尝试从 java 客户端建立 SSL 连接时出错

Posted 2023-02-22

【中文标题】尝试从 java 客户端建立 SSL 连接时出错

【英文标题】：Error trying to establish SSL connection from java client

【发布时间】：2015-06-13 21:33:38

【问题描述】：

我正在尝试建立从独立 java 客户端到 apache 服务器的 ssl 连接。我在 ssl 握手阶段遇到错误。使用 curl 访问相同的 REST API 可以正常工作。

我在服务器端遇到的错误：

d Apr 08 18:26:27 2015] [info] [client 192.168.100.250] Connection to child 1 established (server vcops-slice-1:443)
[Wed Apr 08 18:26:27 2015] [info] Seeding PRNG with 144 bytes of entropy
[Wed Apr 08 18:26:27 2015] [debug] ssl_engine_kernel.c(1931): OpenSSL: Handshake: start
[Wed Apr 08 18:26:27 2015] [debug] ssl_engine_kernel.c(1939): OpenSSL: Loop: before/accept initialization
[Wed Apr 08 18:26:37 2015] [info] [client 192.168.100.250] Request header read timeout
[Wed Apr 08 18:26:37 2015] [debug] ssl_engine_io.c(1904): OpenSSL: I/O error, 11 bytes expected to read on BIO#7f998f3c9630 [
mem: 7f998f3b7ad0]
[Wed Apr 08 18:26:37 2015] [debug] ssl_engine_kernel.c(1968): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Wed Apr 08 18:26:37 2015] [info] [client 192.168.100.250] (70007)The timeout specified has expired: SSL handshake interrupte
d by system [Hint: Stop button pressed in browser?!]
[Wed Apr 08 18:26:37 2015] [info] [client 192.168.100.250] Connection closed to child 1 with abortive shutdown (server vcops-
slice-1:44 

java客户端报错：

11:26:25.759 [main] DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: s->https://192.168.100.162:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://192.168.100.162/casa/sysadmin/cluster/status":Remote host closed connection during handshake; nested exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:557)
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:502)
    at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:444)
    at com.vmware.vrack.vrm.vrops.VropsServiceImpl.createAdapter(VropsServiceImpl.java:426)
    at com.vmware.vrack.vrm.vrops.VropsServiceImpl.createVcenterAdapter(VropsServiceImpl.java:358)
    at com.vmware.vrack.vrm.workflow.tasks.vcops.VropsTest.main(VropsTest.java:43)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533)
    at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:118)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:85)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:84)
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46)
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:52)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:541)
    ... 5 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(Unknown Source)
    ... 23 more

java客户端使用spring RestTemplate

httpHeaders.add(AUTH_HEADER, BASIC_AUTH +
                             new String(Base64.encodeBase64((vropsUsername + ":" + vropsPassword).getBytes())));
    httpHeaders.setAccept(new ArrayList<MediaType>() 
        add(new MediaType("application", "json"));
    );
    httpHeaders.setContentType(new MediaType("application", "json"));
  HttpEntity request = new HttpEntity<String> ("", httpHeaders);
    ResponseEntity<String> response = restTemplate.exchange(url, HttpMethod.GET, request, String.class);

【问题讨论】：

@AndyKorneyev 您的编辑完全适得其反，并且产生了难以辨认的混乱。报价格式适用于报价。您应该使用代码格式，即缩进 4 个空格。请不要破坏这里的帖子。

【参考方案1】：

问题是由于握手过程中发生超时。增加 apache ssl 配置中的超时解决了它。