java 17 javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure
我想从我的网站发送/接收信息(https 而不是 http),所以我尝试使用 Java 方法 / Apache / okhttp 并且我遇到了同样的问题:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Unknown Source)
at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at [email protected]/org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(Unknown Source)
这是我在 Apache 中使用的代码,它生成了之前的错误:
SSLContextBuilder SSLBuilder = SSLContexts.custom();
SSLBuilder = SSLBuilder.loadTrustMaterial(Main.class.getResource("cacerts.jks"), "changeit".toCharArray());
SSLContext sslContext = SSLBuilder.build();
// SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslContext, new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}, new String[]{"RSA"}, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
HttpClientBuilder clientbuilder = HttpClients.custom();
clientbuilder.setSSLSocketFactory(sslConSocFactory);
CloseableHttpClient httpClient = clientbuilder.build();
HttpPost uploadFile = new HttpPost(myURL);
uploadFile.setEntity(multipart);
CloseableHttpResponse response = httpClient.execute(uploadFile);
HttpEntity responseEntity = response.getEntity();
InputStream inputStream = responseEntity.getContent();
Scanner sc = new Scanner(inputStream).useDelimiter("\\A");
最后,这是与我的网站相关的公开信息:
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = eclypsegames.fr
verify return:1
write W BLOCK
---
Certificate chain
0 s:/CN=eclypsegames.fr
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgISA/OykyxAybOykERegIAej5tPMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjAzMDExODM4MjZaFw0yMjA1MzAxODM4MjVaMBoxGDAWBgNVBAME
vE+ZAmqhzYpdOTLIybnIaXgesAdn1DaO0afiRd1MoywmQaqR/vmrrTmoh6d7B0TP
x2MQfdgMhUAEnVBb+KnrLFnr7AMYhY5nMNMvdTn9dMPa+NmQoxZfHnTm8V1j2odH
U7WBLkD3ZT4wzNiE
-----END CERTIFICATE-----
subject=/CN=eclypsegames.fr
issuer=/C=US/O=Let's Encrypt/CN=R3
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 4740 bytes and written 386 bytes
---
New, TLSv1/SSLv3, Cipher is AEAD-CHACHA20-POLY1305-SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.3
Cipher : AEAD-CHACHA20-POLY1305-SHA256
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1646948026
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
read R BLOCK
read R BLOCK
closed
此外,我的项目的限制以及它能够在所有操作系统上运行的事实,因为目标是使其成为一个应用程序(.app / .exe / .deb /…)
I want to send/receive information from my website (https not http) so I try to use Java method / Apache / okhttp and I have the same problem :
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Unknown Source)
at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at [email protected]/org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(Unknown Source)
this is the code I use in Apache that generates me the previous error :
SSLContextBuilder SSLBuilder = SSLContexts.custom();
SSLBuilder = SSLBuilder.loadTrustMaterial(Main.class.getResource("cacerts.jks"), "changeit".toCharArray());
SSLContext sslContext = SSLBuilder.build();
// SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslContext, new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}, new String[]{"RSA"}, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
HttpClientBuilder clientbuilder = HttpClients.custom();
clientbuilder.setSSLSocketFactory(sslConSocFactory);
CloseableHttpClient httpClient = clientbuilder.build();
HttpPost uploadFile = new HttpPost(myURL);
uploadFile.setEntity(multipart);
CloseableHttpResponse response = httpClient.execute(uploadFile);
HttpEntity responseEntity = response.getEntity();
InputStream inputStream = responseEntity.getContent();
Scanner sc = new Scanner(inputStream).useDelimiter("\\A");
And finally, this is the public information relating to my website :
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = eclypsegames.fr
verify return:1
write W BLOCK
---
Certificate chain
0 s:/CN=eclypsegames.fr
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgISA/OykyxAybOykERegIAej5tPMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjAzMDExODM4MjZaFw0yMjA1MzAxODM4MjVaMBoxGDAWBgNVBAME
vE+ZAmqhzYpdOTLIybnIaXgesAdn1DaO0afiRd1MoywmQaqR/vmrrTmoh6d7B0TP
x2MQfdgMhUAEnVBb+KnrLFnr7AMYhY5nMNMvdTn9dMPa+NmQoxZfHnTm8V1j2odH
U7WBLkD3ZT4wzNiE
-----END CERTIFICATE-----
subject=/CN=eclypsegames.fr
issuer=/C=US/O=Let's Encrypt/CN=R3
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 4740 bytes and written 386 bytes
---
New, TLSv1/SSLv3, Cipher is AEAD-CHACHA20-POLY1305-SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.3
Cipher : AEAD-CHACHA20-POLY1305-SHA256
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1646948026
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
read R BLOCK
read R BLOCK
closed
In addition, the constraint of my project and the fact that it is able to work on all OS, because the goal is to make it an application (.app / .exe / .deb / …)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论