尝试发送到 SSLServerSocket 时出现 SSLSocket 异常握手错误
Posted
技术标签:
【中文标题】尝试发送到 SSLServerSocket 时出现 SSLSocket 异常握手错误【英文标题】:SSLSocket exception handshake error when trying to send to SSLServerSocket 【发布时间】:2013-06-11 10:17:18 【问题描述】:这是我第一次处理 SSLSockets ,
我创建了 SSLServerSocket 和 SSLSocket ,
ServerSocket 运行正常, 但是当尝试运行 SSLSocket (Client) 时,它没有运行,并且这个错误出现在我身上:
严重:空 javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure 在 sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 在 sun.security.ssl.Alerts.getSSLException(Alerts.java:154) 在 sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1961) 在 sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077) 在 sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) 在 sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) 在 sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) 在 chat.SS.(SS.java:45) 在 chat.SS.main(SS.java:70)
这是 SSLServerSocket 类的代码:
public class SSocket implements Runnable
SSLServerSocket ss;
DataOutputStream doo;
DataInputStream di;
public SSocket()
try
System.setProperty("javax.net.ssl.keyStore",System.getProperty("user.dir")+"/src/cacerts.jks");
System.setProperty("javax.net.ssl.keyStorePassword","ja142236");
SSLServerSocketFactory sf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
ss = (SSLServerSocket) sf.createServerSocket(2149);
//ss.setSoTimeout(5000);
catch (IOException ex)
Logger.getLogger(SSocket.class.getName()).log(Level.SEVERE, null, ex);
@Override
public void run()
SSLSocket s;
try
while(true)
System.out.println("Waiting Client Message!");
s = (SSLSocket) ss.accept();
System.out.println("Acceptted!"+s.getRemoteSocketAddress());
s.close();
catch (IOException ex)
System.out.println(ex.getMessage());
finally
try
ss.close();
catch (IOException ex)
Logger.getLogger(SSocket.class.getName()).log(Level.SEVERE, null, ex);
public static void main(String[] args)
SSocket ss = new SSocket();
ss.run();
对于 SSLSocket (Client) 运行时出现的错误:
public class SS
public SS() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, KeyManagementException
try
/*
System.setProperty("javax.net.ssl.trustStore", System.getProperty("user.dir")+"/src/cacerts.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "ja142236");
*/
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(System.getProperty("user.dir")+"/src/cacerts.jks"), ("ahmed149").toCharArray());
TrustManagerFactory kmf = TrustManagerFactory.getInstance("SunX509");
kmf.init(ks);
SSLContext sslcontext = SSLContext.getInstance("SSLv3");
sslcontext.init(null, kmf.getTrustManagers(), null);
SSLSocketFactory sf = (SSLSocketFactory) sslcontext.getSocketFactory();
SSLSocket s = (SSLSocket) sf.createSocket("localhost",2149);
s.startHandshake();
DataOutputStream doo = new DataOutputStream(s.getOutputStream());
DataInputStream di = new DataInputStream(s.getInputStream());
doo.writeUTF(" Hiii From Client");
System.out.println(di.readUTF());
doo.close();
di.close();
s.close();
catch (UnknownHostException ex)
Logger.getLogger(SS.class.getName()).log(Level.SEVERE, null, ex);
catch (IOException ex)
Logger.getLogger(SS.class.getName()).log(Level.SEVERE, null, ex);
public static void main(String[] args) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, KeyManagementException
new SS();
所以我忘了为客户班做些什么?
谢谢你,
编辑 1: 我启用了调试,这是调试:
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: D:\Java\learn\Chat\src\cacerts.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=admin@server.com, CN=localhost, OU=Inc., O=server, L=CA, ST=KFS, C=US
Issuer: EMAILADDRESS=admin@server.com, CN=localhost, OU=Inc., O=server, L=CA, ST=KFS, C=US
Algorithm: RSA; Serial number: 0x821112e48bd394ff
Valid from Fri Jun 14 15:54:57 EET 2013 until Sat Jun 14 15:54:57 EET 2014
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1354403376 bytes = 85, 58, 178, 64, 15, 222, 86, 91, 231, 60, 74, 9, 113, 221, 77, 62, 87, 208, 53, 100, 37, 103, 21, 16, 172, 127, 133, 167
Session ID:
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
Compression Methods: 0
Extension elliptic_curves, curve names: secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes: len = 215
0000: 01 00 00 D3 03 01 51 BB 8E 30 55 3A B2 40 0F DE ......Q..0U:.@..
