我尝试与远程服务器(在Java 7客户端应用程序中)建立TLS连接,但我无法理解在握手阶段结束时发生的错误。
但是,我在日志中发现这个步骤没问题:
日志在下面(我知道这些信息是公开的,但我更喜欢用xxxxx替换下面的一些信息):
*** ClientHello, TLSv1
RandomCookie: GMT: 1457187030 bytes = { 203, 230, 21, 102, 49, 116, 144, 208, 65, 56, 189, 59, 187, 202, 135, 116, 34, 12, 12, 108, 140, 192, 134, 248, 224, 95, 62, 206 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
Compression Methods: { 0 }
Extension server_name, server_name: [host_name: toto.fr]
***
actionThreadPoolExecutor-1, WRITE: TLSv1 Handshake, length = 127
actionThreadPoolExecutor-1, READ: TLSv1 Handshake, length = 85
*** ServerHello, TLSv1
RandomCookie: GMT: -1851106123 bytes = { 154, 79, 112, 4, 18, 128, 113, 248, 236, 128, 147, 254, 224, 152, 167, 28, 122, 146, 115, 216, 118, 202, 52, 242, 178, 31, 191, 229 }
Session ID: {242, 247, 110, 41, 51, 194, 94, 53, 3, 168, 235, 147, 197, 255, 91, 2, 237, 109, 62, 241, 111, 22, 177, 245, 106, 165, 18, 157, 157, 225, 157, 199}
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension server_name, server_name:
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
** TLS_RSA_WITH_AES_256_CBC_SHA
actionThreadPoolExecutor-1, READ: TLSv1 Handshake, length = 742
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = xxxx
Key: Sun RSA public key, 1024 bits
modulus: XXXXXXX
public exponent: xxxxx
Validity: [From: Tue Feb 19 20:31:08 CET 2013,
To: Fri Feb 17 20:31:08 CET 2023]
Issuer: OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR
SerialNumber: [ xxx xxx]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: xxxx
0010: xxxx
]
[OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR]
SerialNumber: [ xxxx xxxx]
]
[2]: ObjectId: xxx Criticality=false
BasicConstraints:[
CA:true
PathLen:xxx
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: xxxxx
0010: xxxxx
]
]
]
Algorithm: [SHA1withRSA]
Signature:
xxxxxx
]
***
Found trusted certificate:
[
[
Version: V3
Subject: OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = xxxxx
Key: Sun RSA public key, 1024 bits
modulus: xxxxx
public exponent: xxxxx
Validity: [From: Tue Feb 19 20:31:08 CET 2013,
To: Fri Feb 17 20:31:08 CET 2023]
Issuer: OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR
SerialNumber: [ xxxxx xxxxx]
Certificate Extensions: 3
[1]: ObjectId: xxxxx Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: xxxxx
0010: xxxxx
]
[OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR]
SerialNumber: [ xxxxx xxxxx]
]
[2]: ObjectId: xxxxx Criticality=false
BasicConstraints:[
CA:true
PathLen:xxxxx
]
[3]: ObjectId: xxxxx Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: xxxxx
0010: xxxxx
]
]
]
Algorithm: [SHA1withRSA]
Signature:
xxxxx
]
actionThreadPoolExecutor-1, READ: TLSv1 Handshake, length = 100
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
actionThreadPoolExecutor-1, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: xxxxx
0010: xxxxx
0020: xxxxx
CONNECTION KEYGEN:
Client Nonce:
0000: xxxxx
0010: xxxxx
Server Nonce:
0000: xxxxx
0010: xxxxx
Master Secret:
0000: xxxxx
0010: xxxxx
0020: xxxxx
Client MAC write Secret:
0000: xxxxx
0010: xxxxx
Server MAC write Secret:
0000: xxxxx
0010: xxxxx
Client write key:
0000: xxxxx
0010: xxxxx
Server write key:
0000: xxxxx
0010: xxxxx
Client write IV:
0000: xxxxx
Server write IV:
0000: xxxxx
actionThreadPoolExecutor-1, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 133, 240, 14, 227, 40, 216, 150, 52, 90, 136, 122, 71 }
***
actionThreadPoolExecutor-1, WRITE: TLSv1 Handshake, length = 48
actionThreadPoolExecutor-1, READ: TLSv1 Alert, length = 2
actionThreadPoolExecutor-1, RECV TLSv1 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
actionThreadPoolExecutor-1, called closeSocket()
actionThreadPoolExecutor-1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
您是否知道握手失败的原因?
提前致谢!
答案 0 :(得分:1)
*** CertificateRequest
服务器正在从客户端请求证书。客户端不发送一个。因此服务器抱怨,即握手失败。