SSL LDAP查找失败,握手失败
我正在尝试连接到启用SSL的LDAP服务器。我不想使用身份验证,因此我已覆盖SSLSocketFactory以允许每个站点。我遇到以下错误:SSL LDAP查找失败,握手失败,ssl,ldap,handshake,sslhandshakeexception,Ssl,Ldap,Handshake,Sslhandshakeexception,我正在尝试连接到启用SSL的LDAP服务器。我不想使用身份验证,因此我已覆盖SSLSocketFactory以允许每个站点。我遇到以下错误: main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: **handshake_failure** javax.naming.CommunicationException: slc00ahj.us.oracle.com:3131 Roo
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: **handshake_failure**
javax.naming.CommunicationException: slc00ahj.us.oracle.com:3131 Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.jndi.ldap.Connection.<init>(Connection.java:209)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:116)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1582)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2678)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at SumanLdapTest1.main(SumanLdapTest1.java:37)
main,处理异常:javax.net.ssl.SSLHandshakeException:收到致命警报:*握手失败**
javax.naming.CommunicationException:slc00ahj.us.oracle.com:3131根异常为javax.net.ssl.SSLHandshakeException:收到致命警报:握手失败
位于com.sun.jndi.ldap.Connection(Connection.java:209)
位于com.sun.jndi.ldap.LdapClient.(LdapClient.java:116)
位于com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1582)
位于com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2678)
位于com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:296)
位于com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
位于com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
位于com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
位于com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
位于javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
位于javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
位于javax.naming.InitialContext.init(InitialContext.java:223)
位于javax.naming.InitialContext。(InitialContext.java:197)
位于javax.naming.directory.InitialDirContext。(InitialDirContext.java:82)
位于SumanLdapTest1.main(SumanLdapTest1.java:37)
SSL日志为:
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(120) called
%% No cached client session
ClientHello, TLSv1
RandomCookie: GMT: 1357201614 bytes = { 70, 133, 164, 224, 89, 101, 204, 41, 107, 201, 176, 66, 93, 118, 139, 59, 50, 176, 84, 197, 238, 236, 187, 211, 158, 43, 159, 112 }
Session ID: {}
Cipher Suites: SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Compression Methods: { 0 }
***
**main, WRITE: TLSv1 Handshake, length = 75
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()**
**My source code:**
public class **SumanLdapTest1**{
public static void main(String args[]){
try{
//System.setProperty("ldaps.protocols", "TLSv1");
System.out.println("here");
DirContext ctx = null;
String host="slc00ahj.us.oracle.com";
String port="3131";
String userName="cn=orcladmin";
String password="welcome1";
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
//env.put(Context.PROVIDER_URL, "ldap://" + host + ":"+ port+ "/");
env.put(Context.SECURITY_PRINCIPAL, userName);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put("com.sun.jndi.ldap.connect.timeout", "120");
env.put(Context.PROVIDER_URL, "ldaps://" + host
+ ":" + port);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("java.naming.ldap.factory.socket","**SumanSSLFactory**");
ctx = new InitialDirContext(env);
}catch(Exception e){
e.printStackTrace();
}
}
}
public class SumanSSLFactory extends SSLSocketFactory {
private SSLSocketFactory factory = null;
private Exception exception = null;
public SumanSSLFactory() {
System.out.println("LdapSSLFactory initialization started...");
try {
this.factory = **getSSLSocketFactory**();
} catch (Exception ex) {
ex.printStackTrace();
System.out.println("LDAPSSLFactory Initialization error");
