如何处理 SSL 握手
Posted
技术标签:
【中文标题】如何处理 SSL 握手【英文标题】:How to handle SSL Handshake 【发布时间】:2018-04-14 20:21:29 【问题描述】:我正在使用下面的代码并尝试使用https://localhost:32567?test=aaa通过浏览器访问它
SSLServerSocketFactory sslContextFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket ssl = (SSLServerSocket) sslContextFactory.createServerSocket(32567);
ssl.setEnabledProtocols(new String[] "TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3");
ssl.setEnabledCipherSuites(sslContextFactory.getSupportedCipherSuites());
Arrays.stream(ssl.getEnabledCipherSuites()).forEach(name -> System.out.println(name));
SSLSocket clientSocket = null;
while ((clientSocket = (SSLSocket) ssl.accept()) != null)
System.out.println("--------------------------");
System.out.println("--= SSL REQUEST ---");
DataInputStream in = new DataInputStream(clientSocket.getInputStream());
byte[] messageByte = new byte[1000];
messageByte[0] = in.readByte();
messageByte[1] = in.readByte();
我收到以下错误
线程“主”javax.net.ssl.SSLHandshakeException 中的异常:没有共同的密码套件
列出的密码是
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLS_DH_anon_WITH_AES_256_GCM_SHA384 TLS_DH_anon_WITH_AES_128_GCM_SHA256 TLS_DH_anon_WITH_AES_256_CBC_SHA256 TLS_ECDH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA256 TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_WITH_NULL_SHA256 TLS_ECDHE_ECDSA_WITH_NULL_SHA TLS_ECDHE_RSA_WITH_NULL_SHA SSL_RSA_WITH_NULL_SHA TLS_ECDH_ECDSA_WITH_NULL_SHA TLS_ECDH_RSA_WITH_NULL_SHA TLS_ECDH_anon_WITH_NULL_SHA SSL_RSA_WITH_NULL_MD5 TLS_KRB5_WITH_3DES_EDE_CBC_SHA TLS_KRB5_WITH_3DES_EDE_CBC_MD5 TLS_KRB5_WITH_DES_CBC_SHA TLS_KRB5_WITH_DES_CBC_MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
【问题讨论】:
你是否已经检查过这个答案:***.com/a/15144731/4506285 尝试启用 SSL 调试以获取更多信息:***.com/questions/23659564/… 【参考方案1】:发现是因为我没有创建证书
Create app with SSLSocket Java
keytool -genkey -keystore yourKEYSTORE -keyalg RSA keytool -importkeystore -srckeystore yourKEYSTORE -destkeystore yourKEYSTORE -deststoretype pkcs12
并使用 java 选项
-Djavax.net.ssl.keyStore=yourKEYSTORE -Djavax.net.ssl.keyStorePassword=test1234 -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
【讨论】:
以上是关于如何处理 SSL 握手的主要内容,如果未能解决你的问题,请参考以下文章
如何处理服务器SSL收到了一个弱临时Diffie-Hellman 密钥?
如何处理服务器SSL收到了一个弱临时Diffie-Hellman 密钥?
如何处理服务器SSL收到了一个弱临时Diffie-Hellman 密钥?