在 WAS 9 上使用 Apache HttpClient 和 IBM Jsse2 的 SSLHandshakeException

Posted

技术标签:

【中文标题】在 WAS 9 上使用 Apache HttpClient 和 IBM Jsse2 的 SSLHandshakeException【英文标题】:SSLHandshakeException using Apache HttpClient and IBM Jsse2 on WAS 9 【发布时间】:2020-01-03 15:26:48 【问题描述】:

我有一个 web 应用程序,我在其中使用 HttpClient 向某些网页发送 get/Post 请求并验证响应。该应用程序在 Tomcat 8.5 上部署时运行良好,但现在由于公司指南,我需要使用 Websphere。因此,当我在 WAS 9 上部署此应用程序时,我的 http 请求开始因 SSL 异常而失败。

在调试此问题时,我注意到我构建 http 客户端的地方,Tomcat 版本的 web 应用程序提供了 JSSEProvider 的 Sun Jsse 实现,但部署在 WAS 上的应用程序获取 IBM Jsse2 提供程序。我想知道这是否是 SSL 异常的原因,有什么办法可以切换到 Sun Jsse?这里是设置SSlContext的地方——

HttpClient client = null;
        try 

            HttpClientBuilder builder = HttpClientBuilder
                    .create()
                    .setRedirectStrategy(new LaxRedirectStrategy());

            // setup a Trust Strategy that allows all certificates.
//Here I get sslContext as IBM Jsse2 vs Sun Jsse
            SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() 
                public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException 
                    return true;
                
            ).build();

            builder.setSSLContext(sslContext);

            // don't check Hostnames, either.
            HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;

这是控制台日志 -

[8/30/19 5:51:06:758 CDT] 000000a5 SystemErr     R javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
[8/30/19 5:51:06:759 CDT] 000000a5 SystemErr     R  at com.ibm.jsse2.av.a(av.java:782)
[8/30/19 5:51:06:760 CDT] 000000a5 SystemErr     R  at com.ibm.jsse2.av.i(av.java:574)
[8/30/19 5:51:06:760 CDT] 000000a5 SystemErr     R  at com.ibm.jsse2.av.a(av.java:280)
[8/30/19 5:51:06:761 CDT] 000000a5 SystemErr     R  at com.ibm.jsse2.av.startHandshake(av.java:431)
[8/30/19 5:51:06:762 CDT] 000000a5 SystemErr     R  at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
[8/30/19 5:51:06:762 CDT] 000000a5 SystemErr     R  at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
[8/30/19 5:51:06:762 CDT] 000000a5 SystemErr     R  at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
[8/30/19 5:51:06:763 CDT] 000000a5 SystemErr     R  at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
[8/30/19 5:51:06:763 CDT] 000000a5 SystemErr     R  at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:394)
[8/30/19 5:51:06:765 CDT] 000000a5 SystemErr     R  at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
[8/30/19 5:51:06:765 CDT] 000000a5 SystemErr     R  at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
[8/30/19 5:51:06:766 CDT] 000000a5 SystemErr     R  at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
[8/30/19 5:51:06:766 CDT] 000000a5 SystemErr     R  at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
[8/30/19 5:51:06:766 CDT] 000000a5 SystemErr     R  at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
[8/30/19 5:51:06:767 CDT] 000000a5 SystemErr     R  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
[8/30/19 5:51:06:767 CDT] 000000a5 SystemErr     R  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
[8/30/19 5:51:06:767 CDT] 000000a5 SystemErr     R  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
[8/30/19 5:51:06:768 CDT] 000000a5 SystemErr     R  at validation.BrowserValidation.getPage(BrowserValidation.java:370)
[8/30/19 5:51:06:768 CDT] 000000a5 SystemErr     R  at validation.BrowserValidation.startValidation(BrowserValidation.java:83)
[8/30/19 5:51:06:768 CDT] 000000a5 SystemErr     R  at validation.ValidationMaster.routeValidation(ValidationMaster.java:119)
[8/30/19 5:51:06:769 CDT] 000000a5 SystemErr     R  at validation.ServerValidation.onMessage(ServerValidation.java:60)
[8/30/19 5:51:06:769 CDT] 000000a5 SystemErr     R  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[8/30/19 5:51:06:769 CDT] 000000a5 SystemErr     R  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
[8/30/19 5:51:06:770 CDT] 000000a5 SystemErr     R  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
[8/30/19 5:51:06:770 CDT] 000000a5 SystemErr     R  at java.lang.reflect.Method.invoke(Method.java:508)
[8/30/19 5:51:06:771 CDT] 000000a5 SystemErr     R  at com.ibm.ws.wsoc.LinkRead.callOnMessage(LinkRead.java:1150)
[8/30/19 5:51:06:771 CDT] 000000a5 SystemErr     R  at com.ibm.ws.wsoc.LinkRead.processOnMessageTextAnnotation(LinkRead.java:1003)
[8/30/19 5:51:06:772 CDT] 000000a5 SystemErr     R  at com.ibm.ws.wsoc.LinkRead.processRead(LinkRead.java:319)
[8/30/19 5:51:06:772 CDT] 000000a5 SystemErr     R  at com.ibm.ws.wsoc.WsocConnLink.processRead(WsocConnLink.java:978)
[8/30/19 5:51:06:773 CDT] 000000a5 SystemErr     R  at com.ibm.ws.wsoc.WsocReadCallback.complete(WsocReadCallback.java:29)
[8/30/19 5:51:06:773 CDT] 000000a5 SystemErr     R  at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
[8/30/19 5:51:06:774 CDT] 000000a5 SystemErr     R  at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
[8/30/19 5:51:06:774 CDT] 000000a5 SystemErr     R  at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
[8/30/19 5:51:06:774 CDT] 000000a5 SystemErr     R  at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
[8/30/19 5:51:06:775 CDT] 000000a5 SystemErr     R  at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
[8/30/19 5:51:06:776 CDT] 000000a5 SystemErr     R  at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
[8/30/19 5:51:06:776 CDT] 000000a5 SystemErr     R  at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
[8/30/19 5:51:06:777 CDT] 000000a5 SystemErr     R  at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909)
[8/30/19 5:51:06:778 CDT] 000000a5 SystemErr     R Caused by: java.io.EOFException: SSL peer shut down incorrectly
[8/30/19 5:51:06:779 CDT] 000000a5 SystemErr     R  at com.ibm.jsse2.b.a(b.java:231)
[8/30/19 5:51:06:780 CDT] 000000a5 SystemErr     R  at com.ibm.jsse2.av.a(av.java:579)
[8/30/19 5:51:06:780 CDT] 000000a5 SystemErr     R  ... 37 more