0010: 56 5B E7 3C 4A 09 71 DD 4D 3E 57 D0 35 64 25 67 V[.<J.q.M>W.5d%g
0020: 15 10 AC 7F 85 A7 00 00 6C C0 09 C0 13 00 2F C0 ........l...../.
0030: 04 C0 0E 00 33 00 32 C0 07 C0 11 00 05 C0 02 C0 ....3.2.........
0040: 0C C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 00 ................
0050: 04 00 FF C0 18 00 34 C0 16 00 18 C0 17 00 1B C0 ......4.........
0060: 06 C0 10 00 02 C0 01 C0 0B C0 15 00 01 00 09 00 ................
0070: 15 00 12 00 1A 00 03 00 17 00 08 00 14 00 11 00 ................
0080: 19 00 20 00 24 00 1F 00 23 00 1E 00 22 00 28 00 .. .$...#...".(.
0090: 2B 00 26 00 29 01 00 00 3E 00 0A 00 34 00 32 00 +.&.)...>...4.2.
00A0: 17 00 01 00 03 00 13 00 15 00 06 00 07 00 09 00 ................
00B0: 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 ................
00C0: 10 00 11 00 02 00 12 00 04 00 05 00 14 00 08 00 ................
00D0: 16 00 0B 00 02 01 00 .......
main, WRITE: TLSv1 Handshake, length = 215
[Raw write]: length = 220
0000: 16 03 01 00 D7 01 00 00 D3 03 01 51 BB 8E 30 55 ...........Q..0U
0010: 3A B2 40 0F DE 56 5B E7 3C 4A 09 71 DD 4D 3E 57 :.@..V[.<J.q.M>W
0020: D0 35 64 25 67 15 10 AC 7F 85 A7 00 00 6C C0 09 .5d%g........l..
0030: C0 13 00 2F C0 04 C0 0E 00 33 00 32 C0 07 C0 11 .../.....3.2....
0040: 00 05 C0 02 C0 0C C0 08 C0 12 00 0A C0 03 C0 0D ................
0050: 00 16 00 13 00 04 00 FF C0 18 00 34 C0 16 00 18 ...........4....
0060: C0 17 00 1B C0 06 C0 10 00 02 C0 01 C0 0B C0 15 ................
0070: 00 01 00 09 00 15 00 12 00 1A 00 03 00 17 00 08 ................
0080: 00 14 00 11 00 19 00 20 00 24 00 1F 00 23 00 1E ....... .$...#..
0090: 00 22 00 28 00 2B 00 26 00 29 01 00 00 3E 00 0A .".(.+.&.)...>..
00A0: 00 34 00 32 00 17 00 01 00 03 00 13 00 15 00 06 .4.2............
00B0: 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D ................
00C0: 00 0E 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 ................
00D0: 00 14 00 08 00 16 00 0B 00 02 01 00 ............
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Jun 14, 2013 11:42:08 PM chat.SS <init>
SEVERE: null
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at chat.SS.<init>(SS.java:44)
at chat.SS.main(SS.java:69)
【问题讨论】:
请在服务器上发布调试跟踪。 @EJP 我把它放在个人评论中,因为它很长:) Received fatal alert: handshake_failure through SSLHandshakeException 的可能重复项 @Makoto 或者可能不是。另一个问题中没有足够的信息可以说明。 【参考方案1】:您的服务器没有证书。
javax.net.ssl.keyStore 属性应该引用一个密钥库,该密钥库包含 您的 证书,条目中带有相应的私钥。
【讨论】:
以上是关于尝试发送到 SSLServerSocket 时出现 SSLSocket 异常握手错误的主要内容,如果未能解决你的问题,请参考以下文章
尝试获取 AppDelegate 时出现“无法识别的选择器发送到实例”错误
尝试将图像发送到 React Native 中的预签名 URL 时出现网络错误
将数据发送到视图时出现 JsonMappingException