在 WAS 9 上使用 Apache HttpClient 和 IBM Jsse2 的 SSLHandshakeException
Posted
技术标签:
【中文标题】在 WAS 9 上使用 Apache HttpClient 和 IBM Jsse2 的 SSLHandshakeException【英文标题】:SSLHandshakeException using Apache HttpClient and IBM Jsse2 on WAS 9 【发布时间】:2020-01-03 15:26:48 【问题描述】:我有一个 web 应用程序,我在其中使用 HttpClient 向某些网页发送 get/Post 请求并验证响应。该应用程序在 Tomcat 8.5 上部署时运行良好,但现在由于公司指南,我需要使用 Websphere。因此,当我在 WAS 9 上部署此应用程序时,我的 http 请求开始因 SSL 异常而失败。
在调试此问题时,我注意到我构建 http 客户端的地方,Tomcat 版本的 web 应用程序提供了 JSSEProvider 的 Sun Jsse 实现,但部署在 WAS 上的应用程序获取 IBM Jsse2 提供程序。我想知道这是否是 SSL 异常的原因,有什么办法可以切换到 Sun Jsse?这里是设置SSlContext的地方——
HttpClient client = null;
try
HttpClientBuilder builder = HttpClientBuilder
.create()
.setRedirectStrategy(new LaxRedirectStrategy());
// setup a Trust Strategy that allows all certificates.
//Here I get sslContext as IBM Jsse2 vs Sun Jsse
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy()
public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
return true;
).build();
builder.setSSLContext(sslContext);
// don't check Hostnames, either.
HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
这是控制台日志 -
[8/30/19 5:51:06:758 CDT] 000000a5 SystemErr R javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
[8/30/19 5:51:06:759 CDT] 000000a5 SystemErr R at com.ibm.jsse2.av.a(av.java:782)
[8/30/19 5:51:06:760 CDT] 000000a5 SystemErr R at com.ibm.jsse2.av.i(av.java:574)
[8/30/19 5:51:06:760 CDT] 000000a5 SystemErr R at com.ibm.jsse2.av.a(av.java:280)
[8/30/19 5:51:06:761 CDT] 000000a5 SystemErr R at com.ibm.jsse2.av.startHandshake(av.java:431)
[8/30/19 5:51:06:762 CDT] 000000a5 SystemErr R at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
[8/30/19 5:51:06:762 CDT] 000000a5 SystemErr R at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
[8/30/19 5:51:06:762 CDT] 000000a5 SystemErr R at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
[8/30/19 5:51:06:763 CDT] 000000a5 SystemErr R at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
[8/30/19 5:51:06:763 CDT] 000000a5 SystemErr R at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:394)
[8/30/19 5:51:06:765 CDT] 000000a5 SystemErr R at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
[8/30/19 5:51:06:765 CDT] 000000a5 SystemErr R at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
[8/30/19 5:51:06:766 CDT] 000000a5 SystemErr R at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
[8/30/19 5:51:06:766 CDT] 000000a5 SystemErr R at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
[8/30/19 5:51:06:766 CDT] 000000a5 SystemErr R at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
[8/30/19 5:51:06:767 CDT] 000000a5 SystemErr R at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
[8/30/19 5:51:06:767 CDT] 000000a5 SystemErr R at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
[8/30/19 5:51:06:767 CDT] 000000a5 SystemErr R at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
[8/30/19 5:51:06:768 CDT] 000000a5 SystemErr R at validation.BrowserValidation.getPage(BrowserValidation.java:370)
[8/30/19 5:51:06:768 CDT] 000000a5 SystemErr R at validation.BrowserValidation.startValidation(BrowserValidation.java:83)
[8/30/19 5:51:06:768 CDT] 000000a5 SystemErr R at validation.ValidationMaster.routeValidation(ValidationMaster.java:119)
[8/30/19 5:51:06:769 CDT] 000000a5 SystemErr R at validation.ServerValidation.onMessage(ServerValidation.java:60)
[8/30/19 5:51:06:769 CDT] 000000a5 SystemErr R at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[8/30/19 5:51:06:769 CDT] 000000a5 SystemErr R at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
[8/30/19 5:51:06:770 CDT] 000000a5 SystemErr R at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
