与Jetty HttpClient的SSL重新协商失败
我有一个基于Jetty的ProxyServlet的代理servlet,在尝试将请求代理到远程服务器时,由于代理的HttpClient中的SSL重新协商失败,它会看到间歇性的502响应。Wireshark跟踪显示SSL握手已完成,但HttpClient通过发送另一个客户端Hello数据包重新开始协商。远程服务器(本例中为F5)配置为不允许SSL重新协商,因此它会关闭连接,导致代理请求失败 配置代理的HttpClient时,我尝试调用SslContextFactory.setRenegotiationAllowed(false),但这只会导致代理内部的请求失败。调试级日志记录产生如下所示的输出。请注意“RenegotiationDenied”消息,该消息导致流关闭,导致在随后尝试将代理请求写入输出流时出现连接关闭异常 那么,是什么原因导致HttpClient认为它需要执行SSL重新协商,我可以做些什么来解决这个问题呢?更改F5的配置以允许SSL重新协商不是一个选项。问题是间歇性的,并且可复制性是可变的,这表明可能存在定时组件 我正在Java 1.8.0_66上使用Jetty 9.2.13.v20150730与Jetty HttpClient的SSL重新协商失败,ssl,proxy,jetty,jetty-httpclient,Ssl,Proxy,Jetty,Jetty Httpclient,我有一个基于Jetty的ProxyServlet的代理servlet,在尝试将请求代理到远程服务器时,由于代理的HttpClient中的SSL重新协商失败,它会看到间歇性的502响应。Wireshark跟踪显示SSL握手已完成,但HttpClient通过发送另一个客户端Hello数据包重新开始协商。远程服务器(本例中为F5)配置为不允许SSL重新协商,因此它会关闭连接,导致代理请求失败 配置代理的HttpClient时,我尝试调用SslContextFactory.setRenegotiatio
2015-10-26 15:23:04987调试vletModel-46-263 SslConnection 73-org.eclipse.jetty.util-9.2.13.v20150730SslConnection@276888f4{NEED_WRAP,eio=-1/-1,di=-1}->HttpConnectionOverHTTP@76f2815f(l:/9.32.133.96:51386 r:mail.notes.collabservdaily.swg.usma.ibm.com/9.70.230.131:443,closed=false)[HttpChannelOverHTTP@44d24828(交换=HttpExchange@3284d378req=终止/null@nullres=待定/null@null)[发送=HttpSenderOverHTTP@74d58ca9(req=QUEUED,snd=COMPLETED,failure=null)[HttpGenerator{s=START}],recv=HttpReceiverOverHTTP@501e585d(rsp=IDLE,failure=null)[HttpParser{s=START,0/0}]]fill-enter
2015-10-26 15:23:04987调试vletModel-46-263通道端点73-org.eclipse.jetty.util-9.2.13.v20150730填充1006SelectChannelEndPoint@57eceb70{mail.notes.collabservdaily.swg.usma.ibm.com/9.70.230.131:44351386,打开,输入,输出,-,15/30000,SslConnection}{io=0,kio=0,kro=1}
2015-10-26 15:23:04987调试vletModel-46-263 SslConnection 73-org.eclipse.jetty.util-9.2.13.v20150730SslConnection@276888f4{需要包装,eio=1006/-1,di=0}->HttpConnectionOverHTTP@76f2815f(l:/9.32.133.96:51386 r:mail.notes.collabservdaily.swg.usma.ibm.com/9.70.230.131:443,closed=false)[HttpChannelOverHTTP@44d24828(交换=HttpExchange@3284d378req=终止/null@nullres=待定/null@null)[发送=HttpSenderOverHTTP@74d58ca9(req=QUEUED,snd=COMPLETED,failure=null)[HttpGenerator{s=START}],recv=HttpReceiverOverHTTP@501e585d(rsp=IDLE,failure=null)[HttpParser{s=START,0/0}]]填充了1006个加密字节
2015-10-26 15:23:04987调试vletModel-46-263 SslConnection 73-org.eclipse.jetty.util-9.2.13.v20150730SslConnection@276888f4{NEED_WRAP,eio=0/-1,di=977}->HttpConnectionOverHTTP@76f2815f(l:/9.32.133.96:51386 r:mail.notes.collabservdaily.swg.usma.ibm.com/9.70.230.131:443,closed=false)[HttpChannelOverHTTP@44d24828(交换=HttpExchange@3284d378req=终止/null@nullres=待定/null@null)[发送=HttpSenderOverHTTP@74d58ca9(req=QUEUED,snd=COMPLETED,failure=null)[HttpGenerator{s=START}],recv=HttpReceiverOverHTTP@501e585d(rsp=IDLE,failure=null)[HttpParser{s=START,0/0}]]unwrap Status=OK HandshakeStatus=NEED_WRAP
字节消耗=1006字节产生=977
2015-10-26 15:23:04988调试vletModel-46-263 SslConnection 73-org.eclipse.jetty.util-9.2.13.v20150730SslConnection@276888f4{NEED_WRAP,eio=0/-1,di=977}->HttpConnectionOverHTTP@76f2815f(l:/9.32.133.96:51386 r:mail.notes.collabservdaily.swg.usma.ibm.com/9.70.230.131:443,closed=false)[HttpChannelOverHTTP@44d24828(交换=HttpExchange@3284d378req=终止/null@nullres=待定/null@null)[发送=HttpSenderOverHTTP@74d58ca9(req=QUEUED,snd=COMPLETED,failure=null)[HttpGenerator{s=START}],recv=HttpReceiverOverHTTP@501e585d(rsp=IDLE,failure=null)[HttpParser{s=START,0/0}]]重新协商被拒绝
2015-10-26 15:23:04988调试vletModel-46-263 SslConnection 73-org.eclipse.jetty.util-9.2.13.v20150730SslConnection@276888f4{NEED_WRAP,eio=-1/-1,di=977}->HttpConnectionOverHTTP@76f2815f(l:/9.32.133.96:51386 r:mail.notes.collabservdaily.swg.usma.ibm.com/9.70.230.131:443,closed=false)[HttpChannelOverHTTP@44d24828(交换=HttpExchange@3284d378req=终止/null@nullres=待定/null@null)[发送=HttpSenderOverHTTP@74d58ca9(req=QUEUED,snd=COMPLETED,failure=null)[HttpGenerator{s=START}],recv=HttpReceiverOverHTTP@501e585d(rsp=IDLE,failure=null)[HttpParser{s=START,0/0}]]填充退出