登录
当前位置: 首页 > 知识库问答 >
问题:

sslHandShakeException:收到致命警报:docker容器内的handshake_failure

阙佐
2023-03-14 
        URL url = new URL(remoteEndpointUrl);
        String encoded = Base64.getEncoder().encodeToString((login + ":"+ password).getBytes("UTF-8"));  //Java 8
        conn = (HttpURLConnection) url.openConnection();
        conn.setRequestProperty("Authorization", "Basic "+encoded);
        conn.setRequestMethod("DELETE");
        conn.setRequestProperty("Accept", "application/json");
        conn.setDoOutput(true);
        conn.getResponseCode();

java version "1.8.0_152"
Java(TM) SE Runtime Environment (build 1.8.0_152-b16)
Java HotSpot(TM) 64-Bit Server VM (build 25.152-b16, 
mixed mode)

现在,如果我拿着它在一个docker容器中运行它,该容器运行OpenJDK:8u151映像(我也是从Mac OS启动的映像),那么我最终会遇到以下异常

    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:203)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:162)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2033)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)

显然,我的本地TLS默认设置和docker容器中的默认设置之间没有任何区别。这是使用-djavax.net.debug=all运行时的调试输出:

本地输出:

    Allow unsafe renegotiation: false
    Allow legacy hello messages: true
    Is initial handshake: true
    Is secure renegotiation: false
    main, setSoTimeout(0) called
    main, the previous server name in SNI (type=host_name (0), value=example.com) was replaced with (type=host_name (0), value=example.com)
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
    %% No cached client session
    *** ClientHello, TLSv1.2
    RandomCookie:  GMT: 1541229707 bytes = { 122, 255, 53, 110, 142, 33, 132, 23, 192, 232, 102, 11, 200, 33, 185, 187, 146, 150, 134, 215, 2, 72, 62, 10, 76, 46, 224, 66 }
    Session ID:  {}
    Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
    Compression Methods:  { 0 }
    Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
    Extension ec_point_formats, formats: [uncompressed]
    Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
    Extension server_name, server_name: [type=host_name (0), value=example.com]
    ***
    [write] MD5 and SHA1 hashes:  len = 198
    0000: 01 00 00 C2 03 03 5C DD   4D 8B 7A FF 35 6E 8E 21  ......\.M.z.5n.!
    0010: 84 17 C0 E8 66 0B C8 21   B9 BB 92 96 86 D7 02 48  ....f..!.......H
    0020: 3E 0A 4C 2E E0 42 00 00   3A C0 23 C0 27 00 3C C0  >.L..B..:.#.'.<.
    0030: 25 C0 29 00 67 00 40 C0   09 C0 13 00 2F C0 04 C0  %.).g.@...../...
    0040: 0E 00 33 00 32 C0 2B C0   2F 00 9C C0 2D C0 31 00  ..3.2.+./...-.1.
    0050: 9E 00 A2 C0 08 C0 12 00   0A C0 03 C0 0D 00 16 00  ................
    0060: 13 00 FF 01 00 00 5F 00   0A 00 16 00 14 00 17 00  ......_.........
    0070: 18 00 19 00 09 00 0A 00   0B 00 0C 00 0D 00 0E 00  ................