[8/30/19 5:51:06:770 CDT] 000000a5 SystemErr R at java.lang.reflect.Method.invoke(Method.java:508)
[8/30/19 5:51:06:771 CDT] 000000a5 SystemErr R at com.ibm.ws.wsoc.LinkRead.callOnMessage(LinkRead.java:1150)
[8/30/19 5:51:06:771 CDT] 000000a5 SystemErr R at com.ibm.ws.wsoc.LinkRead.processOnMessageTextAnnotation(LinkRead.java:1003)
[8/30/19 5:51:06:772 CDT] 000000a5 SystemErr R at com.ibm.ws.wsoc.LinkRead.processRead(LinkRead.java:319)
[8/30/19 5:51:06:772 CDT] 000000a5 SystemErr R at com.ibm.ws.wsoc.WsocConnLink.processRead(WsocConnLink.java:978)
[8/30/19 5:51:06:773 CDT] 000000a5 SystemErr R at com.ibm.ws.wsoc.WsocReadCallback.complete(WsocReadCallback.java:29)
[8/30/19 5:51:06:773 CDT] 000000a5 SystemErr R at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
[8/30/19 5:51:06:774 CDT] 000000a5 SystemErr R at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
[8/30/19 5:51:06:774 CDT] 000000a5 SystemErr R at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
[8/30/19 5:51:06:774 CDT] 000000a5 SystemErr R at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
[8/30/19 5:51:06:775 CDT] 000000a5 SystemErr R at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
[8/30/19 5:51:06:776 CDT] 000000a5 SystemErr R at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
[8/30/19 5:51:06:776 CDT] 000000a5 SystemErr R at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
[8/30/19 5:51:06:777 CDT] 000000a5 SystemErr R at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909)
[8/30/19 5:51:06:778 CDT] 000000a5 SystemErr R Caused by: java.io.EOFException: SSL peer shut down incorrectly
[8/30/19 5:51:06:779 CDT] 000000a5 SystemErr R at com.ibm.jsse2.b.a(b.java:231)
[8/30/19 5:51:06:780 CDT] 000000a5 SystemErr R at com.ibm.jsse2.av.a(av.java:579)
[8/30/19 5:51:06:780 CDT] 000000a5 SystemErr R ... 37 more
会不会是其他问题?
更新: 我检查了服务器日志,这就是它所说的 -
[9/3/19 5:04:45:670 CDT] 0000019a SSLHandshakeE E SSLC0008E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
at com.ibm.jsse2.D.z(D.java:531)
at com.ibm.jsse2.aq.b(aq.java:271)
at com.ibm.jsse2.aq.c(aq.java:236)
at com.ibm.jsse2.aq.wrap(aq.java:599)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:21)
at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:811)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInbound(SSLConnectionLink.java:617)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.ready(SSLConnectionLink.java:346)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1892)
Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
at com.ibm.jsse2.k.a(k.java:24)
at com.ibm.jsse2.aq.a(aq.java:604)
at com.ibm.jsse2.D.a(D.java:564)
at com.ibm.jsse2.D.a(D.java:522)
at com.ibm.jsse2.F.a(F.java:673)
at com.ibm.jsse2.F.a(F.java:782)
at com.ibm.jsse2.D.r(D.java:176)
at com.ibm.jsse2.D$b.a(D$b.java:3)
at com.ibm.jsse2.D$b.run(D$b.java:4)
at java.security.AccessController.doPrivileged(AccessController.java:730)
at com.ibm.jsse2.D$c.run(D$c.java:2)
at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:898)
... 12 more
【问题讨论】:
你调试远程端了吗?异常说对方突然关闭了连接。 另一端是有效的生产服务器,部署在 Tomcat 上的同一个应用程序可以正常响应,没有任何问题。 所以“不”。似乎是一个很好的下一步。 我当然可以看看,但我想知道 Tomcat 上的同一个应用程序是否能够从远程站点获得正确的响应,我不应该看看我的应用程序版本有什么问题吗?部署在 websphere 上? 是的,来自服务器的错误将通知该调查。 【参考方案1】:改用 HttpClientBuilder.useSystemProperties().build() 方法来创建 HTTPClient 的实例。 IBM 实现了自己的 SSLSocketFacxtory,最终在带有 IBM JDK 的 WAS 上被调用。 更多详情IBM site
【讨论】:
以上是关于在 WAS 9 上使用 Apache HttpClient 和 IBM Jsse2 的 SSLHandshakeException的主要内容,如果未能解决你的问题,请参考以下文章
org.apache.commons.fileupload.FileUploadBase$SizeLimitExceededException: the request was rejected be
Shiro报错-[org.apache.shiro.mgt.AbstractRememberMeManager] - There was a failure while trying to retri
出错:Cause: org.apache.ibatis.executor.ExecutorException: A query was run and no Result Maps were foun