我在Windows Server 2008R2上的IIS 7中设置了一个网站,其中包含两个https绑定(使用相同的证书),一个在443上,一个在8443上。我可以使用Chrome连接到两个端口(Chrome提到使用的协议是TLS 1.0)。
我正在使用Apache HTTPClient 4.2.6。
使用Java 7连接到任何端口(使用以下代码)时,一切都很好
HttpUriRequest request = createRequest(inCtxt);
PoolingClientConnectionManager connectionManager = new PoolingClientConnectionManager();
DefaultHttpClient client = new DefaultHttpClient(connectionManager);
HttpClient executingClient = isSupportCompressedResponse() ? new DecompressingHttpClient(
client) : client;
HttpResponse response = executingClient.execute(request);
HttpEntity entity = response.getEntity();
return consume(entity);
使用Java 8我在端口8443上获得以下异常,而不是在端口443上
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:189)
at java.net.SocketInputStream.read(SocketInputStream.java:121)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:911)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:166)
at org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:90)
at org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:281)
at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:92)
at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:62)
at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:254)
at org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:289)
at org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:252)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.receiveResponseHeader(ManagedClientConnectionImpl.java:191)
at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:300)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:127)
at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:717)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:522)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.DecompressingHttpClient.execute(DecompressingHttpClient.java:137)
at org.apache.http.impl.client.DecompressingHttpClient.execute(DecompressingHttpClient.java:108)
显然,这可能与协议有关,所以我尝试明确设置TLSv1(因为Java 8添加TLS1.2 as default,我认为它可能与此有关)。
SSLContext ctxt = SSLContext.getInstance("TLSv1");
ctxt.init(new KeyManager[0],new TrustManager[]{new DefaultTrustManager()},new SecureRandom());
SSLSocketFactory factory = new SSLSocketFactory(ctxt);
Scheme https = new Scheme("https", 443, factory);
f_connectionManager.getSchemeRegistry().register(https);
这似乎有效,所以我的原始问题已经解决,但我现在真的想知道为什么一个端口似乎支持TLS1.2而另一个端口没有...