Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Ssl 发出验证自签名证书:收到握手失败_Ssl_Quickfixj - Fatal编程技术网
Fatal编程技术网
  • ssl/
  • Ssl 发出验证自签名证书:收到握手失败

Ssl 发出验证自签名证书:收到握手失败

ssl

Ssl 发出验证自签名证书:收到握手失败,ssl,quickfixj,Ssl,Quickfixj,我正在使用quickfix验证服务器的证书,并导致致命的握手失败 在我看来是这样的: 启动初始握手 客户端连接 服务器接受 发生TLS握手,在此期间: o密码套件已成功协商 o客户端验证服务器证书 o服务器任意关闭套接字。(发送TLSv1警报:警告,描述=关闭\u通知YYYY:local=/X.X.X:XXXXXX,类org.apache.mina.transport.socket.nio.SocketSessionImpl,远程=/XXX.XXX.XXX.XX:yyyyyyy[quickfi

我正在使用quickfix验证服务器的证书,并导致致命的握手失败

在我看来是这样的:

  • 启动初始握手

  • 客户端连接

  • 服务器接受

  • 发生TLS握手,在此期间:

    o密码套件已成功协商

    o客户端验证服务器证书

    o服务器任意关闭套接字。(发送TLSv1警报:警告,描述=关闭\u通知YYYY:local=/X.X.X:XXXXXX,类org.apache.mina.transport.socket.nio.SocketSessionImpl,远程=/XXX.XXX.XXX.XX:yyyyyyy[quickfix.mina.initiator.InitiatorIoHandler:50] SocketConnectorOprocessor-0.0,读取:TLSv1握手,长度=81 ***你好,TLSv1 .. .. 密码套件:TLS_RSA_与_AES_128_CBC_SHA 压缩方法:0 扩展重新协商\u信息,重新协商的\u连接: %%已初始化:[会话-1885,TLS\U RSA\U与\U AES\U 128\U CBC\U SHA] **TLS_RSA_与_AES_128_CBC_SHA SocketConnectorOprocessor-0.0,读取:TLSv1握手,长度=3224 ***证书链 链[0]=[ 版本:V3 .. .. .. .. 读取:TLSv1握手,长度=14 ***证书申请 证书类型:RSA、DSS、ECDSA 核证机关: ***海龙石 ***证书链 *** ***ClientKeyExchange,RSA PreMasterSecret,TLSv1 写入:TLSv1握手,长度=141 会话密钥: 毕业前的秘密: .. .. 连接键: 客户暂时: .. .. 服务器当前值: .. .. 主秘密: .. .. 客户端MAC写入机密: .. .. 服务器MAC写入机密: .. .. 客户端写入密钥: ... 服务器写入密钥: .. 客户写作四: .. 服务器写入IV: .. .. 写入:TLSv1更改密码规范,长度=1 ***完成 验证数据:{85227,34,7417122322695232 234311850} 写入:TLSv1握手,长度=48 读取:TLSv1警报,长度=2 RECV TLSv1警报:致命,握手失败 致命:引擎已关闭抛出javax.net.ssl.SSLException:收到致命警报:握手失败 调用closeOutbound() closeOutboundInternal() 发送TLSv1警报:警告,描述=关闭\u通知 写入:TLSv1警报,长度=32 调用closeInbound() 致命:引擎已关闭抛出javax.net.ssl.SSLException:入站在收到对等方的关闭通知之前已关闭\u通知:可能的截断攻击? 调用closeOutbound() closeOutboundInternal()
    服务器需要客户端证书,但客户端不发送任何证书。因此,服务器通过握手失败警报关闭连接。

    这可能是因为证书颁发机构:空?仅供参考,我们使用的是服务器的自签名证书cert@fiddle:客户端不发送证书可能有多种原因。例如,客户端m我没有为发送配置证书,或者客户端可能根本不支持客户端证书。从这几个信息很难判断。如果服务器证书是自签名的或不是自签名的,这与此无关。只有缺少的客户端证书才是这个问题的关键。我看到我的.jks文件只有一个serv条目ers中级证书。我需要在那里或其他地方添加我的客户端证书吗?如果需要,那么如何添加?请您指导。@fiddle:我不熟悉您使用的工具和库。我只能说,服务器正在请求客户端证书,而客户端没有发送证书。我不知道您的客户端是否有办法nt使用客户端证书。服务器查看:SSL例程:SSL3\u获取\u客户端\u证书:对等方未返回证书 
    Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
Ignoring disabled protocol: SSLv3 
%% No cached client session 
..
..
*** ClientHello, TLSv1 
RandomCookie:  GMT: 1468991703 bytes = { 167, 140, 147, 81, 176, 169, 230, 45, 229, 147, 246, 106, 201, 127, 79, 194, 88, 63, 1, 91, 34, 184, 35, 49, 119, 31, 227, 157 } 
..
..
ISocketConnector-0, WRITE: TLSv1 Handshake, length = 149 
MINA session created for FIX.4.4:ZZZZZ->YYYY: local=/X.X.X.X:XXXXXX, class org.apache.mina.transport.socket.nio.SocketSessionImpl, remote=/XXX.XXX.XXX.XX:YYYYY [quickfix.mina.initiator.InitiatorIoHandler:50]
SocketConnectorIoProcessor-0.0, READ: TLSv1 Handshake, length = 81 
*** ServerHello, TLSv1 
..
..
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA 
Compression Method: 0 
Extension renegotiation_info, renegotiated_connection: <empty> 
%% Initialized:  [Session-1885, TLS_RSA_WITH_AES_128_CBC_SHA] 
** TLS_RSA_WITH_AES_128_CBC_SHA 
SocketConnectorIoProcessor-0.0, READ: TLSv1 Handshake, length = 3224 
*** Certificate chain 
chain [0] = [ 
Version: V3 
..
..
..
..

READ: TLSv1 Handshake, length = 14 
*** CertificateRequest 
Cert Types: RSA, DSS, ECDSA 
Cert Authorities: 
<Empty> 
*** ServerHelloDone 
*** Certificate chain 
*** 
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1 
WRITE: TLSv1 Handshake, length = 141 
SESSION KEYGEN: 
 PreMaster Secret: 
..
..
CONNECTION KEYGEN: 
Client Nonce: 
..
..
Server Nonce: 
..
..
Master Secret: 
..
..
Client MAC write Secret: 
..
..                                  
Server MAC write Secret: 
..
..
Client write key: 
...
Server write key: 
..
Client write IV: 
..
Server write IV: 
..
..
WRITE: TLSv1 Change Cipher Spec, length = 1 
*** Finished 
verify_data:  { 85, 227, 34, 74, 171, 223, 226, 95, 232, 234, 118, 50 } 

WRITE: TLSv1 Handshake, length = 48 
READ: TLSv1 Alert, length = 2 
RECV TLSv1 ALERT:  fatal, handshake_failure 
fatal: engine already closedRethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure 
called closeOutbound() 
closeOutboundInternal() 
SEND TLSv1 ALERT:  warning, description = close_notify 
WRITE: TLSv1 Alert, length = 32 
called closeInbound() 
fatal: engine already closedRethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? 
called closeOutbound() 
closeOutboundInternal() 

    *** CertificateRequest