当前位置: 首页 > 知识库问答 >
问题:

ClientHello在握手过程中协商TLS版本失败

韩弘阔
2023-03-14

我正在尝试使用java邮件发送邮件。我的邮件服务器只接受TLSv1.2。我试图在我的客户端请求中配置TLSv1.2。但是,在TLS握手期间,我的客户你好总是使用TLSv1。我试图调试下面的握手,

[22:10:45:099]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: %% No cached client session|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: *** ClientHello, TLSv1|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: RandomCookie:  |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: GMT: 1546533645 |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: bytes = { |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 85|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 83|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 155|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 171|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 182|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 72|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 149|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 172|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 46|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 116|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 34|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 18|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 6|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 97|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 139|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 142|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 6|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 223|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 139|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 14|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 72|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 51|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 129|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 210|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 76|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 177|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 254|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 144|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]:  }|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Session ID:  |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: {}|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Compression Methods:  { |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 0|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]:  }|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Extension ec_point_formats, formats: [uncompressed]|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Extension server_name, server_name: [type=host_name (0), value=mail.someserver.com]|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: ***|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, WRITE: TLSv1 Handshake, length = 175|
[22:10:45:227]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, received EOFException: error|
[22:10:45:227]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , SEND TLSv1.2 ALERT:  |
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: fatal, |
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: description = handshake_failure|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, WRITE: TLSv1.2 Alert, length = 2|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, called closeSocket()|
[22:10:45:231]|[01-03-2019]|[SYSERR]|[INFO]|[56]: java.lang.Exception: Error in connecting to SMTP host.|

我在客户端进行了以下配置,以继续连接TLSv1.2,

-协议=TLSv1.2

-Dmail.smtp.ssl.protocols=“TLSv1.2”

-Djdk.tls.client.protocols=TLSv1.2

邮件服务器日志中引发的错误是

  • SSL错误0x80090331客户端和服务器无法通信,因为它们没有通用算法

我不明白为什么clientHello总是选择TLSv1而不是TLSv1.2。请帮我解决这个问题。

public static void sendMail(JSONObject mailProps, JSONObject serverProps) throws Exception {
    boolean var2 = true;
    String mailPort;
    try {
        String mailServer = serverProps.getString("SERVER_NAME");
        mailPort = serverProps.getString("PORT");
        String mailAuthenUser = serverProps.has("USER_NAME") ? serverProps.getString("USER_NAME") : "";
        String mailAuthenPwd = serverProps.has("PASSWORD") ? serverProps.getString("PASSWORD") : "";
        String securityType = serverProps.has("CONNECTION_SECURITY") ? serverProps.getString("CONNECTION_SECURITY") : "";
        boolean isHtmlFormat = false;
        if (mailProps.has("ENABLE_HTML_FORMAT") && mailProps.getBoolean("ENABLE_HTML_FORMAT") || serverProps.has("ENABLE_HTML_FORMAT") && serverProps.getBoolean("ENABLE_HTML_FORMAT")) {
            isHtmlFormat = true;
        }

        String fromAddress = mailProps.has("FROM_MAIL_ID") ? mailProps.getString("FROM_MAIL_ID") : serverProps.getString("FROM_MAIL_ID");
        String toAddress = mailProps.has("TO_ADDRESSES") ? mailProps.getString("TO_ADDRESSES") : serverProps.getString("ADMIN_MAIL_ID");
        String subject = mailProps.getString("SUBJECT");
        String message = mailProps.getString("MESSAGE");
        Properties systemProps = System.getProperties();
        Properties properties = (Properties)systemProps.clone();
        properties.put("mail.smtp.host", mailServer);
        properties.put("mail.smtp.port", mailPort);
        properties.put("mail.smtp.sendpartial", "true");
        Session session = null;
        boolean authRequired = false;
        properties.put("mail.smtp.auth", "false");
        if (mailAuthenUser != null && mailAuthenPwd != null && (!mailAuthenUser.equals("") || !mailAuthenPwd.equals(""))) {
            properties.put("mail.smtp.auth", "true");
            authRequired = true;
        }

        if ("SSL".equalsIgnoreCase(securityType)) {
            properties.put("mail.smtp.socketFactory.port", mailPort);
            properties.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
            properties.put("mail.smtp.socketFactory.fallback", "false");
        } else if ("TLS".equalsIgnoreCase(securityType)) {
            properties.put("mail.smtp.starttls.enable", "true");
            properties.put("mail.smtp.starttls.required", "true");
        }

        if (authRequired) {
            Authenticator auth = new MailAction.SMTPAuthenticator(mailAuthenUser, mailAuthenPwd);
            session = Session.getInstance(properties, auth);
        } else {
            session = Session.getInstance(properties);
        }

        session.setDebug(false);
        MimeMessage mess = new MimeMessage(session);
        if (toAddress != null) {
            String[] to = toAddress.split(",");
            InternetAddress[] toInternetAddress = new InternetAddress[to.length];

            for(int i = 0; i < to.length; ++i) {
                toInternetAddress[i] = new InternetAddress(to[i].trim());
            }

            mess.setRecipients(RecipientType.TO, toInternetAddress);
        }

        if (fromAddress != null && !fromAddress.equals("")) {
            mess.setFrom(new InternetAddress(fromAddress));
        }

