当前位置: 首页 > 知识库问答 >
问题:

SSLHandshakeException:jetty服务器未选择任何密码来启动SSL握手

郜彬
2023-03-14
            tp1402834900-33, READ: TLSv1.2 Handshake, length = 227
            *** ClientHello, TLSv1.2
            RandomCookie:  GMT: 1496138621 bytes = { 96, 63, 100, 252, 232, 36, 198, 68, 124, 190, 117, 1, 205, 237, 23, 156, 66, 68, 27, 72, 46, 44, 245, 6, 67, 240, 24, 181 }
            Session ID:  {}
            Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
            Compression Methods:  { 0 }
            Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
            Extension ec_point_formats, formats: [uncompressed]
            Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA1withECDSA, SHA1withRSA, SHA1withDSA
            ***
            [read] MD5 and SHA1 hashes:  len = 227
                                          ...
            %% Initialized:  [Session-12, SSL_NULL_WITH_NULL_NULL]
            qtp1402834900-29, called closeOutbound()
            qtp1402834900-29, closeOutboundInternal()

和日志显示SSLHandshake异常

   Thread-38, WRITE: TLSv1.2 Handshake, length = 227
   Thread-38, received EOFException: error
   Thread-38, handling exception: javax.net.ssl.SSLHandshakeException: Remote 
   host closed connection during handshake
   Thread-38, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
   Thread-38, WRITE: TLSv1.2 Alert, length = 2
   Thread-38, called closeSocket
   Thread-38, called close
   Thread-38, called closeInternal

共有1个答案

漆雕硕
2023-03-14

Java6非常古老,被认为是Oracle的末日。

当您升级Java版本时,您也在快速升级在公共Internet上拥有安全和加密连接的含义。

例如:

    null
$ grep -E "^j.*disabled" $JAVA_HOME/jre/lib/security/java.security
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, \
$ cd /path/to/mybase && \
 java -jar /path/to/jetty-dist.jar -Djetty.dump.start=true
SslContextFactory@1ed4004b(null,null) trustAll=false
 +- Protocol Selections
 |   +- Enabled (size=3)
 |   |   +- TLSv1
 |   |   +- TLSv1.1
 |   |   +- TLSv1.2
 |   +- Disabled (size=2)
 |       +- SSLv2Hello - ConfigExcluded:'SSLv2Hello'
 |       +- SSLv3 - JreDisabled:java.security, ConfigExcluded:'SSLv3'
 +- Cipher Suite Selections
     +- Enabled (size=15)
     |   +- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
     |   +- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
     |   +- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
     |   +- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
     |   +- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
     |   +- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
     |   +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
     |   +- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
     |   +- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
     |   +- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
     |   +- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
     |   +- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
     |   +- TLS_EMPTY_RENEGOTIATION_INFO_SCSV
     |   +- TLS_RSA_WITH_AES_128_CBC_SHA256
     |   +- TLS_RSA_WITH_AES_128_GCM_SHA256
     +- Disabled (size=42)
         +- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_DHE_DSS_WITH_DES_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_DHE_RSA_WITH_DES_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_DH_anon_WITH_DES_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_RSA_EXPORT_WITH_DES40_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_RSA_WITH_3DES_EDE_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_RSA_WITH_DES_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_RSA_WITH_NULL_MD5 - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- SSL_RSA_WITH_NULL_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_DHE_DSS_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_DHE_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_DH_anon_WITH_AES_128_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_DH_anon_WITH_AES_128_CBC_SHA256 - JreDisabled:java.security
         +- TLS_DH_anon_WITH_AES_128_GCM_SHA256 - JreDisabled:java.security
         +- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDHE_ECDSA_WITH_NULL_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDHE_RSA_WITH_NULL_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDH_ECDSA_WITH_NULL_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDH_RSA_WITH_NULL_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDH_anon_WITH_AES_128_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_ECDH_anon_WITH_NULL_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_KRB5_WITH_3DES_EDE_CBC_MD5 - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_KRB5_WITH_3DES_EDE_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_KRB5_WITH_DES_CBC_MD5 - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_KRB5_WITH_DES_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
         +- TLS_RSA_WITH_NULL_SHA256 - JreDisabled:java.security
 类似资料:
  • 在SSL握手期间,当客户机中启用SNI扩展时,服务器不会选择并向客户机返回所需的证书。 我有一个证书链,我已经导入到服务器上JVM的密钥库中。 由内部中间颁发CA颁发的服务器证书。 内部根CA颁发的中间证书。 自签名根CA证书。 我使用“OpenSSL s_client”进行测试。 我不知道在SSL握手过程中证书选择在服务器上是如何工作的。

  • 启动开发环境服务可以设置不同的 hostname,你可以在启动命令后面加上--hostname 主机名 或 -H 主机名。它将会启动一个 TCP 服务器来监听连接所提供的主机。

  • 问题内容: 尝试使用go与postgres数据库通信,准备如下语句: 引发以下错误: 有什么办法吗? 如果需要,我可以添加更多信息。 问题答案: 您应该建立没有SSL加密的数据库连接,如下所示:

  • 最近我使用的是mongodb java异步驱动程序,它是最新发布的。我正在写一些简单的测试代码,它们是: 所以您可以看到没有调用回调函数。有人知道为什么吗?

  • 向整个社区致意。我的payara 5.2020应用程序服务器有问题。当我想用命令systemctl start payara.service启动它时,它不会启动并向我显示此错误消息: 启动服务器需要主密码。没有控制台,没有提示。您应该创建域java[3370]:命令启动域失败。 我试图改变我的域名的默认密码,但它仍然不起作用。 谢谢大家

  • 我也试着跟着索尔。 elasticsearch无法在ubuntu 15.10中启动服务