服务器:Payara 5.192 JDK:8更新121
您好,我正在尝试从我的 Web 应用程序连接第三方 URL,但出现 SSL 异常。
根据几个论坛,我尝试在服务器上应用通配符证书,但问题仍然存在。
我还检查了 ssl 日志,发现两个第三方 URL 都在 tls1.2 hello 上发起通信。您能建议我还可以检查什么吗?另外,如果有任何方法我可以停止 payara 的“hostnameVerification”,直到此问题得到解决。
在下面添加服务器日志和异常堆栈。
%% Resuming [Session-9, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
*** ServerHello, TLSv1.2
RandomCookie:
GMT: 1628019948
bytes = {
146
,
79
,
72
,
18
,
248
,
233
,
164
,
27
,
130
,
143
,
184
,
162
,
63
,
152
,
73
,
109
,
178
,
84
,
175
,
6
,
68
,
141
,
215
,
48
,
206
,
188
,
54
,
217
}
Session ID:
{97, 10, 157, 83, 170, 216, 184, 234, 127, 114, 248, 61, 170, 18, 3, 102, 231, 51, 109, 103, 19, 75, 95, 99, 208, 97, 32, 108, 147, 161, 129, 12}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
CONNECTION KEYGEN:
Client Nonce:
0000:
61
0A
9D
EC
D7
05
0A
5C
E4
B7
80
8F
02
3F
89
55
a.
.
.
.
.
.
\.
.
.
.
.
?.
U
0010:
C4
95
6E
8E
DF
73
42
6E
E1
72
07
28
DE
F9
56
C9
.
.
n.
.
sBn.
r.
(.
.
V.
Server Nonce:
0000:
61
0A
9D
EC
92
4F
48
12
F8
E9
A4
1B
82
8F
B8
A2
a.
.
.
.
OH.
.
.
.
.
.
.
.
.
0010:
3F
98
49
6D
B2
54
AF
06
44
8D
D7
30
CE
BC
36
D9
?.
Im.
T.
.
D.
.
0.
.
6.
Master Secret:
0000:
BC
64
7A
76
57
F4
D9
C9
B5
8E
54
01
33
65
55
94
.
dzvW.
.
.
.
.
T.
3eU.
0010:
E9
AE
FF
0B
7E
81
CE
AE
CD
40
2B
51
BE
11
84
57
.
.
.
.
.
.
.
.
.
@+Q.
.
.
W
0020:
A6
0B
6D
96
FD
F8
91
A4
55
2E
23
34
42
10
7A
74
.
.
m.
.
.
.
.
U.#4B.
zt
Client MAC write Secret:
Ty.
Mm.
.
.
.
F.
0020:
1D
3F
BA
ED
94
C7
AC
38
ED
20
E1
DD
14
8D
C9
F4
.
?.
.
.
.
.
8.
.
.
.
.
.
.
Server MAC write Secret:]]
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
, RECV TLSv1.2 ALERT:
fatal,
handshake_failurejavax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:201)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:163)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at project.path.validateInstanceUrl(InstanceMasterBean.java:359)最佳答案
我找到了上述问题的解决方案。在此发布,以便有类似问题的任何人也可以找到它以供引用。
根据 @jcamsler 的评论,我将 JDK8 更新为 301,但 Payara 服务器未启动并给出以下错误。
Error Logs after JDK8update301 applied
因此,尝试申请Glassfish error ,但没有成功。
然后我将 JDK 降级为 JDK8u261 并再次使用 [ Glassfish error ]grizzly 文件中没有 sun 文件夹。这解决了我的问题。
关于java - 收到 SSLHandshakeException : Received fatal alert: handshake_failure from Payara server while trying to connect Third party URLs,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/68677138/