使用CloseableHttpClient的不受支持的记录版本SSLv2Hello
章越
问题内容:
问题答案:
我试图拨打https并收到以下错误:记录版本不受支持SSLv2Hello
谁能告诉我我在做什么错?谢谢你的帮助。
这是StackTrace:
调试:
记录版本不支持SSLv2Hello
javax.net.ssl.SSLException:不支持的记录版本SSLv2Hello
在sun.security.ssl.InputRecord.readV3Record(未知来源)
在sun.security.ssl.InputRecord.read(未知来源)
在sun.security.ssl.SSLSocketImpl.readRecord(未知来源)
在sun.security.ssl.SSLSocketImpl.performInitialHandshake(未知来源)
在sun.security.ssl.SSLSocketImpl.startHandshake(未知来源)
在sun.security.ssl.SSLSocketImpl.startHandshake(未知来源)
在org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)
在org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254)
在org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123)
在org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318)
在org.apache.http.impl.execchain.MainClientExec。EstablishmentRoute(MainClientExec.java:363)
在org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
在org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
在org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
在org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
在org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
在org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
在httpcomponents.httpsTest.main(httpsTest.java:135)
这是工作示例:
导入com.sun.net.ssl.internal.ssl.Provider;
导入java.io.IOException;
导入java.security.KeyManagementException;
导入java.security.NoSuchAlgorithmException;
导入java.security.SecureRandom;
导入java.security.Security;
导入java.security.cert.CertificateException;
导入java.security.cert.X509Certificate;
导入java.text.MessageFormat;
导入java.util.ArrayList;
导入java.util.List;
导入java.util.Timer;
导入java.util.TimerTask;
导入java.util.concurrent.TimeUnit;
导入javax.net.ssl.SSLContext;
导入javax.net.ssl.SSLException;
导入javax.net.ssl.SSLSession;
导入javax.net.ssl.SSLSocket;
导入javax.net.ssl.TrustManager;
导入javax.net.ssl.X509TrustManager;
导入org.apache.http.Header;
导入org.apache.http.HttpHeaders;
导入org.apache.http.client.config.RequestConfig;
导入org.apache.http.client.methods.CloseableHttpResponse;
导入org.apache.http.client.methods.HttpHead;
导入org.apache.http.conn.socket.LayeredConnectionSocketFactory;
导入org.apache.http.conn.ssl.SSLConnectionSocketFactory;
导入org.apache.http.conn.ssl.SSLContexts;
导入org.apache.http.conn.ssl.X509HostnameVerifier;
导入org.apache.http.entity.ContentType;
导入org.apache.http.impl.client.CloseableHttpClient;
导入org.apache.http.impl.client.HttpClientBuilder;
导入org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
导入org.apache.http.protocol.BasicHttpContext;
导入org.apache.http.protocol.HttpContext;
字符串audioURL =“ [https://mydata.com/webreports/audio.jsp?callID=338786512&authentication=98695279578B04166629C0](https://mydata.com/webreports/audio.jsp?callID=338786512&authentication=98695279578B04166629C0) ”;
RequestConfig requestConfig = null;
requestConfig = RequestConfig
.custom()
.setConnectTimeout(5000)
.setConnectionRequestTimeout(5000)
.setSocketTimeout(5000)
。建立();
PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = null;
poolingHttpClientConnectionManager =新的PoolingHttpClientConnectionManager();
poolingHttpClientConnectionManager.setMaxTotal(5);
CloseableHttpClient closeableHttpClient = null;
HttpHead httpHead =新的HttpHead(audioURL);
尝试{
提供者sslProvider = new Provider();
如果(Security.getProvider(sslProvider.getName())== null){
Security.addProvider(sslProvider);
}
TrustManager [] trustAllCerts =新的TrustManager [] {
新的X509TrustManager(){
@Override
公开的X509Certificate [] getAcceptedIssuers(){
返回null;
}
@Override
public void checkServerTrusted(X509Certificate [] certs,String authType)抛出CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate [] certs,String authType)抛出CertificateException {
}
}
};
SSLContext sslContext = SSLContexts
.custom()
.useSSL()
。建立();
sslContext.init(null,trustAllCerts,新的SecureRandom());
LayeredConnectionSocketFactory sslConnectionSocketFactory =新的SSLConnectionSocketFactory(sslContext);
X509HostnameVerifier x509HostnameVerifier =新的X509HostnameVerifier(){
@Override
公共无效verify(String host,SSLSocket ssl)引发IOException {
//没做什么
}
@Override
公共无效verify(String host,X509Certificate cert)抛出SSLException {
//什么都不做//什么都不做
}
@Override
公共无效verify(String host,String [] cns,String [] subjectAlts)抛出SSLException {
//没做什么
}
@Override
public boolean verify(String string,SSLSession ssls){
返回true;
}
};
closeableHttpClient = HttpClientBuilder
。创造()
.setDefaultRequestConfig(requestConfig)
.setConnectionManager(poolingHttpClientConnectionManager)
.setSslcontext(sslContext)
.setHostnameVerifier(x509HostnameVerifier)
.setSSLSocketFactory(sslConnectionSocketFactory)
。建立();
} catch(NoSuchAlgorithmException noSuchAlgorithmException){
System.out.println(noSuchAlgorithmException.getMessage());
}捕获(KeyManagementException keyManagementException){
System.out.println(keyManagementException.getMessage());
}
HttpContext httpContext =新的BasicHttpContext();
CloseableHttpResponse closeableHttpResponse = null;
尝试{
如果(closeableHttpClient!= null){
closeableHttpResponse = closeableHttpClient.execute(httpHead,httpContext);
