Ssl 发出验证自签名证书:收到握手失败
我正在使用quickfix验证服务器的证书,并导致致命的握手失败 在我看来是这样的:Ssl 发出验证自签名证书:收到握手失败,ssl,quickfixj,Ssl,Quickfixj,我正在使用quickfix验证服务器的证书,并导致致命的握手失败 在我看来是这样的: 启动初始握手 客户端连接 服务器接受 发生TLS握手,在此期间: o密码套件已成功协商 o客户端验证服务器证书 o服务器任意关闭套接字。(发送TLSv1警报:警告,描述=关闭\u通知YYYY:local=/X.X.X:XXXXXX,类org.apache.mina.transport.socket.nio.SocketSessionImpl,远程=/XXX.XXX.XXX.XX:yyyyyyy[quickfi
- 启动初始握手
- 客户端连接
- 服务器接受
- 发生TLS握手,在此期间:
o密码套件已成功协商
o客户端验证服务器证书
o服务器任意关闭套接字。(发送TLSv1警报:警告,描述=关闭\u通知YYYY:local=/X.X.X:XXXXXX,类org.apache.mina.transport.socket.nio.SocketSessionImpl,远程=/XXX.XXX.XXX.XX:yyyyyyy[quickfix.mina.initiator.InitiatorIoHandler:50]
SocketConnectorOprocessor-0.0,读取:TLSv1握手,长度=81
***你好,TLSv1
..
..
密码套件:TLS_RSA_与_AES_128_CBC_SHA
压缩方法:0
扩展重新协商\u信息,重新协商的\u连接:
%%已初始化:[会话-1885,TLS\U RSA\U与\U AES\U 128\U CBC\U SHA]
**TLS_RSA_与_AES_128_CBC_SHA
SocketConnectorOprocessor-0.0,读取:TLSv1握手,长度=3224
***证书链
链[0]=[
版本:V3
..
..
..
..
读取:TLSv1握手,长度=14
***证书申请
证书类型:RSA、DSS、ECDSA
核证机关:
***海龙石
***证书链
***
***ClientKeyExchange,RSA PreMasterSecret,TLSv1
写入:TLSv1握手,长度=141
会话密钥:
毕业前的秘密:
..
..
连接键:
客户暂时:
..
..
服务器当前值:
..
..
主秘密:
..
..
客户端MAC写入机密:
..
..
服务器MAC写入机密:
..
..
客户端写入密钥:
...
服务器写入密钥:
..
客户写作四:
..
服务器写入IV:
..
..
写入:TLSv1更改密码规范,长度=1
***完成
验证数据:{85227,34,7417122322695232 234311850}
写入:TLSv1握手,长度=48
读取:TLSv1警报,长度=2
RECV TLSv1警报:致命,握手失败
致命:引擎已关闭抛出javax.net.ssl.SSLException:收到致命警报:握手失败
调用closeOutbound()
closeOutboundInternal()
发送TLSv1警报:警告,描述=关闭\u通知
写入:TLSv1警报,长度=32
调用closeInbound()
致命:引擎已关闭抛出javax.net.ssl.SSLException:入站在收到对等方的关闭通知之前已关闭\u通知:可能的截断攻击?
调用closeOutbound()
closeOutboundInternal()
服务器需要客户端证书,但客户端不发送任何证书。因此,服务器通过握手失败警报关闭连接。这可能是因为证书颁发机构:空?仅供参考,我们使用的是服务器的自签名证书cert@fiddle:客户端不发送证书可能有多种原因。例如,客户端m我没有为发送配置证书,或者客户端可能根本不支持客户端证书。从这几个信息很难判断。如果服务器证书是自签名的或不是自签名的,这与此无关。只有缺少的客户端证书才是这个问题的关键。我看到我的.jks文件只有一个serv条目ers中级证书。我需要在那里或其他地方添加我的客户端证书吗?如果需要,那么如何添加?请您指导。@fiddle:我不熟悉您使用的工具和库。我只能说,服务器正在请求客户端证书,而客户端没有发送证书。我不知道您的客户端是否有办法nt使用客户端证书。服务器查看:SSL例程:SSL3\u获取\u客户端\u证书:对等方未返回证书Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring disabled protocol: SSLv3 %% No cached client session .. .. *** ClientHello, TLSv1 RandomCookie: GMT: 1468991703 bytes = { 167, 140, 147, 81, 176, 169, 230, 45, 229, 147, 246, 106, 201, 127, 79, 194, 88, 63, 1, 91, 34, 184, 35, 49, 119, 31, 227, 157 } .. .. ISocketConnector-0, WRITE: TLSv1 Handshake, length = 149 MINA session created for FIX.4.4:ZZZZZ->YYYY: local=/X.X.X.X:XXXXXX, class org.apache.mina.transport.socket.nio.SocketSessionImpl, remote=/XXX.XXX.XXX.XX:YYYYY [quickfix.mina.initiator.InitiatorIoHandler:50] SocketConnectorIoProcessor-0.0, READ: TLSv1 Handshake, length = 81 *** ServerHello, TLSv1 .. .. Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> %% Initialized: [Session-1885, TLS_RSA_WITH_AES_128_CBC_SHA] ** TLS_RSA_WITH_AES_128_CBC_SHA SocketConnectorIoProcessor-0.0, READ: TLSv1 Handshake, length = 3224 *** Certificate chain chain [0] = [ Version: V3 .. .. .. .. READ: TLSv1 Handshake, length = 14 *** CertificateRequest Cert Types: RSA, DSS, ECDSA Cert Authorities: <Empty> *** ServerHelloDone *** Certificate chain *** *** ClientKeyExchange, RSA PreMasterSecret, TLSv1 WRITE: TLSv1 Handshake, length = 141 SESSION KEYGEN: PreMaster Secret: .. .. CONNECTION KEYGEN: Client Nonce: .. .. Server Nonce: .. .. Master Secret: .. .. Client MAC write Secret: .. .. Server MAC write Secret: .. .. Client write key: ... Server write key: .. Client write IV: .. Server write IV: .. .. WRITE: TLSv1 Change Cipher Spec, length = 1 *** Finished verify_data: { 85, 227, 34, 74, 171, 223, 226, 95, 232, 234, 118, 50 } WRITE: TLSv1 Handshake, length = 48 READ: TLSv1 Alert, length = 2 RECV TLSv1 ALERT: fatal, handshake_failure fatal: engine already closedRethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure called closeOutbound() closeOutboundInternal() SEND TLSv1 ALERT: warning, description = close_notify WRITE: TLSv1 Alert, length = 32 called closeInbound() fatal: engine already closedRethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? called closeOutbound() closeOutboundInternal()
*** CertificateRequest