会不会是其他问题?

更新: 我检查了服务器日志,这就是它所说的 -

[9/3/19 5:04:45:670 CDT] 0000019a SSLHandshakeE E   SSLC0008E: Unable to initialize SSL connection.  Unauthorized access was denied or security settings have expired.  Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
        at com.ibm.jsse2.D.z(D.java:531)
        at com.ibm.jsse2.aq.b(aq.java:271)
        at com.ibm.jsse2.aq.c(aq.java:236)
        at com.ibm.jsse2.aq.wrap(aq.java:599)
        at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:21)
        at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:811)
        at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInbound(SSLConnectionLink.java:617)
        at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.ready(SSLConnectionLink.java:346)
        at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
        at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
        at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
        at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
        at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
        at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
        at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
        at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
        at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
        at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1892)
Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
        at com.ibm.jsse2.k.a(k.java:24)
        at com.ibm.jsse2.aq.a(aq.java:604)
        at com.ibm.jsse2.D.a(D.java:564)
        at com.ibm.jsse2.D.a(D.java:522)
        at com.ibm.jsse2.F.a(F.java:673)
        at com.ibm.jsse2.F.a(F.java:782)
        at com.ibm.jsse2.D.r(D.java:176)
        at com.ibm.jsse2.D$b.a(D$b.java:3)
        at com.ibm.jsse2.D$b.run(D$b.java:4)
        at java.security.AccessController.doPrivileged(AccessController.java:730)
        at com.ibm.jsse2.D$c.run(D$c.java:2)
        at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:898)
        ... 12 more

【问题讨论】:

你调试远程端了吗?异常说对方突然关闭了连接。 另一端是有效的生产服务器,部署在 Tomcat 上的同一个应用程序可以正常响应,没有任何问题。 所以“不”。似乎是一个很好的下一步。 我当然可以看看,但我想知道 Tomcat 上的同一个应用程序是否能够从远程站点获得正确的响应,我不应该看看我的应用程序版本有什么问题吗?部署在 websphere 上? 是的,来自服务器的错误将通知该调查。 【参考方案1】:

改用 HttpClientBuilder.useSystemProperties().build() 方法来创建 HTTPClient 的实例。 IBM 实现了自己的 SSLSocketFacxtory,最终在带有 IBM JDK 的 WAS 上被调用。 更多详情IBM site

【讨论】:

以上是关于在 WAS 9 上使用 Apache HttpClient 和 IBM Jsse2 的 SSLHandshakeException的主要内容,如果未能解决你的问题,请参考以下文章

HTTPClient模块的HttpGet和HttpPost

httpClient 配置与测试

org.apache.commons.fileupload.FileUploadBase$SizeLimitExceededException: the request was rejected be

网络爬虫Java实现抓取网页内容

Shiro报错-[org.apache.shiro.mgt.AbstractRememberMeManager] - There was a failure while trying to retri

出错:Cause: org.apache.ibatis.executor.ExecutorException: A query was run and no Result Maps were foun