当前位置: 首页 > 面试题库 >

Java SSLHandshakeException:没有通用的密码套件

姚骁
2023-03-14
问题内容

我正在尝试通过Java SSLSockets将安全性应用于简单的聊天应用程序。

我创建了一个自签名的CA,并用它签署了两个证书(全部使用了RSA密钥),一个证书用于服务器,一个证书用于客户端。之后,我将证书导入服务器的密钥库和客户端的密钥库。

CA :

openssl genrsa -out ca.key 1024 -rsa

openssl req -new -key ca.key -out ca.csr

openssl x509 -req -days 365 -in ca.csr -out ca.crt -signkey ca.key


SERVER CERTIFICATE:

openssl genrsa -out server.key 1024 -rsa

openssl req -new -key server.key -out server.csr

openssl ca -in server.csr -cert ca.crt -keyfile ca.key -out server.crt


CLIENT CERTIFICATE :

openssl genrsa -out client.key 1024 -rsa

openssl req -new -key client.key -out client.csr

openssl ca -in client.csr -cert ca.crt -keyfile ca.key -out client.crt



KEYSTORES:

keytool -import -keystore serverkeystore -file ca.crt -alias theCARoot

keytool -import -keystore serverkeystore -file server.crt -alias servercrt

keytool -import -keystore serverkeystore -file client.crt -alias clientcrt

keytool -import -keystore clientkeystore -file ca.crt  -alias theCARoot

keytool -import -keystore clientkeystore -file server.crt  -alias servercrt

keytool -import -keystore clientkeystore -file client.crt  -alias clientcrt

我想使用特定的密码,但显然所有受支持的密码均无效。

我为客户提供的代码

   import java.net.*;
import java.io.*;
import java.security.*;
import java.security.cert.CertificateException;
import javax.net.ssl.*;

public class ChatClient implements Runnable
{
    private SSLSocket socket           = null;
    private Thread thread              = null;
    private DataInputStream  console   = null;
    private DataOutputStream streamOut = null;
    private ChatClientThread client    = null;
    final String[] enabledCipherSuites = {"TLS_RSA_WITH_AES_256_CBC_SHA256"};
    final char[] passphrase = "123456".toCharArray();

    public ChatClient(String serverName, int serverPort)
    {
        System.out.println("Establishing connection to server...");
        try
        {
            SSLSocketFactory factory = null;
            SSLContext ctx = SSLContext.getInstance("TLS");
            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

            KeyStore ks= KeyStore.getInstance("JKS");
            ks.load(new FileInputStream("clientkeystore"), passphrase);
            kmf.init(ks, passphrase);


            KeyStore serverKey = KeyStore.getInstance("JKS");
            serverKey.load(new FileInputStream("serverkeystore"),passphrase);
            TrustManagerFactory trustManager = TrustManagerFactory.getInstance("SunX509");
            trustManager.init(serverKey);



            ctx.init(kmf.getKeyManagers(), trustManager.getTrustManagers(), null);
            factory = ctx.getSocketFactory();
            socket = (SSLSocket)factory.createSocket(serverName, serverPort);
            socket.setEnabledCipherSuites(enabledCipherSuites);
            start();
        }

        catch(UnknownHostException uhe)
        {
            // Host unkwnown
            System.out.println("Error establishing connection - host unknown: " + uhe.getMessage());
        }
        catch(IOException ioexception)
        {
            // Other error establishing connection
            System.out.println("Error establishing connection - unexpected exception: " + ioexception.getMessage());
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
    }

    public void run()
    {
        while (thread != null)
        {
            try
            {
                // Sends message from console to server
                streamOut.writeUTF(console.readLine());
                streamOut.flush();
            }

            catch(IOException ioexception)
            {
                System.out.println("Error sending string to server: " + ioexception.getMessage());
                stop();
            }
        }
    }


    public void handle(String msg)
    {
        // Receives message from server
        if (msg.equals(".quit"))
        {
            // Leaving, quit command
            System.out.println("Exiting...Please press RETURN to exit ...");
            stop();
        }
        else
            // else, writes message received from server to console
            System.out.println(msg);
    }

    // Inits new client thread
    public void start() throws IOException
    {
        console   = new DataInputStream(System.in);
        streamOut = new DataOutputStream(socket.getOutputStream());
        if (thread == null)
        {
            client = new ChatClientThread(this, socket);
            thread = new Thread(this);
            thread.start();
        }
    }

