当前位置: 首页 > 知识库问答 >
问题:

JDK 11下TLS 1.3的握手失败

颛孙和悌
2023-03-14

在JDK 11下使用TLS 1.3原则上是可行的。然而,一旦在两个并发线程中建立连接,两个线程的初始握手都会失败。

这显然是一个已知的问题,应该已经解决了:

  • Oracle JDK 11.0.2
  • OpenJDK 11.0.3
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

public class Main {

    public static void main(String[] args) throws Exception {
        Thread t1 = new Thread(Main::createAndUseSslSocket);
        Thread t2 = new Thread(Main::createAndUseSslSocket);
        t1.start();
        t2.start();
        do {
            Thread.sleep(100);
        } while (t1.isAlive() || t2.isAlive());
    }

    private static void createAndUseSslSocket() {
        try (SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket("www.verisign.com", 443)) {
            socket.startHandshake();
        } catch (Exception e) {
            System.err.println(e.getClass().getName() + " " + e.getMessage());
        }
    }
}

使用OpenJDK11.0.9.11-hotspot,这应该是固定的:

"C:\Program Files\AdoptOpenJDK\jdk-11.0.9.11-hotspot/bin/javac" Main.java
"C:\Program Files\AdoptOpenJDK\jdk-11.0.9.11-hotspot/bin/java" -Djdk.tls.client.protocols="TLSv1.3" Main

或者甚至是OpenJDK15.0.1.9热点(这是今天在AdoptOpenJDK. net上可用的最新选项):

"C:\Program Files\AdoptOpenJDK\jdk-15.0.1.9-hotspot/bin/javac" Main.java
"C:\Program Files\AdoptOpenJDK\jdk-15.0.1.9-hotspot/bin/java" -Djdk.tls.client.protocols="TLSv1.3" Main
javax.net.ssl.SSLHandshakeException Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException Received fatal alert: handshake_failure

这是正式修复的,但我似乎无法让它工作。
这是怎么回事?

有一个解决办法,但从长远来看,这是不可接受的:

使用以下JVM属性禁用TLS 1.3:-Djdk.tls.client.protocols="TLSv1, TLSv1.1, TLSv1.2"

