jdk1.6 javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

最新推荐文章于 2024-08-06 23:28:07 发布
最新推荐文章于 2024-08-06 23:28:07 发布
阅读量1.2k 收藏 2
点赞数
文章标签: java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_41634511/article/details/130420399
版权

目前项目用的是jdk1.6,调用了第三方的接口升级了,调用的时候报了这个错。

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

项目放到jdk1.8跑,就可以正常请求,没问题。

原因分析:

1.第三方接口使用了TLS1.2协议

2.jdk1.6不支持TLS1.2,jdk1.8支持

 在浏览器F12可以查看到使用的协议。

添加如下代码解决该问题

<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.53</version>
httpsURLConnection.setSSLSocketFactory(new TLSSocketConnectionFactory());
import java.io.*;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.*;
import java.security.cert.*;
import java.util.*;

import javax.net.ssl.*;
import javax.security.cert.X509Certificate;

import org.bouncycastle.crypto.tls.*;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class TLSSocketConnectionFactory extends SSLSocketFactory {

    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    @Override
    public Socket createSocket(Socket socket, final String host, int port,
            boolean arg3) throws IOException {
        if (socket == null) {
            socket = new Socket();
        }
        if (!socket.isConnected()) {
            socket.connect(new InetSocketAddress(host, port));
        }

        final TlsClientProtocol tlsClientProtocol = new     TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new     SecureRandom());

        return _createSSLSocket(host, tlsClientProtocol);
    }

    @Override public String[] getDefaultCipherSuites() { return null; }
    @Override public String[] getSupportedCipherSuites() { return null; }
    @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { throw new UnsupportedOperationException(); }
    @Override public Socket createSocket(InetAddress host, int port) throws IOException { throw new UnsupportedOperationException(); }
    @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return null; }
    @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { throw new UnsupportedOperationException(); }

    private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
        return new SSLSocket() {
            private java.security.cert.Certificate[] peertCerts;

            @Override public InputStream getInputStream() throws IOException { return tlsClientProtocol.getInputStream(); }
            @Override public OutputStream getOutputStream() throws IOException { return tlsClientProtocol.getOutputStream(); }
            @Override public synchronized void close() throws IOException { tlsClientProtocol.close(); }
            @Override public void addHandshakeCompletedListener( HandshakeCompletedListener arg0) { }
            @Override public boolean getEnableSessionCreation() { return false; }
            @Override public String[] getEnabledCipherSuites() { return null; }
            @Override public String[] getEnabledProtocols() { return null; }
            @Override public boolean getNeedClientAuth() { return false; }

            @Override
            public SSLSession getSession() {
                return new SSLSession() {

                    public int getApplicationBufferSize() {
                        return 0;
                    }

                    public String getCipherSuite() { return "";//throw new UnsupportedOperationException(); 
                    
                    }
                    public long getCreationTime() { throw new UnsupportedOperationException(); }
                     public byte[] getId() { throw new UnsupportedOperationException(); }
                     public long getLastAccessedTime() { throw new UnsupportedOperationException(); }
                     public java.security.cert.Certificate[] getLocalCertificates() { throw new UnsupportedOperationException(); }
                     public Principal getLocalPrincipal() { throw new UnsupportedOperationException(); }
                     public int getPacketBufferSize() { throw new UnsupportedOperationException(); }
                     public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { return null; }
                     public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { return peertCerts; }
                     public String getPeerHost() { throw new UnsupportedOperationException(); }
                     public int getPeerPort() { return 0; }
                     public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { return null; }
                     public String getProtocol() { throw new UnsupportedOperationException(); }
                     public SSLSessionContext getSessionContext() { throw new UnsupportedOperationException(); }
                     public Object getValue(String arg0) { throw new UnsupportedOperationException(); }
                     public String[] getValueNames() { throw new UnsupportedOperationException(); }
                     public void invalidate() { /*throw new UnsupportedOperationException(); */}
                     public boolean isValid() { throw new UnsupportedOperationException(); }
                     public void putValue(String arg0, Object arg1) { throw new UnsupportedOperationException(); }
                     public void removeValue(String arg0) { throw new UnsupportedOperationException(); }
            };
        }

        @Override public String[] getSupportedProtocols() { return null; }
        @Override public boolean getUseClientMode() { return false; }
        @Override public boolean getWantClientAuth() { return false; }
        @Override public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) { }
        @Override public void setEnableSessionCreation(boolean arg0) { }
        @Override public void setEnabledCipherSuites(String[] arg0) { }
        @Override public void setEnabledProtocols(String[] arg0) { }
        @Override public void setNeedClientAuth(boolean arg0) { }
        @Override public void setUseClientMode(boolean arg0) { }
        @Override public void setWantClientAuth(boolean arg0) { }
        @Override public String[] getSupportedCipherSuites() { return null; }

            @Override
            public void startHandshake() throws IOException {
                tlsClientProtocol.connect(new DefaultTlsClient() {

                    @SuppressWarnings("unchecked")
                    @Override
                    public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
                        Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
                        if (clientExtensions == null) {
                            clientExtensions = new Hashtable<Integer, byte[]>();
                        }

                        //Add host_name
                        byte[] host_name = host.getBytes();

                        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
                        final DataOutputStream dos = new DataOutputStream(baos);
                        dos.writeShort(host_name.length + 3);
                        dos.writeByte(0);
                        dos.writeShort(host_name.length);
                        dos.write(host_name);
                        dos.close();
                        clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
                        return clientExtensions;
                    }

                    public TlsAuthentication getAuthentication() throws IOException {
                        return new TlsAuthentication() {
                            public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
                                try {
                                    KeyStore ks = _loadKeyStore();

