一. 问题描述
HttpClient调用接口,报错:handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
二. 解决过程
1.添加jvm调试参数:-Djavax.net.debug = all
2.再次调用,后台查找报错日志如下:
[19-11-14 18:25:11:831 CST] 00000148 SystemOut O %% No cached client session
[19-11-14 18:25:11:834 CST] 00000148 SystemOut O *** ClientHello, SSLv3
[19-11-14 18:25:11:834 CST] 00000148 SystemOut O RandomCookie: GMT: 1556949639 bytes = { 231, 96, 186, 244, 145, 30, 114, 71, 90, 207, 180, 104, 232, 8, 244, 28, 140, 55, 85, 189, 149, 67, 246, 243, 191, 255, 105, 127 }
[19-11-14 18:25:11:835 CST] 00000148 SystemOut O Session ID: {}
[19-11-14 18:25:11:835 CST] 00000148 SystemOut O Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5]
[19-11-14 18:25:11:835 CST] 00000148 SystemOut O Compression Methods: { 0 }
[19-11-14 18:25:11:835 CST] 00000148 SystemOut O Extension server_name, server_name: [host_name: yunpan.ccccltd.cn]
[19-11-14 18:25:11:835 CST] 00000148 SystemOut O ***
[19-11-14 18:25:11:835 CST] 00000148 SystemOut O [write] MD5 and SHA1 hashes: len = 83
[19-11-14 18:25:11:835 CST] 00000148 SystemOut O 0000: 01 00 00 4f 03 00 5d cd 2b 87 e7 60 ba f4 91 1e ...O............
0010: 72 47 5a cf b4 68 e8 08 f4 1c 8c 37 55 bd 95 43 rGZ..h.....7U..C
0020: f6 f3 bf ff 69 7f 00 00 0c 00 ff 00 05 00 0a 00 ....i...........
0030: 16 00 13 00 04 01 00 00 1a 00 00 00 16 00 14 00 ................
0040: 00 11 79 75 6e 70 61 6e 2e 63 63 63 63 6c 74 64 ..yunpan.ccccltd
0050: 2e 63 6e .cn
[19-11-14 18:25:11:835 CST] 00000148 SystemOut O WebContainer : 3, WRITE: SSLv3 Handshake, length = 83
[19-11-14 18:25:11:835 CST] 00000148 SystemOut O [Raw write]: length = 88
[19-11-14 18:25:11:836 CST] 00000148 SystemOut O 0000: 16 03 00 00 53 01 00 00 4f 03 00 5d cd 2b 87 e7 ....S...O.......
0010: 60 ba f4 91 1e 72 47 5a cf b4 68 e8 08 f4 1c 8c .....rGZ..h.....
0020: 37 55 bd 95 43 f6 f3 bf ff 69 7f 00 00 0c 00 ff 7U..C....i......
0030: 00 05 00 0a 00 16 00 13 00 04 01 00 00 1a 00 00 ................
0040: 00 16 00 14 00 00 11 79 75 6e 70 61 6e 2e 63 63 .......yunpan.cc
0050: 63 63 6c 74 64 2e 63 6e ccltd.cn
[19-11-14 18:25:11:849 CST] 00000148 SystemOut O [Raw read]: length = 5
[19-11-14 18:25:11:849 CST] 00000148 SystemOut O 0000: 15 03 00 00 02 .....
[19-11-14 18:25:11:849 CST] 00000148 SystemOut O [Raw read]: length = 2
[19-11-14 18:25:11:849 CST] 00000148 SystemOut O 0000: 02 28 ..
[19-11-14 18:25:11:850 CST] 00000148 SystemOut O WebContainer : 3, READ: SSLv3 Alert, length = 2
[19-11-14 18:25:11:850 CST] 00000148 SystemOut O WebContainer : 3, RECV TLSv1 ALERT: fatal, handshake_failure
[19-11-14 18:25:11:850 CST] 00000148 SystemOut O WebContainer : 3, called closeSocket()
[19-11-14 18:25:11:850 CST] 00000148 SystemOut O WebContainer : 3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[19-11-14 18:25:11:850 CST] 00000148 SystemOut O WebContainer : 3, called close()
[19-11-14 18:25:11:850 CST] 00000148 SystemOut O WebContainer : 3, called closeInternal(true)
[19-11-14 18:25:11:850 CST] 00000148 SystemOut O WebContainer : 3, called close()
[19-11-14 18:25:11:850 CST] 00000148 SystemOut O WebContainer : 3, called closeInternal(true)
[19-11-14 18:25:11:850 CST] 00000148 SystemOut O WebContainer : 3, called close()
[19-11-14 18:25:11:850 CST] 00000148 SystemOut O WebContainer : 3, called closeInternal(true)
[19-11-14 18:25:11:856 CST] 00000055 SystemOut O [Raw read]: length = 5
[19-11-14 18:25:11:856 CST] 00000055 SystemOut O 0000: 17 03 01 02 a0
3.根据日志,结合SSL/TLS协议(如下图),分析报错原因:
客户端发起ClientHello,发送给服务端RandomCookie,Session ID,Cipher Suites等信息,服务端接收到信息后,验证是否支持客户端要求TLS版本,算法等信息,如果支持,会发送证书等信息给客户端,不支持,则保守失败,日志里的报错确实发生在这一阶段,所以原因可能是:
①服务端不支持客户端的TLS协议版本
②服务端不支持客户端有的所有加密算法
4.确认服务端支持协议版本,加密算法信息
通过ssl分析网站:https://www.ssllabs.com/ssltest/,得到如下结果:
服务器是支持TLS1.1的,但是不支持加密算法(使用的IBM jdk 1.7)。
4.代码解决握手失败问题
待更新~
2137
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