如果(closeableHttpResponse!= null){
int statusCode = closeableHttpResponse.getStatusLine()。getStatusCode();
System.out.println(String.valueOf(statusCode));
}
}
} catch(IOException iOException){
System.out.println(iOException.getMessage());
}最后{
如果(closeableHttpResponse!= null){
尝试{
closeableHttpResponse.close();
} catch(IOException iOException){
System.out.println(iOException.getMessage());
}
}
如果(closeableHttpClient!= null){
尝试{
closeableHttpClient.close();
} catch(IOException iOException){
System.out.println(iOException.getMessage());
}
}
}
问题答案:
弄清楚了。我在鞋带上绊倒的两个地方是:
需要在PoolingHttpClientConnectionManager中注册https
将TLSv1设置为SSLConnectionSocketFactory中唯一受支持的协议
package httpcomponents;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpHead;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
/**
*
* @author mark.jones
*/
public class HttpTest3 {
public static void main(String[] args) {
CloseableHttpClient closeableHttpClient = null;
CloseableHttpResponse closeableHttpResponse = null;
try {
HttpHead httpHead = null;
TrustStrategy trustStrategy = null;
SSLContext sslContext = null;
X509HostnameVerifier x509HostnameVerifier = null;
LayeredConnectionSocketFactory sslConnectionSocketFactory = null;
Registry<ConnectionSocketFactory> registry = null;
PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = null;
RequestConfig requestConfig = null;
String audioURL = "https://ancientserver.com/webreports/audio.jsp?callID=338786512&authentication=98695279578B04166629C0AC0ABB49F0";
httpHead = new HttpHead(audioURL);
trustStrategy = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] xcs, String authType) throws CertificateException {
return true;
}
};
sslContext = SSLContexts
.custom()
.useSSL()
.loadTrustMaterial(null, trustStrategy)
.setSecureRandom(new SecureRandom())
.build();
x509HostnameVerifier = new X509HostnameVerifier() {
@Override
public void verify(String host, SSLSocket ssl) throws IOException {
//do nothing
}
@Override
public void verify(String host, X509Certificate cert) throws SSLException {
//do nothing //do nothing
}
@Override
public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException {
//do nothing
}
@Override
public boolean verify(String string, SSLSession ssls) {
return true;
}
};
//either one works
//LayeredConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, new String[]{"TLSv1"}, null, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, new String[]{"TLSv1"}, null, x509HostnameVerifier);
registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", sslConnectionSocketFactory)
.build();
poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(registry);
requestConfig = RequestConfig
.custom()
.setConnectTimeout(5000) //5 seconds
.setConnectionRequestTimeout(5000)
.setSocketTimeout(5000)
.build();
closeableHttpClient = HttpClientBuilder
.create()
.setDefaultRequestConfig(requestConfig)
.setSslcontext(sslContext)
.setHostnameVerifier(x509HostnameVerifier)
.setSSLSocketFactory(sslConnectionSocketFactory)
.setConnectionManager(poolingHttpClientConnectionManager)
.build();
if (closeableHttpClient != null) {
closeableHttpResponse = closeableHttpClient.execute(httpHead);
if (closeableHttpResponse != null) {
int statusCode = closeableHttpResponse.getStatusLine().getStatusCode();
System.out.println(String.valueOf(statusCode));
System.out.println(closeableHttpResponse.getFirstHeader("Content-Type"));
}
}
} catch (NoSuchAlgorithmException noSuchAlgorithmException) {
System.out.println(noSuchAlgorithmException.getMessage());
} catch (KeyStoreException keyStoreException) {
System.out.println(keyStoreException.getMessage());
} catch (KeyManagementException keyManagementException) {
System.out.println(keyManagementException.getMessage());
} catch (IOException iOException) {
System.out.println(iOException.getMessage());
} finally {
if (closeableHttpResponse != null) {
try {
closeableHttpResponse.close();
} catch (IOException iOException) {
System.out.println(iOException.getMessage());
}
}
if (closeableHttpClient != null) {
try {
closeableHttpClient.close();
} catch (IOException iOException) {
System.out.println(iOException.getMessage());
}
}
}
}
}
类似资料:
-
我正在尝试进行https调用,但收到以下错误:不支持的记录版本SSLv2Hello 谁能说说我做错了什么吗?谢谢你的帮助。 下面是StackTrace: null 下面是工作示例: null
-
我发布了这个问题,我可以通过删除WebLogic startups参数来解决这个问题: 有人能解释一下吗?
-
在生成APK时,我得到了一个错误:项目使用的是一个不受支持的Gradle版本。我正在使用Android Studio3.5版本。 我试图更改build gradle类路径以匹配gradle-wrapper.properties中的distributionUrl,但是错误仍然存在。 首先,在项目级设置中,选择Use default gadle wrapper。 build.gradle文件:
-
我知道标题与其他问题几乎相同,但是,我无法用这些答案解决我的问题。 这就是问题所在: 我有两个几乎相同的项目(一个是用mercurial从另一个中克隆出来的),并且做了一些更改。在上次从原始项目拉入后,当我尝试运行该项目时,出现以下错误。我知道这意味着项目是用java7编译的,并用java6运行。 原项目保持正常运行。 如果我将项目属性中的Java Platform更改为java7,它就会运行,但
-
我正在尝试将play-scalr与Play一起使用,并遵循了Github页面上的安装说明,但是当我请求调整大小的映像时,我得到了错误: [RuntimeException:java.lang.UnsupportedClassVersionError:SE/DigiPlant/Scalr/API/Resizer$MODE:不支持Major.Minor版本51.0] 当我编译项目时,JAR是下载的,所
-
下面的代码有时失败,有时工作。我使用的是Java8。是服务器端的问题吗? 线程“main”javax.net.ssl.sslException中的异常:不支持的记录版本未知-0.0。