147926900982654525113394239397843171301247569748674320790243789470675827095807550007258334440131
public exponent: 65537
Validity: [From: Wed Jun 08 17:24:26 CEST 2016,
To: Sat Jun 03 17:24:26 CEST 2017]
Issuer: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
SerialNumber: [ 3dad149a]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 80 EF E8 17 92 61 B0 D6 62 29 1A 4C 45 84 5E A0 .....a..b).LE.^.
0010: ED E7 16 00 ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 14 14 E7 30 68 39 F7 61 82 6C 29 52 EB F5 3A E6 ...0h9.a.l)R..:.
0010: 25 E8 49 3B 86 3F 63 D0 07 E7 82 D3 51 52 3E BD %.I;.?c.....QR>.
0020: 7F 18 A8 B8 53 4D C4 AC BC 66 7D 1D 16 99 56 5D ....SM...f....V]
0030: AA 77 70 D1 DF B6 4F 4D BC 45 3B F6 1E 18 10 7B .wp...OM.E;.....
0040: FD 8B 19 BC 9E 28 A5 2F B4 32 4D D6 1B 5A F4 EF .....(./.2M..Z..
0050: 0A C6 7E F4 6E 17 DE 44 39 6F 4C 36 FB 24 52 3A ....n..D9oL6.$R:
0060: EF 98 09 9D 33 E8 80 73 0C CC 8A 80 4B B6 A8 34 ....3..s....K..4
0070: D6 00 DF C3 DC CB 45 16 A0 60 67 8A 25 52 33 3D ......E..`g.%R3=
0080: 4B F9 A6 A7 AD 4A 91 7C 05 23 F8 DC 5B 76 09 05 K....J...#..[v..
0090: D6 E7 33 8C CD 0C EC 9F EB 20 62 E1 57 51 F7 A9 ..3...... b.WQ..
00A0: B9 9A ED 25 7D B9 D9 BA D4 2C 72 C5 62 F8 DB CB ...%.....,r.b...
00B0: C2 48 83 2F 8D A3 15 27 99 29 4E 34 3B 18 13 A7 .H./...'.)N4;...
00C0: 30 DF BE 49 30 1B 7A DF CE E0 C2 DA 97 1F 5D BA 0..I0.z.......].
00D0: 84 B9 92 64 34 8B 19 D2 C4 C7 96 A8 32 34 19 36 ...d4.......24.6
00E0: 7E 75 5D B7 85 F6 19 0E 1D 67 DE 50 29 02 FF CD .u]......g.P)...
00F0: 3B 64 40 AE 7B 13 30 FA 69 52 3C 13 8A 94 46 3B ;d@...0.iR<...F;
]
***
adding as trusted cert:
Subject: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
Issuer: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
Algorithm: RSA; Serial number: 0x3dad149a
Valid from Wed Jun 08 17:24:26 CEST 2016 until Sat Jun 03 17:24:26 CEST 2017
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
214187874@qtp-1409545055-0 - Acceptor0 DelayableSslSocketConnector@0.0.0.0:7777, setSoTimeout(200000) called
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1465403695 bytes = { 30, 118, 6, 181, 187, 105, 144, 0, 40, 135, 10, 57, 140, 23, 96, 35, 255, 117, 199, 166, 250, 139, 47, 126, 51, 172, 237, 45 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [type=host_name (0), value=localhost.my-domain.com]
Extension renegotiation_info, renegotiated_connection: <empty>
***
AsyncHttpClient-3-1, WRITE: TLSv1.2 Handshake, length = 196
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
2009745500@qtp-1409545055-2, READ: TLSv1.2 Handshake, length = 196
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1465403695 bytes = { 30, 118, 6, 181, 187, 105, 144, 0, 40, 135, 10, 57, 140, 23, 96, 35, 255, 117, 199, 166, 250, 139, 47, 126, 51, 172, 237, 45 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [type=host_name (0), value=localhost.my-domain.com]
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
%% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL]
2009745500@qtp-1409545055-2, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
2009745500@qtp-1409545055-2, WRITE: TLSv1.2 Alert, length = 2
2009745500@qtp-1409545055-2, called closeSocket()
2009745500@qtp-1409545055-2, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
信任库是:C:\Program Files\Java\jdk1.8.0\U 66\jre\lib\security\cacerts
信任库类型为:jks
信任库提供程序是:
初始化信任库
添加为受信任证书:
主题:CN=Equifax安全全球电子商务CA-1,O=Equifax安全公司,C=US
发卡机构:CN=Equifax安全全球电子商务CA-1,O=Equifax安全公司,C=US
算法:RSA;序列号:0xc3517
有效期为1999年6月21日星期一06:00:00至2020年6月22日星期一06:00:00
... 还有其他几个。。。。
***
找到的密钥:自签名
链[0]=[
[
版本:V3