    // Stops client thread
    public void stop()
    {
        if (thread != null)
        {
            thread.stop();
            thread = null;
        }
        try
        {
            if (console   != null)  console.close();
            if (streamOut != null)  streamOut.close();
            if (socket    != null)  socket.close();
        }

        catch(IOException ioe)
        {
            System.out.println("Error closing thread..."); }
        client.close();
        client.stop();
    }


    public static void main(String args[])
    {
        ChatClient client = null;
        if (args.length != 2)
            // Displays correct usage syntax on stdout
            System.out.println("Usage: java ChatClient host port");
        else
            // Calls new client
            client = new ChatClient(args[0], Integer.parseInt(args[1]));
    }

}

class ChatClientThread extends Thread
{
    private SSLSocket        socket   = null;
    private ChatClient       client   = null;
    private DataInputStream  streamIn = null;

    public ChatClientThread(ChatClient _client, SSLSocket _socket)
    {
        client   = _client;
        socket   = _socket;
        open();
        start();
    }

    public void open()
    {
        try
        {
            streamIn  = new DataInputStream(socket.getInputStream());
        }
        catch(IOException ioe)
        {
            System.out.println("Error getting input stream: " + ioe);
            client.stop();
        }
    }

    public void close()
    {
        try
        {
            if (streamIn != null) streamIn.close();
        }

        catch(IOException ioe)
        {
            System.out.println("Error closing input stream: " + ioe);
        }
    }

    public void run()
    {
        while (true)
        {   try
        {
            client.handle(streamIn.readUTF());
        }
        catch(IOException ioe)
        {
            System.out.println("Listening error: " + ioe.getMessage());
            client.stop();
        }
        }
    }
}

对于服务器:

import java.net.*;
import java.io.*;
import java.security.*;
import java.security.cert.CertificateException;
import java.util.Arrays;
import javax.net.ServerSocketFactory;
import javax.net.ssl.*;

public class ChatServer implements Runnable
{
    private ChatServerThread clients[] = new ChatServerThread[20];
    private SSLServerSocket server_socket = null;
    private Thread thread = null;
    private int clientCount = 0;
    final String[] enabledCipherSuites = {"TLS_RSA_WITH_AES_256_CBC_SHA256"};
    final char[] passphrase = "123456".toCharArray();


    public ChatServer(int port)
    {
        try
        {
            // Binds to port and starts server
            System.out.println("Binding to port " + port);
            SSLContext ctx = SSLContext.getInstance("TLS");;
            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream("serverkeystore"), passphrase);
            kmf.init(ks, passphrase);

            KeyStore serverKey = KeyStore.getInstance("JKS");
            serverKey.load(new FileInputStream("clientkeystore"),passphrase);
            TrustManagerFactory trustManager = TrustManagerFactory.getInstance("SunX509");
            trustManager.init(serverKey);

            ctx.init(kmf.getKeyManagers(), trustManager.getTrustManagers(), null);
            SSLServerSocketFactory ssf = ctx.getServerSocketFactory();
            server_socket = (SSLServerSocket) ssf.createServerSocket(port);
            server_socket.setEnabledCipherSuites(enabledCipherSuites);
            server_socket.setNeedClientAuth(true);
            System.out.println("Server started: " + server_socket);
            start();
        }
        catch(IOException ioexception)
        {
            // Error binding to port
            System.out.println("Binding error (port=" + port + "): " + ioexception.getMessage());
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
    }

    public void run()
    {
        while (thread != null)
        {
            try
            {
                // Adds new thread for new client
                System.out.println("Waiting for a client ...");
                addThread((SSLSocket)server_socket.accept());
            }
            catch(IOException ioexception)
            {
                System.out.println("Accept error: " + ioexception); stop();
            }
        }
    }

    public void start()
    {
        if (thread == null)
        {
            // Starts new thread for client
            thread = new Thread(this);
            thread.start();
        }
    }

    public void stop()
    {
        if (thread != null)
        {
            // Stops running thread for client
            thread.stop();
            thread = null;
        }
    }

    private int findClient(int ID)
    {
        // Returns client from id
        for (int i = 0; i < clientCount; i++)
            if (clients[i].getID() == ID)
                return i;
        return -1;
    }

    public synchronized void handle(int ID, String input)
    {
        if (input.equals(".quit"))
        {
            int leaving_id = findClient(ID);
            // Client exits
            clients[leaving_id].send(".quit");
            // Notify remaing users
            for (int i = 0; i < clientCount; i++)
                if (i!=leaving_id)
                    clients[i].send("Client " +ID + " exits..");
            remove(ID);
        }
        else
            // Brodcast message for every other client online
            for (int i = 0; i < clientCount; i++)
                clients[i].send(ID + ": " + input);
    }