    0080: 16 00 0B 00 02 01 00 00   0D 00 1C 00 1A 06 03 06  ................
    0090: 01 05 03 05 01 04 03 04   01 04 02 03 03 03 01 03  ................
    00A0: 02 02 03 02 01 02 02 00   00 00 1B 00 19 00 00 16  ................
    00B0: 73 75 6D 69 74 64 65 76   2E 6D 79 73 68 6F 70 69  example.com
    00C0: 66 79 2E 63 6F 6D
    main, WRITE: TLSv1.2 Handshake, length = 198
    [Raw write]: length = 203
    0000: 16 03 03 00 C6 01 00 00   C2 03 03 5C DD 4D 8B 7A  ...........\.M.z
    0010: FF 35 6E 8E 21 84 17 C0   E8 66 0B C8 21 B9 BB 92  .5n.!....f..!...
    0020: 96 86 D7 02 48 3E 0A 4C   2E E0 42 00 00 3A C0 23  ....H>.L..B..:.#
    0030: C0 27 00 3C C0 25 C0 29   00 67 00 40 C0 09 C0 13  .'.<.%.).g.@....
    0040: 00 2F C0 04 C0 0E 00 33   00 32 C0 2B C0 2F 00 9C  ./.....3.2.+./..
    0050: C0 2D C0 31 00 9E 00 A2   C0 08 C0 12 00 0A C0 03  .-.1............
    0060: C0 0D 00 16 00 13 00 FF   01 00 00 5F 00 0A 00 16  ..........._....
    0070: 00 14 00 17 00 18 00 19   00 09 00 0A 00 0B 00 0C  ................
    0080: 00 0D 00 0E 00 16 00 0B   00 02 01 00 00 0D 00 1C  ................
    0090: 00 1A 06 03 06 01 05 03   05 01 04 03 04 01 04 02  ................
    00A0: 03 03 03 01 03 02 02 03   02 01 02 02 00 00 00 1B  ................
    00B0: 00 19 00 00 16 73 75 6D   69 74 64 65 76 2E 6D 79  .....example.com
    [Raw read]: length = 5
    0000: 16 03 03 00 57                                     ....W
    [Raw read]: length = 87
    0000: 02 00 00 53 03 03 5C DD   4D 8B A2 3C 5D 36 46 82  ...S..\.M..<]6F.
    0010: BE 0E 5E DA 23 05 66 D5   1B AE 13 AA 8F 98 12 30  ..^.#.f........0
    0020: DF 52 9C 28 AA 7B 20 43   4F 5E 40 8C B4 C4 1E 26  .R.(.. CO^@....&
    0030: 4F 5D B8 3D 39 16 D5 56   41 9C B0 F8 D5 F4 2A 55  O].=9..VA.....*U
    0040: B3 0A E9 A2 6F 9D 88 C0   2B 00 00 0B FF 01 00 01  ....o...+.......
    0050: 00 00 0B 00 02 01 00                               .......
    main, READ: TLSv1.2 Handshake, length = 87
    *** ServerHello, TLSv1.2
    RandomCookie:  GMT: 1541229707 bytes = { 162, 60, 93, 54, 70, 130, 190, 14, 94, 218, 35, 5, 102, 213, 27, 174, 19, 170, 143, 152, 18, 48, 223, 82, 156, 40, 170, 123 }
    Session ID:  {67, 79, 94, 64, 140, 180, 196, 30, 38, 79, 93, 184, 61, 57, 22, 213, 86, 65, 156, 176, 248, 213, 244, 42, 85, 179, 10, 233, 162, 111, 157, 136}
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    Compression Method: 0
    Extension renegotiation_info, renegotiated_connection: <empty>
    Extension ec_point_formats, formats: [uncompressed]
    ***
    %% Initialized:  [Session-4, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
    ** TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    [read] MD5 and SHA1 hashes:  len = 87ere

