论坛上满是这个问题,但我找不到解决方案。 我尝试连接 WS 但没有成功。 我尝试更新 cacerts 文件但没有效果。
日志是:
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1507108654 bytes = { 133, 135, 81, 148, 186, 186, 146, 23, 28, 240, 158, 152, 139, 167, 209, 225, 54, 253, 112, 118, 61, 112, 140, 214, 149, 198, 197, 219 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 75
0000: 01 00 00 47 03 01 5A D5 A7 2E 85 87 51 94 BA BA ...G..Z.....Q...
0010: 92 17 1C F0 9E 98 8B A7 D1 E1 36 FD 70 76 3D 70 ..........6.pv=p
0020: 8C D6 95 C6 C5 DB 00 00 20 00 04 00 05 00 2F 00 ........ ...../.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 00 FF 01 00 ...........
http-8080-1, WRITE: TLSv1 Handshake, length = 75
[Raw write]: length = 80
0000: 16 03 01 00 4B 01 00 00 47 03 01 5A D5 A7 2E 85 ....K...G..Z....
0010: 87 51 94 BA BA 92 17 1C F0 9E 98 8B A7 D1 E1 36 .Q.............6
0020: FD 70 76 3D 70 8C D6 95 C6 C5 DB 00 00 20 00 04 .pv=p........ ..
0030: 00 05 00 2F 00 33 00 32 00 0A 00 16 00 13 00 09 .../.3.2........
0040: 00 15 00 12 00 03 00 08 00 14 00 11 00 FF 01 00 ................
http-8080-1, received EOFException: error
http-8080-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
http-8080-1, SEND TLSv1 ALERT: fatal, description = handshake_failure
http-8080-1, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
http-8080-1, called closeSocket()
http-8080-1, called close()
http-8080-1, called closeInternal(true)
谢谢你的帮助
最佳答案
很可能服务器已禁用 TLS 1.0(并且您正在谈论 TLS 1.0,如序列字节 47 03 01 5A 所示),或者它正在等待不存在的 SNI 扩展。
关于 Java 6,只有 6u111 允许比 TLS 1.0 更好的东西 (TLS 1.1),而 6u121 允许 TLS 1.2。看看 Reference .由于 TLS 版本不宽容 问题,它仍然不够,只有系统属性才能永久启用它,如 Release Notes 中所述。 :
TLS v1.2 is now a TLS protocol option with this release. By default, TLSv1.0 will remain the default enabled protocol on client sockets.
出于这个原因,尝试了几个系统属性:
-Djdk.tls.client.protocols="TLSv1.2"(先决条件:6u121/7u95)-Dhttps.protocols="TLSv1.2"如果您的代码使用 HttpsURLConnection
您的 ClientHello 格式正确,但不包含任何扩展名(尤其是 SNI)。这就是它看起来这么短的原因 (bytes = 80)。默认情况下启用 SNI,从 6u121 开始(如果我是对的)。我看到的这两个原因都应该使用适当的 Java 版本来解决。
关于java - SSL 握手异常 : Remote host closed connection during handshake,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49872723/