*编辑:当包含-Djavax时,输出结束。网debug=all(包括all)对于StackOverflow来说,140k字符太多。

javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:993|keyStore is :
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:994|keyStore type is : pkcs12
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:996|keyStore provider is :
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:1031|init keystore
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:1054|init keymanager of type SunX509
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:44.850 CET|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.850 CET|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:44.862 CET|SSLConfiguration.java:458|System property jdk.tls.client.SignatureSchemes is set to 'null'
javax.net.ssl|WARNING|0F|Thread-1|2020-10-30 15:16:44.863 CET|SignatureScheme.java:282|Signature algorithm, ed25519, not supported by JSSE
javax.net.ssl|WARNING|0F|Thread-1|2020-10-30 15:16:44.863 CET|SignatureScheme.java:282|Signature algorithm, ed448, not supported by JSSE
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha256
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha256
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha1
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: rsa_md5
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha1
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: rsa_md5
javax.net.ssl|INFO|0E|Thread-0|2020-10-30 15:16:45.194 CET|AlpnExtension.java:165|No available application protocols
javax.net.ssl|INFO|0F|Thread-1|2020-10-30 15:16:45.194 CET|AlpnExtension.java:165|No available application protocols
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.194 CET|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.194 CET|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.195 CET|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.195 CET|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "D0 1B 63 ED D3 4E 05 5E 98 E1 6B 9D F8 32 81 14 43 D3 45 F7 0D D3 D6 20 98 35 DF 67 85 C9 A9 65",
  "session id"          : "44 52 47 AB 32 A6 FC C1 CA 78 A7 DE 32 AC F8 95 6C DF 68 07 0C C5 35 D4 44 ED 29 7A 2F C9 BE 1E",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=www.verisign.com
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": x25519
          "key_exchange": {
            0000: 4C 31 CF 53 D6 2D 6D 30   19 D3 7E 4E CD B6 6A E2  L1.S.-m0...N..j.
            0010: 3A 49 0F C4 14 C2 53 FD   53 89 0D 7D 8F 4C AE 46  :I....S.S....L.F
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "3C 06 CA 04 F8 0F E4 E6 94 93 1F 48 A4 C0 84 27 76 7E D6 22 BB 62 B2 C6 CF FA A4 61 BE 02 04 E2",
  "session id"          : "C1 C4 8D 99 B0 57 69 D7 63 DC 78 26 7B 15 0B B1 F5 2E B9 50 52 22 F0 32 FB 63 C4 AA E4 FC E6 72",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=www.verisign.com
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": x25519
          "key_exchange": {
            0000: DF DF 74 F2 A7 A9 B5 EB   74 E4 26 DE F6 2B 82 27  ..t.....t.&..+.'
            0010: C1 4E D8 16 91 CA CB F6   0B 91 EE C9 69 C6 4F 03  .N..........i.O.
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:258|WRITE: TLS13 handshake, length = 266
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:258|WRITE: TLS13 handshake, length = 266
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:272|Raw write (
  0000: 16 03 03 01 0A 01 00 01   06 03 03 3C 06 CA 04 F8  ...........<....
  0010: 0F E4 E6 94 93 1F 48 A4   C0 84 27 76 7E D6 22 BB  ......H...'v..".
  0020: 62 B2 C6 CF FA A4 61 BE   02 04 E2 20 C1 C4 8D 99  b.....a.... ....
  0030: B0 57 69 D7 63 DC 78 26   7B 15 0B B1 F5 2E B9 50  .Wi.c.x&.......P
  0040: 52 22 F0 32 FB 63 C4 AA   E4 FC E6 72 00 06 13 02  R".2.c.....r....
  0050: 13 01 13 03 01 00 00 B7   00 00 00 15 00 13 00 00  ................
  0060: 10 77 77 77 2E 76 65 72   69 73 69 67 6E 2E 63 6F  .www.verisign.co
  0070: 6D 00 05 00 05 01 00 00   00 00 00 0A 00 16 00 14  m...............
  0080: 00 1D 00 17 00 18 00 19   00 1E 01 00 01 01 01 02  ................
  0090: 01 03 01 04 00 0D 00 1E   00 1C 04 03 05 03 06 03  ................
  00A0: 08 04 08 05 08 06 08 09   08 0A 08 0B 04 01 05 01  ................
  00B0: 06 01 02 03 02 01 00 32   00 1E 00 1C 04 03 05 03  .......2........
  00C0: 06 03 08 04 08 05 08 06   08 09 08 0A 08 0B 04 01  ................
  00D0: 05 01 06 01 02 03 02 01   00 2B 00 03 02 03 04 00  .........+......
  00E0: 2D 00 02 01 01 00 33 00   26 00 24 00 1D 00 20 DF  -.....3.&.$... .
  00F0: DF 74 F2 A7 A9 B5 EB 74   E4 26 DE F6 2B 82 27 C1  .t.....t.&..+.'.
  0100: 4E D8 16 91 CA CB F6 0B   91 EE C9 69 C6 4F 03     N..........i.O.
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:272|Raw write (
  0000: 16 03 03 01 0A 01 00 01   06 03 03 D0 1B 63 ED D3  .............c..
  0010: 4E 05 5E 98 E1 6B 9D F8   32 81 14 43 D3 45 F7 0D  N.^..k..2..C.E..
  0020: D3 D6 20 98 35 DF 67 85   C9 A9 65 20 44 52 47 AB  .. .5.g...e DRG.
  0030: 32 A6 FC C1 CA 78 A7 DE   32 AC F8 95 6C DF 68 07  2....x..2...l.h.
  0040: 0C C5 35 D4 44 ED 29 7A   2F C9 BE 1E 00 06 13 02  ..5.D.)z/.......
  0050: 13 01 13 03 01 00 00 B7   00 00 00 15 00 13 00 00  ................
  0060: 10 77 77 77 2E 76 65 72   69 73 69 67 6E 2E 63 6F  .www.verisign.co
  0070: 6D 00 05 00 05 01 00 00   00 00 00 0A 00 16 00 14  m...............
  0080: 00 1D 00 17 00 18 00 19   00 1E 01 00 01 01 01 02  ................
  0090: 01 03 01 04 00 0D 00 1E   00 1C 04 03 05 03 06 03  ................
  00A0: 08 04 08 05 08 06 08 09   08 0A 08 0B 04 01 05 01  ................
  00B0: 06 01 02 03 02 01 00 32   00 1E 00 1C 04 03 05 03  .......2........
  00C0: 06 03 08 04 08 05 08 06   08 09 08 0A 08 0B 04 01  ................
  00D0: 05 01 06 01 02 03 02 01   00 2B 00 03 02 03 04 00  .........+......
  00E0: 2D 00 02 01 01 00 33 00   26 00 24 00 1D 00 20 4C  -.....3.&.$... L
  00F0: 31 CF 53 D6 2D 6D 30 19   D3 7E 4E CD B6 6A E2 3A  1.S.-m0...N..j.:
  0100: 49 0F C4 14 C2 53 FD 53   89 0D 7D 8F 4C AE 46     I....S.S....L.F
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
  0000: 15 03 03 00 02                                     .....
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:214|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
  0000: 02 28                                              .(
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:247|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|Alert.java:238|Received alert message (
"Alert": {
  "level"      : "fatal",
  "description": "handshake_failure"
}
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
  0000: 15 03 03 00 02                                     .....
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:214|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
  0000: 02 28                                              .(
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:247|READ: TLSv1.2 alert, length = 2
javax.net.ssl|ERROR|0E|Thread-0|2020-10-30 15:16:45.372 CET|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
        at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:202)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1488)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1394)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412)
        at Main.createAndUseSslSocket(Main.java:23)
        at java.base/java.lang.Thread.run(Thread.java:832)}