    Allow unsafe renegotiation: false
    Allow legacy hello messages: true
    Is initial handshake: true
    Is secure renegotiation: false
    Test worker, setSoTimeout(0) called
    Test worker, the previous server name in SNI (type=host_name (0), value=example.com) was replaced with (type=host_name (0), value=example.com)
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
    %% No cached client session
    *** ClientHello, TLSv1.2
    RandomCookie:  GMT: 1541242532 bytes = { 118, 119, 70, 101, 0, 69, 160, 231, 254, 159, 164, 222, 99, 67, 81, 99, 102, 20, 11, 71, 1, 162, 231, 238, 141, 93, 75, 42 }
    Session ID:  {}
    Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
    Compression Methods:  { 0 }
    Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
    Extension server_name, server_name: [type=host_name (0), value=example.com]
    ***
    [write] MD5 and SHA1 hashes:  len = 208
    0000: 01 00 00 CC 03 03 5C DD   7F A4 76 77 46 65 00 45  ......\...vwFe.E
    0010: A0 E7 FE 9F A4 DE 63 43   51 63 66 14 0B 47 01 A2  ......cCQcf..G..
    0020: E7 EE 8D 5D 4B 2A 00 00   64 C0 24 C0 28 00 3D C0  ...]K*..d.$.(.=.
    0030: 26 C0 2A 00 6B 00 6A C0   0A C0 14 00 35 C0 05 C0  &.*.k.j.....5...
    0040: 0F 00 39 00 38 C0 23 C0   27 00 3C C0 25 C0 29 00  ..9.8.#.'.<.%.).
    0050: 67 00 40 C0 09 C0 13 00   2F C0 04 C0 0E 00 33 00  g.@...../.....3.
    0060: 32 C0 2C C0 2B C0 30 00   9D C0 2E C0 32 00 9F 00  2.,.+.0.....2...
    0070: A3 C0 2F 00 9C C0 2D C0   31 00 9E 00 A2 C0 08 C0  ../...-.1.......
    0080: 12 00 0A C0 03 C0 0D 00   16 00 13 00 FF 01 00 00  ................
    0090: 3F 00 0D 00 1C 00 1A 06   03 06 01 05 03 05 01 04  ?...............
    00A0: 03 04 01 04 02 03 03 03   01 03 02 02 03 02 01 02  ................
    00B0: 02 00 00 00 1B 00 19 00   00 16 73 75 6D 69 74 64  ..........
    00C0: 65 76 2E 6D 79 73 68 6F   70 69 66 79 2E 63 6F 6D  example.com
    Test worker, WRITE: TLSv1.2 Handshake, length = 208
    [Raw write]: length = 213
    0000: 16 03 03 00 D0 01 00 00   CC 03 03 5C DD 7F A4 76  ...........\...v
    0010: 77 46 65 00 45 A0 E7 FE   9F A4 DE 63 43 51 63 66  wFe.E......cCQcf
    0020: 14 0B 47 01 A2 E7 EE 8D   5D 4B 2A 00 00 64 C0 24  ..G.....]K*..d.$
    0030: C0 28 00 3D C0 26 C0 2A   00 6B 00 6A C0 0A C0 14  .(.=.&.*.k.j....
    0040: 00 35 C0 05 C0 0F 00 39   00 38 C0 23 C0 27 00 3C  .5.....9.8.#.'.<
    0050: C0 25 C0 29 00 67 00 40   C0 09 C0 13 00 2F C0 04  .%.).g.@...../..
    0060: C0 0E 00 33 00 32 C0 2C   C0 2B C0 30 00 9D C0 2E  ...3.2.,.+.0....
    0070: C0 32 00 9F 00 A3 C0 2F   00 9C C0 2D C0 31 00 9E  .2...../...-.1..
    0080: 00 A2 C0 08 C0 12 00 0A   C0 03 C0 0D 00 16 00 13  ................
    0090: 00 FF 01 00 00 3F 00 0D   00 1C 00 1A 06 03 06 01  .....?..........
    00A0: 05 03 05 01 04 03 04 01   04 02 03 03 03 01 03 02  ................
    00B0: 02 03 02 01 02 02 00 00   00 1B 00 19 00 00 16 73  ...............s
    00C0: 75 6D 69 74 64 65 76 2E   6D 79 73 68 6F 70 69 66  example.com
    00D0: 79 2E 63 6F 6D                                     
    [Raw read]: length = 5
    0000: 15 03 03 00 02                                     .....
    [Raw read]: length = 2
    0000: 02 28                                              .(
    Test worker, READ: TLSv1.2 Alert, length = 2
    Test worker, RECV TLSv1.2 ALERT:  fatal, handshake_failure
    Test worker, called closeSocket()
    Test worker, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failureere