        String type;
        if (mailProps.has("PRIORITY")) {
            type = mailProps.get("PRIORITY").toString();
            if (type.equalsIgnoreCase("High") || type.equalsIgnoreCase("Low")) {
                mess.setHeader("Importance", type);
                mess.setHeader("X-Priority", type);
            }
        }

        type = isHtmlFormat ? "text/html;charset=UTF-8" : "text/plain;charset=UTF-8";
        mess.setContent(message, type);
        if (mailProps.has("CC_ADDRESS")) {
            String[] cc = (String[])((String[])mailProps.get("CC_ADDRESS"));
            InternetAddress[] ccInternetAddress = new InternetAddress[cc.length];

            for(int i = 0; i < cc.length; ++i) {
                ccInternetAddress[i] = new InternetAddress(cc[i].trim());
            }

            mess.setRecipients(RecipientType.CC, ccInternetAddress);
        }

        mess.setSentDate(new Date());
        mess.setSubject(subject, "UTF-8");
        Thread.currentThread().setContextClassLoader(mess.getClass().getClassLoader());
        Transport.send(mess);
    } catch (Exception var29) {
        out.log(Level.INFO, " ", var29);
    }
}

共有1个答案

曾景龙
2023-03-14

这是JavaMail 1.5.3之前的硬编码默认值,因此升级应该可以解决问题(请记住JavaMail已被Jakarta Mail取代)。

作为一种解决方法,您可以将所需的协议设置为以空格分隔的列表(正如Ajinkya所建议的那样)

properties.put("mail.smtp.ssl.protocols", "TLSv1.2 TLSv1.1");
 类似资料:
  • 我需要与外部服务连接,而且我的客户端身份验证有问题。该服务需要证书、用户名和密码以及请求。 我正在使用Windows Server 2008 R2。 我已经收到带有证书的PKCS#7包并导入: 本地计算机/个人的SSL证书(仅含公钥) 中间CA和根CA到本地计算机/受信任的RootCertificationAuthorities 我已经在Windows注册表中启用了TLS 1.0、1.1、1.2客

  • 我们很难与远程机器(如PayPal vb)建立https连接谁从我们的系统中禁用了SSL3协议。Net应用程序。HttpWebRequest实例的GetResponse方法出现以下异常。 请求被中止:无法创建SSL/TLS安全通道。 当我们使用WireShark深入并跟踪网络日志时,我们看到远程机器返回以下错误 TLSv1。2警报(级别:致命,描述:握手失败)握手失败40 更有趣的情况是,当我尝试

  • 问题内容: 我正在使用Apache HttpClient与Java中的主机之一进行通信,并且正在抛出。完整的跟踪是 触发播种的SecureRandom的完成播种的SecureRandom忽略不可用的加密套件:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA忽略不可用的加密套件:TLS_DHE_RSA_WITH_AES_256_CBC_SHA忽略不可用的加密套件:TLS_ECDH

  • 我正在使用Apache HttpClient与Java中的一个主机通信,它正在抛出。完整的追踪是 我试过很多东西,但无法弄清楚到底是什么问题。

  • 在JDK 11下使用TLS 1.3原则上是可行的。然而,一旦在两个并发线程中建立连接,两个线程的初始握手都会失败。 这显然是一个已知的问题,应该已经解决了: Oracle JDK 11.0.2 OpenJDK 11.0.3 使用OpenJDK,这应该是固定的: 或者甚至是OpenJDK(这是今天在AdoptOpenJDK. net上可用的最新选项): 这是正式修复的,但我似乎无法让它工作。 这是怎

  • 从外部客户端到库伯内特斯集群内的服务器的TLS握手失败。这是关于理解为什么。 我已经配置了一个Istio入口网关,以通过端口15433上接收的TLS,并将其路由到端口433上的服务器。 当客户端尝试TLS握手时,入口网关日志显示活动,但不显示服务器日志,也不显示istio代理日志。 TLS客户端: 日志 Istio入口网关日志: 其中192.168.101.136是myservice pod的IP