this.factory = null;
this.exception = ex;
}
System.out.println("LdapSSLFactory Initialization completed.");
}
public SSLSocket createSocket() throws IOException {
System.out.println("LdapSSLFactory.createSocket()");
if (this.factory == null)
throw new IOException();
SSLSocket st=null;
try{
(new Throwable()).printStackTrace();
st=(SSLSocket)this.factory.createSocket();
st.setEnabledProtocols( new String[] { "TLSv1", "SSLv3" } );
}catch(Exception e){
e.printStackTrace();
}
return st;
}
private SSLSocketFactory **getSSLSocketFactory**()
{
SSLSocketFactory sslSocketFactory = null;
System.out.println("Using Non Authenticated SSL Mechanism.");
try {
TrustManager[] tmA = { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
X509Certificate[] issuers = new X509Certificate[0];
return issuers;
//return null;
}
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
} };
// get the SSLContext and factory
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmA, null);
sslSocketFactory = ctx.getSocketFactory();
// System.setProperty("ldaps.protocols", "TLSv1");
System.out.println("SSOSocketUtil factory created sslSocketFactory"+sslSocketFactory);
} catch (Exception ex) {
ex.printStackTrace();
System.out.println("SSOSocketUtil factory exception");
}
return sslSocketFactory;
}
}
Any help on this will be appreciated
允许不安全的重新协商:false
允许旧版hello消息:true
第一次握手是否正确
是否安全重新谈判:错误
main,setSoTimeout(120)已调用
%%没有缓存的客户端会话
ClientHello,TLSv1
RandomCookie:GMT:1357201614字节={70、133、164、224、89、101、204、41、107、201、176、66、93、118、139、59、50、176、84、197、238、236、187、211、158、43、159、112}
会话ID:{}
密码套件:SSL(U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U R U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U U SHA,SSL_RSA_与CBC_SHA,SSL_DHE_RSA_与CBC_SHA,SSL\u DHE\u DSS\u与CBC\u SHA、SSL\u RSA\u与RC4\u 40\u MD5导出、SSL\u RSA\u与CBC\u SHA导出、SSL\u DHE\u RSA\u与CBC\u SHA导出、SSL\u DHE\u DSS\u与SCSV重新协商信息
压缩方法:{0}
***
**main,WRITE:TLSv1握手,长度=75
主,读取:TLSv1警报,长度=2
主,RECV TLSv1警报:致命,握手失败
main,称为closeSocket()**
**我的源代码:**
公共类**SumanLdapTest1**{
公共静态void main(字符串参数[]){
试一试{
//System.setProperty(“ldaps.protocols”、“TLSv1”);
System.out.println(“此处”);
DirContext ctx=null;
String host=“slc00ahj.us.oracle.com”;
字符串端口=“3131”;
字符串userName=“cn=orcladmin”;
字符串password=“welcome1”;
Hashtable env=新的Hashtable();
环境放置(Context.INITIAL\u Context\u工厂,
“com.sun.jndi.ldap.LdapCtxFactory”);
//env.put(Context.PROVIDER_URL,“ldap://”+host+:“+port+”/”;
环境放置(Context.SECURITY\u主体,用户名);
环境放置(Context.SECURITY\u凭证、密码);
环境put(Context.SECURITY_认证,“simple”);
put(“com.sun.jndi.ldap.connect.timeout”,“120”);
env.put(Context.PROVIDER_URL,“ldaps:/”+主机
+“:”+港口);
环境保护协议(Context.SECURITY_PROTOCOL,ssl);
put(“java.naming.ldap.factory.socket”,“**SumanSSLFactory**”);
ctx=新的初始目录上下文(env);
}捕获(例外e){
e、 printStackTrace();
}
}
}
公共类SumanssFactory扩展了SSLSocketFactory{
私有SSLSocketFactory工厂=空;
私有异常=null;
公共苏门答腊工厂(){
System.out.println(“LDAPSSL工厂初始化已启动…”);
试一试{
this.factory=**getSSLSocketFactory**();
}捕获(例外情况除外){
例如printStackTrace();
System.out.println(“LDAPSSL工厂初始化错误”);
this.factory=null;
this.exception=ex;
}
System.out.println(“LDAPSSL工厂初始化完成”);
}
公共SSLSocket createSocket()引发IOException{
System.out.println(“LdapSSLFactory.createSocket()”;
if(this.factory==null)
抛出新IOException();
SSLSocket st=null;
试一试{
(新的Throwable()).printStackTrace();
st=(SSLSocket)this.factory.createSocket();
st.setEnabledProtocols(新字符串[]{“TLSv1”、“SSLv3”});
}捕获(例外e){
e、 printStackTrace();
}
返回st;
}
私有SSLSocketFactory**getSSLSocketFactory**()
{
SSLSocketFactory SSLSocketFactory=null;
System.out.println(“使用未经身份验证的SSL机制”);
试一试{
TrustManager[]tmA={new X509TrustManager(){
公共X509证书[]getAcceptedIssuers(){
X509Certificate[]发行人=新的X509Certificate[0];
返回发行人;
//返回null;
}
公共无效checkClientTrusted