编辑:在我的Mac OS上使用-dcom.sun.net.ssl.enableecc=false运行

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=host_name (0), value=example.com) was replaced with (type=host_name (0), value=example.com)
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1541432023 bytes = { 91, 55, 180, 242, 51, 13, 227, 239, 109, 218, 210, 217, 65, 181, 16, 146, 251, 182, 30, 23, 156, 83, 207, 5, 80, 0, 133, 88 }
Session ID:  {}
Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=example.com]
***
[write] MD5 and SHA1 hashes:  len = 134
0000: 01 00 00 82 03 03 5C E0   63 D7 5B 37 B4 F2 33 0D  ......\.c.[7..3.
0010: E3 EF 6D DA D2 D9 41 B5   10 92 FB B6 1E 17 9C 53  ..m...A........S
0020: CF 05 50 00 85 58 00 00   1A 00 3C 00 67 00 40 00  ..P..X....<.g.@.
0030: 2F 00 33 00 32 00 9C 00   9E 00 A2 00 0A 00 16 00  /.3.2...........
0040: 13 00 FF 01 00 00 3F 00   0D 00 1C 00 1A 06 03 06  ......?.........
0050: 01 05 03 05 01 04 03 04   01 04 02 03 03 03 01 03  ................
0060: 02 02 03 02 01 02 02 00   00 00 1B 00 19 00 00 16  ................
0070: 73 75 6D 69 74 64 65 76   2E 6D 79 73 68 6F 70 69  example.com
0080: 66 79 2E 63 6F 6D                                  
main, WRITE: TLSv1.2 Handshake, length = 134
[Raw write]: length = 139
0000: 16 03 03 00 86 01 00 00   82 03 03 5C E0 63 D7 5B  ...........\.c.[
0010: 37 B4 F2 33 0D E3 EF 6D   DA D2 D9 41 B5 10 92 FB  7..3...m...A....
0020: B6 1E 17 9C 53 CF 05 50   00 85 58 00 00 1A 00 3C  ....S..P..X....<
0030: 00 67 00 40 00 2F 00 33   00 32 00 9C 00 9E 00 A2  .g.@./.3.2......
0040: 00 0A 00 16 00 13 00 FF   01 00 00 3F 00 0D 00 1C  ...........?....
0050: 00 1A 06 03 06 01 05 03   05 01 04 03 04 01 04 02  ................
0060: 03 03 03 01 03 02 02 03   02 01 02 02 00 00 00 1B  ................
0070: 00 19 00 00 16 73 75 6D   69 74 64 65 76 2E 6D 79  .....example.com
0080: 73 68 6F 70 69 66 79 2E   63 6F 6D                 
[Raw read]: length = 5 
0000: 16 03 03 00 51                                     ....Q
[Raw read]: length = 81
0000: 02 00 00 4D 03 03 5C E0   63 DA 99 74 67 FF 71 48  ...M..\.c..tg.qH
0010: B5 9B 8F 63 A4 06 15 AE   1D E6 1B CA 27 C6 9C 85  ...c........'...
0020: B8 E8 40 03 89 54 20 29   3F 81 6A E8 E4 54 39 D7  ..@..T )?.j..T9.
0030: 5A 95 5B DD 7C 59 18 28   05 C2 49 75 22 2E 69 78  Z.[..Y.(..Iu".ix
0040: E1 1B 11 62 03 62 C0 00   9C 00 00 05 FF 01 00 01  ...b.b..........
0050: 00                                                 .
main, READ: TLSv1.2 Handshake, length = 81
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1541432026 bytes = { 153, 116, 103, 255, 113, 72, 181, 155, 143, 99, 164, 6, 21, 174, 29, 230, 27, 202, 39, 198, 156, 133, 184, 232, 64, 3, 137, 84 }
Session ID:  {41, 63, 129, 106, 232, 228, 84, 57, 215, 90, 149, 91, 221, 124, 89, 24, 40, 5, 194, 73, 117, 34, 46, 105, 120, 225, 27, 17, 98, 3, 98, 192}
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-4, TLS_RSA_WITH_AES_128_GCM_SHA256]
** TLS_RSA_WITH_AES_128_GCM_SHA256
[read] MD5 and SHA1 hashes: len = 81

共有1个答案

都飞跃
2023-03-14

不完全是一个答案,但我希望它能有所帮助。

在第一种情况下,客户机发送两个椭圆曲线扩展,但在第二种情况下不发送。我不知道这种不同行为的原因,但这可能是因为服务器无法找到一个共同的密码套件而无法继续下去。

RFC4492给出了两个原因,说明您不应该在缺少扩展时出现任何问题:

    null

如果使用-dcom.sun.net.ssl.enableecc=false运行本地测试,会发生什么?

