如何解决 Tomcat 7.0.100 上的 javax.net.ssl.SSLHandshake 异常错误?
Posted
技术标签:
【中文标题】如何解决 Tomcat 7.0.100 上的 javax.net.ssl.SSLHandshake 异常错误?【英文标题】:How to solve javax.net.ssl.SSLHandshake Exception Error on Tomcat 7.0.100? 【发布时间】:2020-12-26 01:09:38 【问题描述】:我已将 tomcat 版本从 7.0.53 升级到 7.0.100。部署tomcat时没有错误。但是当尝试使用 https 协议访问 URL 时,它会给出“javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure”。
Java:1.6.0_45
**Error log:**
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.100]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.100]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) [spring-web-3.1.2.RELEASE.jar:3.1.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) [spring-web-3.1.2.RELEASE.jar:3.1.2.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.100]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.100]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:7.0.100]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110) [catalina.jar:7.0.100]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:604) [catalina.jar:7.0.100]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:165) [catalina.jar:7.0.100]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) [catalina.jar:7.0.100]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) [catalina.jar:7.0.100]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452) [catalina.jar:7.0.100]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1195) [tomcat-coyote.jar:7.0.100]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:654) [tomcat-coyote.jar:7.0.100]
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:319) [tomcat-coyote.jar:7.0.100]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [na:1.6.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [na:1.6.0_45]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.100]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100) ~[na:1.6]
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) ~[na:1.6.0_45]
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) ~[na:1.6.0_45]
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) ~[commons-httpclient-3.1.jar:na]
at org.springframework.http.client.CommonsClientHttpRequest.executeInternal(CommonsClientHttpRequest.java:85) ~[spring-web-3.1.2.RELEASE.jar:3.1.2.RELEASE]
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46) ~[spring-web-3.1.2.RELEASE.jar:3.1.2.RELEASE]
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:49) ~[spring-web-3.1.2.RELEASE.jar:3.1.2.RELEASE]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:446) ~[spring-web-3.1.2.RELEASE.jar:3.1.2.RELEASE]
server.xml 中的连接器端口
<Connector port="8443"
maxPostSize="8388608"
maxThreads="50"
minSpareThreads="2"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
clientAuth="false"
SSLEnabled="true"
keystoreFile="$catalina.base/conf/server.jks"
keystoreType="JKS"
keystorePass="password"
truststoreFile="$catalina.base/conf/server.jks"
truststoreType="JKS"
truststorePass="password"
sslProtocol="TLS"
compression="force"
compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/x-javascript,application/javascript,text/css"
URIEncoding="UTF-8"
server=" "
/>
解决此问题的最佳方法是什么?提前致谢!
【问题讨论】:
JDK 构建中有cacerts 文件吗?
@GiorgiTsiklauri 是的。 java/jdk1.6.0_45/jre/lib/security中的cacerts文件
那么,您将 JDK 6 与 Tomcat 7 一起使用?很老了.. cacerts 的大小是多少?我希望它不是空的。
是的。 JDK 6 和 Tomcat 7。这个问题出现在 Tomcat 7.0.100 中。它适用于 tomcat 7.0.53。 cacerts 文件大小为 82.6 KB。
【参考方案1】:
这里的问题不在你和 tomcat 之间,而是在你的应用程序和它正在调用的远程 REST 服务之间。
由于您使用的是 Java 6,我猜您在连接到需要您使用 TLS 1.2 的远程服务时遇到问题
【讨论】:
但它适用于 tomcat 7.0.53。将tomcat版本升级到7.0.100后出现此问题。 这很奇怪。您可以使用 javax.net.debug=ssl 来跟踪 ssl 连接以上是关于如何解决 Tomcat 7.0.100 上的 javax.net.ssl.SSLHandshake 异常错误?的主要内容,如果未能解决你的问题,请参考以下文章