)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|Alert.java:238|Received alert message (
"Alert": {
  "level"      : "fatal",
  "description": "handshake_failure"
}
)
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSessionImpl.java:1224|Invalidated session:  Session(1604067404870|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|ERROR|0F|Thread-1|2020-10-30 15:16:45.372 CET|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
        at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:202)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1488)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1394)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412)
        at Main.createAndUseSslSocket(Main.java:23)
        at java.base/java.lang.Thread.run(Thread.java:832)}

)
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSessionImpl.java:1224|Invalidated session:  Session(1604067404870|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1727|close the underlying socket
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1727|close the underlying socket
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1746|close the SSL connection (initiative)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1746|close the SSL connection (initiative)

共有1个答案

陶飞鸿
2023-03-14

这不是你的错(JDK11也不是)。

我在问题下的评论中说得太早了,如果我提供-Djdk.tls.client.protocols="TLSv1.3",本地失败与您的相同。

查看调试输出,拒绝握手的是服务器:

javax.net.ssl|DEBUG|0D|Thread-1|2020-10-30 15:30:52.829 CET|SSLSocketInputRecord.java:477|Raw read (
  0000: 02 28                                              .(
)

如果使用openssl并强制使用TLS1。3它将以相同的错误失败:

openssl s_client -connect www.verisign.com:443 -tls1_3
CONNECTED(00000003)
139777244485440:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40

注意警报编号40,对应于java调试输出中显示的十六进制28

所以它是www.verisign。com谁与TLS1有问题。3.

如果你尝试,例如www.google.com。com

更新

我刚刚在www.verisign上运行了在线测试。com使用SSL实验室,并确认:

 类似资料:
  • 我正在学习SSL通信,我遇到了这个问题。我正在编写一个简单的客户端,它试图与本地apache服务器握手。服务器启用https。我将服务器证书添加到所有可能的信任存储(jdk中的一个 注意:我从以下教程中获取了代码: http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#KRB 停留

  • 我通过受ssl v3保护的cxf使用soap服务。我从服务器下载.cer文件,并通过keytool使用以下指令创建JKS文件: 在java代码中,我将此代码用于客户端配置: 对于调用此代码的服务: 当我运行代码时,会发生此错误: 我搜索此错误,我意识到该错误是针对不良信任存储的。但我不知道如何生成正确的信任库。

  • 我在使用硒测试时收到此错误 我现在的代码是 是否有其他方法可以忽略/解决此错误?

  • 我正在对我们的数据库服务进行超文本传输协议请求的大循环。一切都很好,但是每当我运行它时,在成功查询(看似随机)数量后,我都会收到以下错误:

  • 我有一个用Java编写的REST API,在JBoss下运行。最近我们将JVM从1.6更新到1.7。这开始导致只有我们正在连接的Python客户端出现问题。间歇性地,Python客户端出现握手失败。我们编写了一个非常简单的测试来重现这个问题: 给出以下输出: 第67次调用在这次运行中失败了,但是每次测试运行失败的时间不同。 我们的其他客户端(Java、Groovy和Ruby)工作起来没有任何问题。

  • 问题内容: 我正在尝试将Jenkins CI配置为对我们的项目执行持续集成,并且无法使其通过https连接到我们的SVN存储库。每当我尝试配置存储库URL并尝试连接时,都会遇到以下异常: 我在tomcat实例上启用了SSL调试(使用),并得到了以下信息: 我尝试按照这篇文章中的说明在tomcat中添加属性,但仍然出现相同的错误。 在这一点上,我对发生的事情完全感到困惑。不幸的是,我不是完全了解SS