在 CertificateVerify 步骤之后,两种方式 SSL 握手失败 (javax.net.ssl.SSLHandshakeException),同时更改为新建立的密码套件
Posted
技术标签:
【中文标题】在 CertificateVerify 步骤之后,两种方式 SSL 握手失败 (javax.net.ssl.SSLHandshakeException),同时更改为新建立的密码套件【英文标题】:Two way SSL handshake failed (javax.net.ssl.SSLHandshakeException) after CertificateVerify step, while changing to the newly established cipher suite 【发布时间】:2021-02-14 19:38:29 【问题描述】:我遇到了关于双向 SSL 连接的问题。 启用并浏览 SSL 调试日志后,我发现证书交换正常进行。 但是在 CertificateVerify 步骤之后,在更改为新建立的密码套件时,它会因 SSLHandshakeException 而失败。
还有一件事是,我使用 org.apache.http.conn.ssl.SSLConnectionSocketFactory 类进行连接,并使用 javax.net.ssl.SSLContext 提供 Keystore-Path、Keystore-Password、Keystore-Type 和 Java -truststore-path 和 Truststore-password。
我还在 jre/lib/security 文件夹中安装了 Unlimited_JCE_Policy jar。 但问题仍未解决。
以下是 SSL 调试日志(针对敏感信息进行了编辑),我在 Tomcat 服务器中添加 -Djavax.net.debug=all 选项后得到。
我用尽了所有选项,请帮我调试一下。
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1587274296 bytes = 228, 35, 120, 21, 209, 132, 132, 30, 149, 198, 112, 126, 30, 140, 242, 220, 243, 241, 56, 217, 176, 72, 122, 189, 186, 84, 138, 107
Session ID:
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: 0
Extension elliptic_curves, curve names: secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=dummy.com]
***
*** ServerHello, TLSv1.2
RandomCookie: GMT: -2114684890 bytes = 90, 119, 248, 248, 216, 146, 249, 153, 116, 215, 63, 118, 5, 51, 75, 21, 65, 51, 234, 73, 65, 80, 89, 71, 5, 187, 85, 226
Session ID: 112, 15, 35, 25, 164, 178, 118, 92, 24, 151, 252, 227, 204, 187, 222, 165, 37, 25, 166, 93, 48, 20, 154, 31, 32, 87, 70, 46, 28, 203, 174, 53
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=dummy.com, O=DUMMY Limited, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: SHA256withRSA, OID = 1.2.111.110.1.1.11
Key: Sun RSA public key, 4096 bits
modulus: 7052631620228616775547420082798548950919340244279073769913613702342981771967237727631055951453640239431872969513669580187218236284810019094046772967383964532691044447883775955540400053241556727447454890970235292057633871512623754154522008251593390574617993609393573311038571044673755004608177602839240960109581315205585347515078577522273536482843663843811938218601566841063681809030993800845128902732754491954172896897202969405469795346575603858447770830369150744853454485036414564857862466788398095271768313704507089183067041424424717802090540269511201316204005685738584558793704003073277045577506581083711618971410286995431647668371083015395607216137051566569465878831815839796621268795715613323716340707965068111045737962122919999999999999933600342589999999999999845225257671111111111111111111137441
public exponent: 64437
Validity: [From: Mon Jul 06 12:53:18 IST 2020,
To: Tue Oct 04 12:53:17 IST 2022]
Issuer: CN=Entrust Certification Authority - L1K, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
SerialNumber: [ 05899999 86999999 41999999 a9999999]
Certificate Extensions: 10
[1]: ObjectId: 1.2.7.1.3.1.11111.1.5.1 Criticality=false
------------------------------------------------------------
------------------------------------------------------------
Romoved some log because it is sensitive
------------------------------------------------------------
------------------------------------------------------------
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=dummy.com, O=DUMMY Limited, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 4096 bits
modulus: 7429401386363194735786622861677554742008279854895091934024427907376991361370234298177196736239611005309266079510841102241838644451686007112674335445896622723772763105595145364023943187296951366958018721823027277873629629885038121643592346301790624375915886284810019094046772967383964532691044447883775955540400053241556727447454890970235292057633871512623754154522008251593390574617993609393573311038571044673755004608177602839240960109581315205585347515078577522273536482843663843811938218601566841063681809030993800845128902732754491954172896897202969405469795346575603858447770830369150744853454485036414564857862466788398095271768313704507089183067041424444444444444444424717802090540277777777777777777777777777714102869954316476683711111111111111111110830153956072161370511111111111111111111566569465878831815839999999999999999999997966213677137441
public exponent: 65887
Validity: [From: Mon Jul 06 12:53:18 IST 2020,
To: Tue Oct 04 12:53:17 IST 2022]
Issuer: CN=Entrust Certification Authority - L1K, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
SerialNumber: [ 05888888 8688888 41QAAAA a2DDDDDD]
Certificate Extensions: 10
[1]: ObjectId: 8.3.2.1.4.1.11129.2.9.2 Criticality=false
]
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 384 bits
public x coord: 11111111111111111111117999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
public y coord: 22222222222222222222228888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888
------------------------------------------------------------
------------------------------------------------------------
Romoved some log because it is sensitive
------------------------------------------------------------
------------------------------------------------------------