    public synchronized void remove(int ID)
    {
        int pos = findClient(ID);

        if (pos >= 0)
        {
            // Removes thread for exiting client
            ChatServerThread toTerminate = clients[pos];
            System.out.println("Removing client thread " + ID + " at " + pos);
            if (pos < clientCount-1)
                for (int i = pos+1; i < clientCount; i++)
                    clients[i-1] = clients[i];
            clientCount--;

            try
            {
                toTerminate.close();
            }

            catch(IOException ioe)
            {
                System.out.println("Error closing thread: " + ioe);
            }

            toTerminate.stop();
        }
    }

    private void addThread(SSLSocket socket)
    {
        if (clientCount < clients.length)
        {
            // Adds thread for new accepted client
            System.out.println("Client accepted: " + socket);
            clients[clientCount] = new ChatServerThread(this, socket);

            try
            {
                clients[clientCount].open();
                clients[clientCount].start();
                clientCount++;
            }
            catch(IOException ioe)
            {
                System.out.println("Error opening thread: " + ioe);
            }
        }
        else
            System.out.println("Client refused: maximum " + clients.length + " reached.");
    }


    public static void main(String args[])
    {
        ChatServer server = null;

        if (args.length != 1)
            // Displays correct usage for server
            System.out.println("Usage: java ChatServer port");
        else
            // Calls new server
            server = new ChatServer(Integer.parseInt(args[0]));
    }

}

class ChatServerThread extends Thread
{
    private ChatServer       server    = null;
    private SSLSocket        socket    = null;
    private int              ID        = -1;
    private DataInputStream  streamIn  =  null;
    private DataOutputStream streamOut = null;


    public ChatServerThread(ChatServer _server, SSLSocket _socket)
    {
        super();
        server = _server;
        socket = _socket;
        ID     = socket.getPort();
    }

    // Sends message to client
    public void send(String msg)
    {
        try
        {
            streamOut.writeUTF(msg);
            streamOut.flush();
        }

        catch(IOException ioexception)
        {
            System.out.println(ID + " ERROR sending message: " + ioexception.getMessage());
            server.remove(ID);
            stop();
        }
    }

    // Gets id for client
    public int getID()
    {
        return ID;
    }

    // Runs thread
    public void run()
    {
        System.out.println("Server Thread " + ID + " running.");

        while (true)
        {
            try
            {
                server.handle(ID, streamIn.readUTF());
            }

            catch(IOException ioe)
            {
                System.out.println(ID + " ERROR reading: " + ioe.getMessage());
                server.remove(ID);
                stop();
            }
        }
    }


    // Opens thread
    public void open() throws IOException
    {
        streamIn = new DataInputStream(new BufferedInputStream(socket.getInputStream()));
        streamOut = new DataOutputStream(new BufferedOutputStream(socket.getOutputStream()));
    }

    // Closes thread
    public void close() throws IOException
    {
        if (socket != null)    socket.close();
        if (streamIn != null)  streamIn.close();
        if (streamOut != null) streamOut.close();
    }

}

对不起,如果我的英语有点生锈。

我的操作系统是OS X El Capitan,Java版本是1.8。

Here is the server's stack trace: 
/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/bin/java -Djavax.net.debug=all -Didea.launcher.port=7536 "-Didea.launcher.bin.path=/Applications/IntelliJ IDEA 15.app/Contents/bin" -Dfile.encoding=UTF-8 -classpath "/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/charsets.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/deploy.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/cldrdata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/dnsns.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/jaccess.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/jfxrt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/localedata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/nashorn.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/sunec.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/sunjce_provider.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/sunpkcs11.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/zipfs.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/javaws.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jce.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jfr.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jfxswt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jsse.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/management-agent.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/plugin.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/resources.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/ant-javafx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/dt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/javafx-mx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/jconsole.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/packager.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/sa-jdi.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/tools.jar:/Users/joaogoncalves/Dropbox/STI/out/production/STI Assignment 3:/Applications/IntelliJ IDEA 15.app/Contents/lib/idea_rt.jar" com.intellij.rt.execution.application.AppMain ChatServer 5000
Binding to port 5000
adding as trusted cert:
  Subject: CN=Joao Goncalves, OU=DEQ, O=UC, ST=Coimbra, C=PT
  Issuer:  CN=DEI, OU=DEI, O=UC, L=Coimbra, ST=Coimbra, C=PT
  Algorithm: RSA; Serial number: 0xc94895f3863a5c36
  Valid from Mon May 23 23:43:42 WEST 2016 until Tue May 23 23:43:42 WEST 2017

