java - 收到致命警报 : handshake_failure when calling from Java 1. 8.0_162 到 Java 1.6.0_45-b06

标签 java ssl java-8 java-6 jsse

我正在尝试从运行 Java 1.8.0_162 的机器向另一台运行 Java 1.6.0_45-b06 的机器进行 https 调用。
运行 1.6.0_45-b06 的有 bcprov-jdk15to18-1.68bctls-jdk15to18-1.68安装,所以它可以说 TLSv1.2。
但是,当尝试从运行 1.8 的人向运行 1.6 的人进行 https 调用时,我遇到了 handshake_failure 异常。
我尝试将 UnlimitedJCEPolicyJDK8 添加到运行 1.8 的机器上,但无济于事并添加了 -Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1到在 1.8 上运行的 Java 服务器,再次没有成功。
调用者的构建如下:

SSLContextBuilder sslBuilder = new SSLContextBuilder();
sslBuilder.loadTrustMaterial(null, new TrustAllStrategy());
sslBuilder.useTLS();

SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(SSLContexts.createDefault(), new String[] { "TLSv1.2" }, null,SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

return HttpClients.custom().setSSLSocketFactory(sslsf).setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER).build();
这是我在接收端遇到的错误(Java 1.6):
Server raised fatal(2) handshake_failure(40) alert: Failed to read record
org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40)
        at org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown Source)
        at org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown Source)
下面是调用方的详细堆栈跟踪。
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1650550785 bytes = { 44, 152, 122, 205, 154, 11, 197, 160, 136, 107, 117, 135, 119, 57, 23, 170, 16, 220, 69, 195, 126, 196, 0, 173, 45, 128, 223, 148 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION__SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
***
default task-3, WRITE: TLSv1.2 Handshake, length = 207
default task-3, READ: TLSv1.2 Alert, length = 2
default task-3, RECV TLSv1.2 ALERT:  fatal, handshake_failure
default task-3, called closeSocket()
default task-3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure```

最佳答案

我设法通过在调用方升级到 Java 1.8 u271、在 java.security 中设置 crypto.policy=unlimited 并同时将接收方的证书(自签名)导入新 Java 1.8 的 cacerts 来克服它u271。感谢指针@pringi。

关于java - 收到致命警报 : handshake_failure when calling from Java 1. 8.0_162 到 Java 1.6.0_45-b06,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71956266/

上一篇:Golang TLS 握手错误 - "first record does not look like a TLS handshake"?

下一篇:ssl - 使用 TLS 从 Go 客户端进行 gRPC 调用 - GCP 云功能

相关文章:

java - HTTP/1.1 400 错误请求 Apache

Java:内部类传值的线程安全

ssl - 证书用途,何时验证?

tomcat - 不可恢复的 key 异常

java - 即使抛出异常,如何保持函数运行?

java - 是否有用于检查@Nonnull 和@Nullable 注释的良好Eclipse 插件?

java - 为流中已有的每个元素添加一个元素到流的末尾

java - 下载的 Java 7 Eclipse 无法启动

java - 执行流操作 java 8 时正在更新集合

java - LinkedList 对象 add() 函数不更新值 - java

©2024 IT工具网  联系我们