问题:
什么Java TLS操作会在握手时产生致命错误?
戎鹏云
我正在尝试连接到我自己的一个新的Minecraft服务器(从我自己的客户机)。这是一个全新的Ubuntu18.04安装Java10和最新的Minecraft 1.12服务器。
[09:06:57] [User Authenticator #4/ERROR]: Couldn't verify username because servers are unavailable
[09:06:57] [Server thread/INFO]: com.mojang.authlib.GameProfile@949cab4d[id=<null>,name=TheNameOfTheUser,properties={},legacy=false] (/10.1.1.19: 41433) lost connection: Authentication servers are down. Please try again later, sorry!
No. Time Source Destination Protocol Length Info
98 3.254294 10.200.0.133 54.230.198.91 TCP 74 43370 → 443 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=1994960819 TSecr=0 WS=128
No. Time Source Destination Protocol Length Info
99 3.265065 54.230.198.91 10.200.0.133 TCP 74 443 → 43370 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=1446415026 TSecr=1994960819 WS=256
No. Time Source Destination Protocol Length Info
100 3.265079 10.200.0.133 54.230.198.91 TCP 66 43370 → 443 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=1994960830 TSecr=1446415026
No. Time Source Destination Protocol Length Info
101 3.266259 10.200.0.133 54.230.198.91 TLSv1.2 342 Client Hello
No. Time Source Destination Protocol Length Info
102 3.275952 54.230.198.91 10.200.0.133 TCP 66 443 → 43370 [ACK] Seq=1 Ack=277 Win=30208 Len=0 TSval=1446415027 TSecr=1994960831
No. Time Source Destination Protocol Length Info
103 3.279589 54.230.198.91 10.200.0.133 TLSv1.2 5538 Server Hello, Certificate, Certificate Status, Server Key Exchange, Server Hello Done
Frame 103: 5538 bytes on wire (44304 bits), 5538 bytes captured (44304 bits)
Ethernet II, Src: 12:5b:d3:1d:51:cf (12:5b:d3:1d:51:cf), Dst: d6:8b:35:0c:a2:f2 (d6:8b:35:0c:a2:f2)
Internet Protocol Version 4, Src: 54.230.198.91, Dst: 10.200.0.133
Transmission Control Protocol, Src Port: 443, Dst Port: 43370, Seq: 1, Ack: 277, Len: 5472
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 65
Handshake Protocol: Server Hello
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4566
Handshake Protocol: Certificate
TLSv1.2 Record Layer: Handshake Protocol: Certificate Status
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 479
Handshake Protocol: Certificate Status
TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 333
Handshake Protocol: Server Key Exchange
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
No. Time Source Destination Protocol Length Info
104 3.279602 10.200.0.133 54.230.198.91 TCP 66 43370 → 443 [ACK] Seq=277 Ack=5473 Win=40192 Len=0 TSval=1994960844 TSecr=1446415028
Frame 104: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: d6:8b:35:0c:a2:f2 (d6:8b:35:0c:a2:f2), Dst: 12:5b:d3:1d:51:cf (12:5b:d3:1d:51:cf)
Internet Protocol Version 4, Src: 10.200.0.133, Dst: 54.230.198.91
Transmission Control Protocol, Src Port: 43370, Dst Port: 443, Seq: 277, Ack: 5473, Len: 0
No. Time Source Destination Protocol Length Info
105 3.280246 10.200.0.133 54.230.198.91 TLSv1.2 73 Alert (Level: Fatal, Description: Internal Error)
Frame 105: 73 bytes on wire (584 bits), 73 bytes captured (584 bits)
Ethernet II, Src: d6:8b:35:0c:a2:f2 (d6:8b:35:0c:a2:f2), Dst: 12:5b:d3:1d:51:cf (12:5b:d3:1d:51:cf)
Internet Protocol Version 4, Src: 10.200.0.133, Dst: 54.230.198.91