adding as trusted cert:
  Subject: CN=www.uc.pt, OU=DEM, O=UC, ST=Coimbra, C=PT
  Issuer:  CN=DEI, OU=DEI, O=UC, L=Coimbra, ST=Coimbra, C=PT
  Algorithm: RSA; Serial number: 0xc94895f3863a5c35
  Valid from Mon May 23 23:42:54 WEST 2016 until Tue May 23 23:42:54 WEST 2017

adding as trusted cert:
  Subject: CN=DEI, OU=DEI, O=UC, L=Coimbra, ST=Coimbra, C=PT
  Issuer:  CN=DEI, OU=DEI, O=UC, L=Coimbra, ST=Coimbra, C=PT
  Algorithm: RSA; Serial number: 0xdb931da4e1abec22
  Valid from Mon May 23 23:42:03 WEST 2016 until Tue May 23 23:42:03 WEST 2017

trigger seeding of SecureRandom
done seeding SecureRandom
Server started: [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=5000]]
Waiting for a client ...
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Client accepted: 74ce57fc[SSL_NULL_WITH_NULL_NULL: Socket[addr=/127.0.0.1,port=57519,localport=5000]]
Waiting for a client ...
Server Thread 57519 running.
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
No available cipher suite for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
No available cipher suite for TLSv1.1
[Raw read]: length = 5
0000: 16 03 03 00 52                                     ....R
[Raw read]: length = 82
0000: 01 00 00 4E 03 03 57 44   7B 3B B8 1E 77 88 AF 4E  ...N..WD.;..w..N
0010: C7 CA 73 CE AC 38 62 5D   18 BD 9A 16 7E 25 86 25  ..s..8b].....%.%
0020: 36 1C EF F5 B6 FF 00 00   02 00 3D 01 00 00 23 00  6.........=...#.
0030: 0D 00 1A 00 18 06 03 06   01 05 03 05 01 04 03 04  ................
0040: 01 03 03 03 01 02 03 02   01 02 02 01 01 FF 01 00  ................
0050: 01 00                                              ..
Thread-1, READ: TLSv1.2 Handshake, length = 82
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1464105787 bytes = { 184, 30, 119, 136, 175, 78, 199, 202, 115, 206, 172, 56, 98, 93, 24, 189, 154, 22, 126, 37, 134, 37, 54, 28, 239, 245, 182, 255 }
Session ID:  {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA256]
Compression Methods:  { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
[read] MD5 and SHA1 hashes:  len = 82
0000: 01 00 00 4E 03 03 57 44   7B 3B B8 1E 77 88 AF 4E  ...N..WD.;..w..N
0010: C7 CA 73 CE AC 38 62 5D   18 BD 9A 16 7E 25 86 25  ..s..8b].....%.%
0020: 36 1C EF F5 B6 FF 00 00   02 00 3D 01 00 00 23 00  6.........=...#.
0030: 0D 00 1A 00 18 06 03 06   01 05 03 05 01 04 03 04  ................
0040: 01 03 03 03 01 02 03 02   01 02 02 01 01 FF 01 00  ................
0050: 01 00                                              ..
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
Thread-1, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
Thread-1, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 28                               ......(
Thread-1, called closeSocket()
Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
57519 ERROR reading: no cipher suites in common
Removing client thread 57519 at 0
Thread-1, called close()
Thread-1, called closeInternal(true)
Thread-1, called close()
Thread-1, called closeInternal(true)
Thread-1, called close()
Thread-1, called closeInternal(true)

Process finished with exit code 130

问题答案:

每个验证方,总是服务器,这里的客户端密钥库也因为你指定的NeedClientAuth必须有私钥和证书(或多个)
,不仅是证书(或多个)。有两种方法可以做到这一点:

  • convert the OpenSSL generated privatekey plus the related certs to PKCS#12, and then either convert the PKCS#12 to JKS or just use the PKCS#12 in Java (JCE can handle it, and recent versions of Java8 even if you specify JKS! – see http://www.oracle.com/technetwork/java/javase/8u60-relnotes-2620227.html under Keystore Compatibility Mode). See:

How to import an existing x509 certificate and private key in Java keystore
to use in SSL?

