谷歌云平台(应用引擎)SSL握手错误

Posted

技术标签:

【中文标题】谷歌云平台(应用引擎)SSL握手错误【英文标题】:Google Cloud Platform (app engine) SSL Handshake error 【发布时间】:2015-08-13 17:08:02 【问题描述】:

我在我的谷歌应用引擎应用程序中使用了 SSL。我已经设置好了,证书已经通过https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp 之类的网站进行了验证。我还使用 Java SSLPoke 测试了该站点。最后,我编写了一个 Java 程序来发布到我的网站,它也可以工作。

但是,当我使用 Portecle 检查我的网站时,我遇到了握手问题。 javax.net.debug 输出如下。

有人知道为什么我会收到此错误吗?

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
AWT-EventQueue-0, setSoTimeout(10000) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1433037580 bytes =  42, 125, 100, 34, 251, 8, 45, 185, 226,
 131, 130, 128, 139, 33, 24, 191, 86, 29, 239, 60, 47, 12, 226, 212, 68, 61, 233
, 27 
Session ID:  
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128
_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS
_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WI
TH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128
_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WI
TH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_E
DE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_
DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INF
O_SCSV]
Compression Methods:   0 
Extension elliptic_curves, curve names: secp256r1, sect163k1, sect163r2, secp19
2r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1
, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, s
ect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes:  len = 149
0000: 01 00 00 91 03 01 55 6A   6B 0C 2A 7D 64 22 FB 08  ......Ujk.*.d"..
0010: 2D B9 E2 83 82 80 8B 21   18 BF 56 1D EF 3C 2F 0C  -......!..V..</.
0020: E2 D4 44 3D E9 1B 00 00   2A C0 09 C0 13 00 2F C0  ..D=....*...../.
0030: 04 C0 0E 00 33 00 32 C0   07 C0 11 00 05 C0 02 C0  ....3.2.........
0040: 0C C0 08 C0 12 00 0A C0   03 C0 0D 00 16 00 13 00  ................
0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...
0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................
0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................
0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................
0090: 0B 00 02 01 00                                     .....
AWT-EventQueue-0, WRITE: TLSv1 Handshake, length = 149
[Raw write]: length = 154
0000: 16 03 01 00 95 01 00 00   91 03 01 55 6A 6B 0C 2A  ...........Ujk.*
0010: 7D 64 22 FB 08 2D B9 E2   83 82 80 8B 21 18 BF 56  .d"..-......!..V
0020: 1D EF 3C 2F 0C E2 D4 44   3D E9 1B 00 00 2A C0 09  ..</...D=....*..
0030: C0 13 00 2F C0 04 C0 0E   00 33 00 32 C0 07 C0 11  .../.....3.2....
0040: 00 05 C0 02 C0 0C C0 08   C0 12 00 0A C0 03 C0 0D  ................
0050: 00 16 00 13 00 04 00 FF   01 00 00 3E 00 0A 00 34  ...........>...4
0060: 00 32 00 17 00 01 00 03   00 13 00 15 00 06 00 07  .2..............
0070: 00 09 00 0A 00 18 00 0B   00 0C 00 19 00 0D 00 0E  ................
0080: 00 0F 00 10 00 11 00 02   00 12 00 04 00 05 00 14  ................
0090: 00 08 00 16 00 0B 00 02   01 00                    ..........
AWT-EventQueue-0, received EOFException: error
AWT-EventQueue-0, handling exception: 
javax.net.ssl.SSLHandshakeException: Remot
e host closed connection during handshake
AWT-EventQueue-0, SEND TLSv1 ALERT:  fatal, description = handshake_failure
AWT-EventQueue-0, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28                               ......(
AWT-EventQueue-0, called closeSocket()
AWT-EventQueue-0, IOException in getSession():    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
AWT-EventQueue-0, called close()
AWT-EventQueue-0, called closeInternal(true)

【问题讨论】:

【参考方案1】:

鉴于您看到EOFExceptionIOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake,看来远程主机在握手期间关闭了连接。

我不确定是否支持 TLSv1,或者这是否没有问题,但这是我的最佳猜测。确实,您必须发布更多信息,如果其他所有网站(包括至关重要的浏览器)都能够验证证书等等,我也不会太担心。

【讨论】:

以上是关于谷歌云平台(应用引擎)SSL握手错误的主要内容,如果未能解决你的问题,请参考以下文章

谷歌云平台计算引擎

将 node.js 应用程序部署到谷歌云平台时找不到模块“yargs”错误

HTTP错误 400 |谷歌云平台将csv导入谷歌sql服务器(cloud sql)

英特尔携手谷歌云加速最新虚拟机;谷歌云平台下调抽成比例;Hitachi Vantara推出全新云成本优化服务...

程序激活错误的谷歌云平台项目

谷歌云平台到 S3/Redshift