主题:CN=localhost.my-domain.com,OU=my-domain软件有限公司,O=my-domain软件有限公司,L=Sliema,ST=Malta,C=MT
签名算法:SHA256withRSA,OID=1.2.840.113549.1.1.11
密钥:Sun RSA公钥,2048位
模数:22322185126194550795772462085219600605757419742582422121445355774443369309006769703796453289609588850189517621295418108087848506804423887516746458227632249323421215538744548116380333979632919687041115548925812007882539804453150948066663951858683919091909078787878787846464646467373737390464646767676767676767676767676737390464663636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363638159324675914388308835198923964161860881537353803508615054561772507456948494859333876540386345557203373685823145636638162034516089507658075673049538151350225012579285735891440944786147926900982654525113394239397843171301247569748674320790243789470675827095807550007258334440131
公众指数:65537
有效期:[自:2016年6月8日星期三17:24:26 CEST,
收件人:2017年6月3日星期六17:24:26]
发行人:CN=localhost.my-domain.com,OU=my-domain软件有限公司,O=my-domain软件有限公司,L=Sliema,ST=Malta,C=MT
序列号:[3dad149a]
证书扩展:1
[1] :ObjectId:2.5.29.14临界性=错误
SubjectKeyIdentifier[
键标识符[
0000:80 EF E8 17 92 61 B0 D6 62 29 1A 4C 45 84 5E A0…..a..b)。
0010:ED E7 16 00。。。。
]
]
]
算法:[SHA256withRSA]
签名:
0000:14 14 14 E7 30 68 39 F7 61 82 6C 29 52 EB F5 3A E6…0h9.a.l)R。
0010:25 E8 49 3B 86 3F 63 D0 07 E7 82 D3 51 52 3E BD%.I;?c…..QR>。
0020:7F 18 A8 B8 53 4D C4 AC BC 66 7D 1D 16 99 56 5D…SM…f…V]
0030:AA 77 70 D1 DF B6 4F 4D BC 45 3B F6 1E 18 10 7B.wp…OM.E;。。。。。
0040:FD 8B 19 BC 9E 28 A5 2F B4 32 4D D6 1B 5A F4 EF.(./.2M..Z.)。。
0050:0A C6 7E F4 6E 17 DE 44 39 6F 4C 36 FB 24 52 3A…n..D9oL6.$R:
0060:EF 98 09 9D 33 E8 80 73 0C CC 8A 80 4B B6 A8 34…3..s..K..4
0070:D6 00 DF C3 DC CB 45 16 A0 60 67 8A 25 52 33 3D……例如%R3=
0080:4B F9 A6 A7 AD 4A 91 7C 05 23 F8 DC 5B 76 09 05 K........#。。
0090:D6 E7 33 8C CD 0C EC 9F EB 20 62 E1 57 51 F7 A9..3…b.WQ。。
00A0:B9 9A ED 25 7D B9 D9 BA D4 2C 72 C5 62 F8 DB CB…%,r.b。。。
00B0:C2 48 83 2F 8D A3 15 27 99 29 4E 34 3B 18 13 A7.H./…')N4;。。。
00C0:30 DF为49 30 1B 7A DF CE E0 C2 DA 97 1F 5D BA 0..I0.z..]。
00D0:84 B9 92 64 34 8B 19 D2 C4 C7 96 A8 32 34 19 36…d4…24.6
00E0:7E 75 5D B7 85 F6 19 0E 1D 67 DE 50 29 02 FF CD.u]……g.P)。。。
00F0:3B 64 40 AE 7B 13 30 FA 69 52 3C 13 8A 94 46 3B;d@...0.iR.
0020:7F 18 A8 B8 53 4D C4 AC BC 66 7D 1D 16 99 56 5D…SM…f…V]
0030:AA 77 70 D1 DF B6 4F 4D BC 45 3B F6 1E 18 10 7B.wp…OM.E;。。。。。
0040:FD 8B 19 BC 9E 28 A5 2F B4 32 4D D6 1B 5A F4 EF.(./.2M..Z.)。。
0050:0A C6 7E F4 6E 17 DE 44 39 6F 4C 36 FB 24 52 3A…n..D9oL6.$R:
0060:EF 98 09 9D 33 E8 80 73 0C CC 8A 80 4B B6 A8 34…3..s..K..4
0070:D6 00 DF C3 DC CB 45 16 A0 60 67 8A 25 52 33 3D……例如%R3=
0080:4B F9 A6 A7 AD 4A 91 7C 05 23 F8 DC 5B 76 09 05 K........#。。
0090:D6 E7 33 8C CD 0C EC 9F EB 20 62 E1 57 51 F7 A9..3…b.WQ。。
00A0:B9 9A ED 25 7D B9 D9 BA D4 2C 72 C5 62 F8 DB CB…%,r.b。。。
00B0:C2 48 83 2F 8D A3 15 27 99 29 4E 34 3B 18 13 A7.H./…')N4;。。。
00C0:30 DF为49 30 1B 7A DF CE E0 C2 DA 97 1F 5D BA 0..I0.z..]。
00D0:84 B9 92 64 34 8B 19 D2 C4 C7 96 A8 32 34 19 36…d4…24.6
00E0:7E 75 5D B7 85 F6 19 0E 1D 67 DE 50 29 02 FF CD.u]……g.P)。。。
00F0:3B 64 40 AE 7B 13 30 FA 69 52 3C 13 8A 94 46 3B;d@...0.iR免责声明:我是AsyncHttpClient的作者
My2cents:您使用一个大密钥(“keysize 2048”)生成了一个证书,但您忘记了用它修补JDK。结果表明,Wiremock和Spark框架中似乎都存在一些问题
正如,一旦我使用相同的密钥设置了自己的服务器,它就可以正常工作。以防万一,它会帮助任何人,在我的例子中,我出现了这个错误,因为我将p12
格式文件加载到服务器的密钥库,而不是jks
文件
i、 e.类似于:
@ClassRule
public static WireMockClassRule wireMockRule = new WireMockClassRule(wireMockConfig()
.httpsPort(7777)
.keystorePath("/path/to/keystore.p12")
.keystorePassword("changeit")
);
另一个潜在问题是.keystorePassword()
不提供传统上理解的密钥库密码。它为密钥库中的单个密钥提供密码
我通过将密钥从自己的密钥库导入wiremock密钥库(其密码为password)来解决这个问题