Java调用Https接口:fatal, handshake_failure问题记录

一. 问题描述

HttpClient调用接口,报错:handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

二. 解决过程

1.添加jvm调试参数:-Djavax.net.debug = all

2.再次调用,后台查找报错日志如下:

[19-11-14 18:25:11:831 CST] 00000148 SystemOut     O %% No cached client session

[19-11-14 18:25:11:834 CST] 00000148 SystemOut     O *** ClientHello, SSLv3

[19-11-14 18:25:11:834 CST] 00000148 SystemOut     O RandomCookie:  GMT: 1556949639 bytes = { 231, 96, 186, 244, 145, 30, 114, 71, 90, 207, 180, 104, 232, 8, 244, 28, 140, 55, 85, 189, 149, 67, 246, 243, 191, 255, 105, 127 }

[19-11-14 18:25:11:835 CST] 00000148 SystemOut     O Session ID:  {}

[19-11-14 18:25:11:835 CST] 00000148 SystemOut     O Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5]

[19-11-14 18:25:11:835 CST] 00000148 SystemOut     O Compression Methods:  { 0 }

[19-11-14 18:25:11:835 CST] 00000148 SystemOut     O Extension server_name, server_name: [host_name: yunpan.ccccltd.cn]

[19-11-14 18:25:11:835 CST] 00000148 SystemOut     O ***

[19-11-14 18:25:11:835 CST] 00000148 SystemOut     O [write] MD5 and SHA1 hashes:  len = 83

[19-11-14 18:25:11:835 CST] 00000148 SystemOut     O 0000: 01 00 00 4f 03 00 5d cd  2b 87 e7 60 ba f4 91 1e  ...O............
0010: 72 47 5a cf b4 68 e8 08  f4 1c 8c 37 55 bd 95 43  rGZ..h.....7U..C
0020: f6 f3 bf ff 69 7f 00 00  0c 00 ff 00 05 00 0a 00  ....i...........
0030: 16 00 13 00 04 01 00 00  1a 00 00 00 16 00 14 00  ................
0040: 00 11 79 75 6e 70 61 6e  2e 63 63 63 63 6c 74 64  ..yunpan.ccccltd
0050: 2e 63 6e                                           .cn


[19-11-14 18:25:11:835 CST] 00000148 SystemOut     O WebContainer : 3, WRITE: SSLv3 Handshake, length = 83

[19-11-14 18:25:11:835 CST] 00000148 SystemOut     O [Raw write]: length = 88

[19-11-14 18:25:11:836 CST] 00000148 SystemOut     O 0000: 16 03 00 00 53 01 00 00  4f 03 00 5d cd 2b 87 e7  ....S...O.......
0010: 60 ba f4 91 1e 72 47 5a  cf b4 68 e8 08 f4 1c 8c  .....rGZ..h.....
0020: 37 55 bd 95 43 f6 f3 bf  ff 69 7f 00 00 0c 00 ff  7U..C....i......
0030: 00 05 00 0a 00 16 00 13  00 04 01 00 00 1a 00 00  ................
0040: 00 16 00 14 00 00 11 79  75 6e 70 61 6e 2e 63 63  .......yunpan.cc
0050: 63 63 6c 74 64 2e 63 6e                           ccltd.cn


[19-11-14 18:25:11:849 CST] 00000148 SystemOut     O [Raw read]: length = 5

[19-11-14 18:25:11:849 CST] 00000148 SystemOut     O 0000: 15 03 00 00 02                                     .....


[19-11-14 18:25:11:849 CST] 00000148 SystemOut     O [Raw read]: length = 2

[19-11-14 18:25:11:849 CST] 00000148 SystemOut     O 0000: 02 28                                              ..


[19-11-14 18:25:11:850 CST] 00000148 SystemOut     O WebContainer : 3, READ: SSLv3 Alert, length = 2

[19-11-14 18:25:11:850 CST] 00000148 SystemOut     O WebContainer : 3, RECV TLSv1 ALERT:  fatal, handshake_failure

[19-11-14 18:25:11:850 CST] 00000148 SystemOut     O WebContainer : 3, called closeSocket()

[19-11-14 18:25:11:850 CST] 00000148 SystemOut     O WebContainer : 3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

[19-11-14 18:25:11:850 CST] 00000148 SystemOut     O WebContainer : 3, called close()

[19-11-14 18:25:11:850 CST] 00000148 SystemOut     O WebContainer : 3, called closeInternal(true)

[19-11-14 18:25:11:850 CST] 00000148 SystemOut     O WebContainer : 3, called close()

[19-11-14 18:25:11:850 CST] 00000148 SystemOut     O WebContainer : 3, called closeInternal(true)

[19-11-14 18:25:11:850 CST] 00000148 SystemOut     O WebContainer : 3, called close()

[19-11-14 18:25:11:850 CST] 00000148 SystemOut     O WebContainer : 3, called closeInternal(true)

[19-11-14 18:25:11:856 CST] 00000055 SystemOut     O [Raw read]: length = 5

[19-11-14 18:25:11:856 CST] 00000055 SystemOut     O 0000: 17 03 01 02 a0  

3.根据日志,结合SSL/TLS协议(如下图),分析报错原因:

客户端发起ClientHello,发送给服务端RandomCookie,Session ID,Cipher Suites等信息,服务端接收到信息后,验证是否支持客户端要求TLS版本,算法等信息,如果支持,会发送证书等信息给客户端,不支持,则保守失败,日志里的报错确实发生在这一阶段,所以原因可能是:

①服务端不支持客户端的TLS协议版本

②服务端不支持客户端有的所有加密算法

4.确认服务端支持协议版本,加密算法信息

通过ssl分析网站:https://www.ssllabs.com/ssltest/,得到如下结果:

服务器是支持TLS1.1的,但是不支持加密算法(使用的IBM jdk 1.7)。

4.代码解决握手失败问题

待更新~

 

本文链接:https://my.lmcjl.com/post/12528.html

展开阅读全文

4 评论

留下您的评论.