您可以比较jre/lib中所有目录的内容,以查找可能缺少的内容。

例如,您的docker客户端是否包含文件libsunec.so

 类似资料:
  • sslHandShakeException:收到致命警报:handshake_failure[重复]

    我是张贴这个问题后,尝试了许多选项,从两天。下面是我尝试的选项。 null

  • Java 收到致命警报:通过SSLHandshakeException的handshake_failure

    问题内容: 授权SSL连接有问题。我已经创建了Struts Action,它使用客户端授权的SSL证书连接到外部服务器。在我的操作中,我尝试将一些数据发送到银行服务器,但是没有任何运气,因为由于服务器的原因,我出现以下错误: 我的Action类中的My Method将数据发送到服务器 我的merchant.properties文件: 我第一次以为这是证书问题,我将其从.pfx转换为.jks,但我遇

  • 如何修复“SSLHandShakeException:接收到致命警报:Decode_Error”?

    我们确实发现了一篇文章指出了java 11中TLS1.3的一个问题(https://webtide.com/openjdk-11-and-tls-1-3-issues/),但是我们已经尝试了java 12版本,但没有成功,所以我认为这不是问题所在。 因此,我们现在必须决定是通过强制使用TLS1.2来回归,还是继续寻找另一种解决方案。

  • 收到致命警报:handshake_failure

    问题内容: 我正在尝试使用 liferay中的* javapns 库将推送通知发送到我的设备。这是代码: * 调用pushNotification时出现此错误: 我已经用谷歌搜索了,但是找不到任何解决方案。 有谁知道如何解决这个问题? 问题答案: 当您要连接的服务器没有来自授权CA的有效证书时,通常会引发该异常。 简而言之,您尝试连接的服务器很可能使用自签名证书,因此您必须在Java代码中容纳该证

  • SSLHandshakeException:收到致命警报:Java 6-> 8升级后,handshake_failure

    问题内容: 我们最近将一个项目从Java 6更新为Java 8,现在我们在SSL握手方面遇到了麻烦。 服务层使用客户端来请求和接收来自第三方应用程序的呼叫。在服务层中,密钥库用初始化 并通过applicationContext.xml注入: 如果发生错误,客户端应该信任所有证书: 我在升级过程中将上面的“ SSL”更改为“ TLSv1”,因为Java 8不支持SSL。这可能是个问题吗? 调试日志

  • 收到致命警报:bad_certificate

    问题内容: 我正在尝试建立SSL套接字连接(并在客户端上执行以下操作) 我生成了证书签名请求以获取签名的客户证书 现在,我有一个私钥(在CSR中使用),一个签名的客户端证书和根证书(带外获得)。 我将私钥和签名的客户端证书添加到证书链中,并将其添加到密钥管理器中。和根证书到信任管理器。但是我收到了错误的证书错误。 我很确定自己使用的证书正确。是否也应该将签名的客户端证书添加到信任管理器?试了一下,

相关问答

收到致命警报: handshake_failure: javax.net.ssl.SSLHandshakeExceptionjavax错误。网ssl。SSLHandshakeException:收到致命警报:握手失败收到致命警报:bad_证书SSLv2Hello-javax.net.ssl.sslException:收到致命警报:expectionted_messageJava8、JBoss AS5、SSLException:“收到致命警报:handshake_failure”

相关文章

javax.net.ssl.SSLException:收到致命警报:protocol_versionSSL异常:javax.net.ssl.SSLHandshakeException:收到致命警报:certificate_unknown获取javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure错误收到HANDSHAKE_FAILURE警报无法传输工件(https://repo.maven.apache.org/maven2):收到致命警报:protocol_version-> [Help 1]

相关阅读

Linux分屏显示文件内容(more命令)Linux连接合并文件内容(cat命令)Docker 命令大全Nginx配置静态内容服务器Apache内容协商

相关工具

Docker —— 从入门到实践Docker极致CMS一天日报知乎小报

相关文档

从 Docker 到 Kubernetes 进阶Docker 从入门到实践自己动手写 servlet 容器略知 知识付费与内容变现 帮助文档命令行的艺术
快捷导航: 新手教程 算法原理 架构设计 Java进阶 数据库进阶 大厂专栏 面试经验 编程笔记 编程问答 所有专题 文档资料 工具软件 电子书籍 小牛导航
在线工具: 房贷计算器 个税计算器 Linux命令查询 Json格式化 正则表达式 颜色转换 AES加解密 SHA1加密 MD5加密 毒鸡汤 字数统计 随机密码生成 进制转换 Base64编解码 励志句子
Copyright © 2019-2024 小牛知识库@xnip.cn. All Rights Reserved.