TP-Processor3, READ: TLSv1.2 Handshake, length = 36
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
Cert Authorities:
<Empty>
TP-Processor3, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=CLIENT.com, O=CLIENT PRIVATE LIMITED, L=Bengaluru, ST=Karnataka, C=IN
Signature Algorithm: SHA256withRSA, OID = 1.2.888.111111.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 290917627347077908622611910632100000000000000000000000000000046087609704050900299815422531856488310792015976698480303255190950151018144486664719368897666666666666666666666666666667145802981061762927385555555555555555555555555555555555555555503641034961875452964581873004195272822222222222222222222222222222222222241568761927572710269917900733536516748436670893218496130253762999469395666158787885478532805483186099417219102169363707338972728090057330429792574728036578324737889348700154291814348847920005022222222222222222222222222222222222222222222222222222222102150393074157132754725779611111111111111111111111111111111113565461
public exponent: 65537
Validity: [From: Thu Dec 12 05:30:00 IST 2019,
To: Tue Dec 15 17:30:00 IST 2020]
Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
SerialNumber: [ 0666666a 2077777d 2888888 4199999]
Certificate Extensions: 10
[1]: ObjectId: 1.2.5.1.3.1.11155.6.7.8 Criticality=false
------------------------------------------------------------
------------------------------------------------------------
Romoved some log because it is sensitive
------------------------------------------------------------
------------------------------------------------------------
]
***
*** ECDHClientKeyExchange
ECDH Public value: 4, 111, 666, 74, 104, 24, 333, , 11, 121, 158, 78, 48, 248, 141, 125, 22, 85, 97, 33, 123, 231, 100 237, 255, 172, 229, 113, 51, 40, 444, 54, 66, 89, 93, 13, 999, 183, 170, 778, 889, 453, 231, 098, 123, 975
[write] MD5 and SHA1 hashes: len = 1725
------------------------------------------------------------
------------------------------------------------------------
Romoved some log because it is sensitive
------------------------------------------------------------
------------------------------------------------------------
TP-Processor3, WRITE: TLSv1.2 Handshake, length = 1725
[Raw write]: length = 1730
SESSION KEYGEN:
PreMaster Secret:
------------------------------------------------------------
Romoved some log because it is sensitive
------------------------------------------------------------
CONNECTION KEYGEN:
Client Nonce:
------------------------------------------------------------
Romoved some log because it is sensitive
------------------------------------------------------------
Server Nonce:
------------------------------------------------------------
Romoved some log because it is sensitive
------------------------------------------------------------
Master Secret:
------------------------------------------------------------
Romoved some log because it is sensitive
------------------------------------------------------------
... no MAC keys used for this cipher
Client write key:
0000: 11 22 33 44 55 66 77 88 99 aa BB CC BB EE FF aa 2.TY.5....N....1
Server write key:
0000: BB 79 CB 48 88 2C 99 AE ff 14 AA DD CC 77 70 EF .y.JU,....v.,RT.
Client write IV:
0000: B7 44 D4 EC .#$.
Server write IV:
0000: EE ED BD AA .22.
*** CertificateVerify
Signature Algorithm SHA256withRSA
[write] MD5 and SHA1 hashes: len = 264
------------------------------------------------------------
Romoved some log because it is sensitive
------------------------------------------------------------
TP-Processor3, WRITE: TLSv1.2 Handshake, length = 264
[Raw write]: length = 269
------------------------------------------------------------
Romoved some log because it is sensitive
------------------------------------------------------------
TP-Processor3, WRITE: TLSv1.2 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 03 00 01 01 ......
*** Finished
verify_data: 105, 155, 113, 74, 128, 211, 166, 9, 72, 46, 206, 171
***
[write] MD5 and SHA1 hashes: len = 16
0000: 22 33 44 66 88 9B BB 4A 80 DD BB 09 AA 2E NN AB ....p.yK....M...
Padded plaintext before ENCRYPTION: len = 16
0000: 22 33 44 66 88 9B BB 4A 80 DD BB 09 AA 2E NN AB ....p.yK....M...
TP-Processor3, WRITE: TLSv1.2 Handshake, length = 40
[Raw write]: length = 45
0000: 16 03 03 00 38 00 00 00 00 00 00 00 00 67 BD 19 ....(........M..
0010: 10 3B A3 99 4A 93 0F DD 53 02 12 EE 66 AA 1F 9F .;..K...B...f...
0020: 25 43 BB 81 1B 97 BC BA 64 DD 51 53 FF %C......d.RS.
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
TP-Processor3, READ: TLSv1.2 Alert, length = 2
TP-Processor3, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
TP-Processor3, called closeSocket()
TP-Processor3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
【问题讨论】:
我的猜测是服务器根本不喜欢您发送的客户端证书。目前尚不清楚服务器实际期望什么作为客户端证书以及您的特定证书如何未能满足此期望。也许看看服务器端一些更有用的日志? 【参考方案1】:我不明白为什么会失败,但在这种情况下有两个典型原因是:
您的客户端没有提供直到在服务器的信任库中找到的证书的证书链。客户端可以并且应该为客户端身份验证提供中间证书。
客户端证书的扩展密钥使用不包括客户端身份验证。
【讨论】:
以上是关于在 CertificateVerify 步骤之后,两种方式 SSL 握手失败 (javax.net.ssl.SSLHandshakeException),同时更改为新建立的密码套件的主要内容,如果未能解决你的问题,请参考以下文章
在 GridSearch CV 之后进行预测时是不是遵循管道步骤