Transmission Control Protocol, Src Port: 43370, Dst Port: 443, Seq: 277, Ack: 5473, Len: 7
Secure Sockets Layer
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Length: 2
Alert Message
Level: Fatal (2)
Description: Internal Error (80)
No. Time Source Destination Protocol Length Info
106 3.280277 10.200.0.133 54.230.198.91 TCP 66 43370 → 443 [FIN, ACK] Seq=284 Ack=5473 Win=40192 Len=0 TSval=1994960845 TSecr=1446415028
Frame 106: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: d6:8b:35:0c:a2:f2 (d6:8b:35:0c:a2:f2), Dst: 12:5b:d3:1d:51:cf (12:5b:d3:1d:51:cf)
Internet Protocol Version 4, Src: 10.200.0.133, Dst: 54.230.198.91
Transmission Control Protocol, Src Port: 43370, Dst Port: 443, Seq: 284, Ack: 5473, Len: 0
No. Time Source Destination Protocol Length Info
112 3.290075 54.230.198.91 10.200.0.133 TCP 66 443 → 43370 [FIN, ACK] Seq=5473 Ack=285 Win=30208 Len=0 TSval=1446415029 TSecr=1994960845
Frame 112: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: 12:5b:d3:1d:51:cf (12:5b:d3:1d:51:cf), Dst: d6:8b:35:0c:a2:f2 (d6:8b:35:0c:a2:f2)
Internet Protocol Version 4, Src: 54.230.198.91, Dst: 10.200.0.133
Transmission Control Protocol, Src Port: 443, Dst Port: 43370, Seq: 5473, Ack: 285, Len: 0
No. Time Source Destination Protocol Length Info
113 3.290088 10.200.0.133 54.230.198.91 TCP 66 43370 → 443 [ACK] Seq=285 Ack=5474 Win=40192 Len=0 TSval=1994960855 TSecr=1446415029
Frame 113: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: d6:8b:35:0c:a2:f2 (d6:8b:35:0c:a2:f2), Dst: 12:5b:d3:1d:51:cf (12:5b:d3:1d:51:cf)
Internet Protocol Version 4, Src: 10.200.0.133, Dst: 54.230.198.91
Transmission Control Protocol, Src Port: 43370, Dst Port: 443, Seq: 285, Ack: 5474, Len: 0
共有1个答案
萧繁
感谢@gusto2的提示
这最终成为Ubuntu18.04中的一个bug。详细信息在另一个SO答案中,TL;DR解决方案是以root身份运行的
# /usr/bin/printf '\xfe\xed\xfe\xed\x00\x00\x00\x02\x00\x00\x00\x00\xe2\x68\x6e\x45\xfb\x43\xdf\xa4\xd9\x92\xdd\x41\xce\xb6\xb2\x1c\x63\x30\xd7\x92' > /etc/ssl/certs/java/cacerts
# /var/lib/dpkg/info/ca-certificates-java.postinst configure
类似资料:
-
> 客户端发送带有密码套件中包含的密码的“Client Hello”消息。 在server.xml中,这些密码都不出现。以下是catalina的条目: 连接器port=“4443”sslenabled=“true”acceptcount=“20000”maxthreads=“5000”allowtrace=“false”scheme=“https”secure=“true”clientauth=“
-
我需要与外部服务连接,而且我的客户端身份验证有问题。该服务需要证书、用户名和密码以及请求。 我正在使用Windows Server 2008 R2。 我已经收到带有证书的PKCS#7包并导入: 本地计算机/个人的SSL证书(仅含公钥) 中间CA和根CA到本地计算机/受信任的RootCertificationAuthorities 我已经在Windows注册表中启用了TLS 1.0、1.1、1.2客
-
问题内容: 最近,我按照这篇文章的建议删除了项目中的所有scriptlet 。但是现在,如果我尝试更改其中一个视图,则会收到deferredExpression错误。为了摆脱错误,我只需要终止,然后重新启动项目即可。 这里发生了什么?eclipse是否无法即时编译jstl?有什么我可以更改的,所以我不必每次进行更改都重新部署吗? 堆栈跟踪 问题答案: java.lang.NoSuchFieldEr
-
我正在尝试使用Spring RestTemplate调用POST Rest调用: 这个https://server.com有证书:webapi。tartu-x86。p12我将证书导入C:\Java_8\jre\lib\security\cacerts usinf keytool 运行代码后,我出现以下错误: 我使用的是Java1.8.091 有人能帮忙吗?
-
因此,我尝试在单个查询中,仅在行不存在的情况下插入行。 我的疑问如下: 有时(非常罕见,但仍然如此),它会生成以下错误: 违反主键约束“主键用户角色”。无法在对象“dbo”中插入重复键。用户的角色。重复的键值为(29851,1)。 是。下面是表的架构的完整SQL: 背景: 这是由托管在Apache服务器上的PHP脚本执行的,在数百次事件中,“随机”发生一次(很可能与并发相关)。 更多信息: 提供:
-
当类显式声明复制操作(即复制构造函数或复制赋值操作符)时,不会为该类声明移动操作。但是当类显式声明移动操作时,复制操作被声明为删除。为什么会存在这种不对称?为什么不指定如果声明了移动操作,则不会声明复制操作?据我所知,不会有任何行为差异,也不需要对移动和复制操作进行不对称处理。 [对于喜欢引用该标准的人,12.8/9和12.8/20中规定了具有复制操作声明的类的移动操作声明的缺失,12.8/7和1