How can i create keystore from an existing certificate (abc.crt) and abc.key
files?
Importing the private-key/public-certificate pair in the Java
KeyStore
convert certificate from pem into
jks (disclosure: mine)
How to create keystore from cer
files (disclosure: mine)

  • generate EE privatekey and CSR in Java, then use OpenSSL (with CA key and cert) to issue the EE cert, and import the certs back into the Java keystore:

    keytool -keystore server.jks -genkeypair -keyalg RSA
    

    keytool -keystore server.jks -certreq >server.csr
    openssl ca -in server.csr … -out server.crt

    or submit the CSR to a real CA and get its response

    then either install the chain all at once:

    cat server.crt ca.crt >temp
    keytool -keystore server.jks -importcert -file temp

    and confirm (need temp so stdin available for confirm;

    if using a public CA, can add -trustcacerts and use pipe instead)

    or install the certs separately, top down:

    keytool -keystore server.jks -importcert -file ca.crt -alias ca

    and confirm, THEN

    keytool -keystore server.jks -importcert -file server.crt

    (last) response must be ‘Certificate reply was installed’

    NOT merely ‘Certificate was added’ which means you messed up

    and similarly for client

The latter method (separate entries for ca.crt and privatekey+server.crt) has
the advantage this same file can be used as both the keystore and truststore,
you don’t need to use serverkey as clienttrust and vice versa. If these were
real systems, this would be a security benefit.

A final note: you should start using RSA 2048-bit keys. 1024-bit has been
prohibited by authorities like NIST and CABforum since 2014, and although Java
still accepts them, most browsers and many other tools are already warning for
them and likely soon will reject them. For similar reasons you should sign the
certificates with at least SHA256 – this can be set in the config file used
by ca or you can just use the commandline flag -md sha256.



 类似资料:
  • 问题内容: 按照此处的说明进行操作,并重新创建了我以前错误创建的证书。就像我现在在服务器和客户端上看到的一样,情况发生了变化。 服务器是ClassFileServer.java,相应的客户端是SSLSocketClientWithClientAuth.java 有关使两端都能正常播放的任何提示,请注意,我使用的是localhost,因此我假设密码功能相同。 更新: 这是我用于生成文件的步骤,我可能

  • 问题内容: 我最近一直在将SSL套接字用于消息传递系统。 我终于开始使用CA颁发的证书。我将其导入到密钥库中,设置了密钥库属性,并启动了客户端,但是当我尝试发送数据时,我一直收到握手异常。 我启用了调试模式,发现这是由于造成的。有什么想法吗? 如果有帮助,它还说它忽略了TLSV1和TLSV1.1中的大约10个密码套件。 我还安装了无限强度加密策略。 客户代码 服务器代码 编辑: 我刚刚添加了密码,

  • 问题内容: 我正在尝试在两个Java项目之间建立安全连接,但是却遇到了SSLHandshakeException(没有通用密码套件)的问题。这是在两侧创建套接字的方法: 客户: 服务器: 我有一个用keytool生成的RSA密钥。此代码从磁盘加载它。 我做错了什么? 更新: 我在此数组的两侧添加了对setEnabledCipherSuites的调用: 我得到相同的结果。 问题答案: 在服务器端,你

  • 我对证书知之甚少。 需要添加码头证书(v.9.4.11),这是申请的一部分。 用自签名试试——都可以。但是现在,需要用组织官方证书做。 管理员给我2个文件-。cer和。p7b。申请文件显示,足够的命令如下: keyool-导入-信任Cacerts-别名mydome-filemydomain.crt-keystorekeystore.jks 我将尝试使用。而不是。crt。密钥存储已创建、配置jett

  • 问题内容: 我正在使用SSLServerSocket接受我的openSUSE服务器上的客户端连接,但是它们都无法连接。我总是得到SSLHandshakeException的说法。我已经激活了所有可能的套件,启用了多个协议,并尝试了最新的Oracle JRE和openjdk。另外,我还关注了论坛和相关内容上的其他几篇文章,并“解锁”了Oracle jre中的所有密码套件,并像这样更改了openjdk

  • 我正在使用SSLServerSocket来接受我的openSUSE服务器上的客户端连接,但是它们都不能连接。我总是得到一个SSLHandshakeExc0019说。我已经激活了所有可能的套件,启用了多种协议,尝试了最新的oracle JRE和openjdk。我还关注了论坛上的其他几篇文章,并“解锁”了甲骨文jre中的所有密码套件,我像这样更改了openjdk jre的设置: 禁用:并启用: 以下是