                                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
                                    List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();
                                    boolean trustedCertificate = false;
                                    for ( org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
                                        java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
                                        certs.add(cert);

                                        String alias = ks.getCertificateAlias(cert);
                                        if(alias != null) {
                                            if (cert instanceof java.security.cert.X509Certificate) {
                                                try {
                                                    ( (java.security.cert.X509Certificate) cert).checkValidity();
                                                    trustedCertificate = true;
                                                } catch(CertificateExpiredException cee) {
                                                   // Accept all the certs!
                                                }
                                            }
                                        } else {
                                            // Accept all the certs!
                                        }

                                    }
                                    if (!trustedCertificate) {
                                        // Accept all the certs!
                                    }
                                    peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
                                } catch (Exception ex) {
                                    ex.printStackTrace();
                                    throw new IOException(ex);
                                }
                            }

                            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                                return null;
                            }

                            private KeyStore _loadKeyStore() throws Exception {
                                FileInputStream trustStoreFis = null;
                                try {
                                    KeyStore localKeyStore = null;

                                    String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType")!=null?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();
                                    String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider")!=null?System.getProperty("javax.net.ssl.trustStoreProvider"):"";

                                    if (trustStoreType.length() != 0) {
                                        if (trustStoreProvider.length() == 0) {
                                            localKeyStore = KeyStore.getInstance(trustStoreType);
                                        } else {
                                            localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
                                        }

                                        char[] keyStorePass = null;
                                        String str5 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"";

                                        if (str5.length() != 0) {
                                            keyStorePass = str5.toCharArray();
                                        }

                                        localKeyStore.load(trustStoreFis, keyStorePass);

                                        if (keyStorePass != null) {
                                            for (int i = 0; i < keyStorePass.length; i++) {
                                                keyStorePass[i] = 0;
                                            }
                                        }
                                    }
                                    return localKeyStore;
                                } finally {
                                    if (trustStoreFis != null) {
                                        trustStoreFis.close();
                                    }
                                }
                            }
                        };
                    }

                });
            } // startHandshake
        };
    }
}

河马不懂英语
关注
Debezium报错处理系列之九十四: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
zhengzaifeidelushang的博客
10-10 1927
Debezium报错处理系列之九十四: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
Java 7的javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake异常分析
成长的足迹
09-24 5502
Java7通过httpsURLConnection建立HTTPS连接,异常如下: javax.net.ssl.SSLHandshakeException: Caused by: Remote host closed connection during handshake Caused by: SSL peer shut down incorrectly 解决方案似乎是明显的,客户端需要提高版本...
javax.net.ssl.SSLHandshakeException: 解决方式
被生活耽误的旅行者
07-04 1570
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
猫头虎分享 疑难杂Bug:cn.hutool.core.io.IORuntimeException: SSLHandshakeException: Remote host terminated
最新发布
猫头虎:授渔优于赠鱼,兴趣引领智慧,探索之乐尤显珍贵。商务合作:Libin9iOak,共赴知识与乐趣的探索之旅!
08-06 7133
本文详细介绍了在使用Hutool进行网络通信时遇到的错误的解决方案。通过调整SSL/TLS版本、忽略SSL证书验证以及更新证书等方法,可以有效解决这一问题。
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
TYTXQ的博客
02-08 1107
Java网络编程报错javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
SSLHandshakeException: Remote host closed connection during handshake异常处理
zhongzih的博客
04-19 1388
请求第三方https接口出现SSLHandshakeException: Remote host closed connection during handshake问题,本地正常,服务器异常。原因是服务器jdk版本是jdk1.8_40。现阶段找到三个方案,第一个是jdk1.8_151版本 添加或者修改Java\jre\lib\security\java.security。第二个直接替换jdk版本到jdk1.8_162版本,这个版本直接默认这个配置的。第三个就是用jdk1,7的版本。
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 痛苦解决之旅
热门推荐
kevin的博客
08-28 12万+
上周另外一项目组的同事找到我说,遇到一个问题很棘手两天了还没解决掉,报错如下: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java...
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure的一个解决方案-附件资源
03-05
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure的一个解决方案-附件资源
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair 解决方法总结
08-25
然而,当你遇到“javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair”的错误时,这意味着在建立SSL/TLS连接时,Diffie-Hellman(DH)密钥交换算法遇到了问题。DH是一种非对称...
javax.net.ssl.SSLHandshakeException: sun.security.validator 问题解决,与环境有关
04-03
Java编程中,`javax.net.ssl.SSLHandshakeException` 是一个常见的错误,通常发生在进行安全套接层(SSL)或传输层安全(TLS)协议握手时出现问题。这个异常通常是由于客户端和服务器之间的证书不匹配、信任锚点...
[工作笔记]JDK版本不同导致的SSL异常
weixin_30667649的博客
01-15 389
前言 遇到这个问题得说一下笔者的开发环境,笔者所在公司,平时开发用的web容器是jboss,使用的JDK是oracle的JDK,但是测试和生产环境用的是WAS,JDK用的是IBM的JDK,由于项目的不同,测试环境所安装的web容器和JDK版本都并不相同。这个也是笔者遇到问题的原因所在。 问题描述 笔者在公司负责一个项目的开发,该项目有一个功能需要调用到公司另一个项目的接口,而那个项目提供的接...
3、javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误
chiheyi1036的博客
06-14 1774
使用Jmeter做测试的时候,出现 javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误,解决方式是修改java安装路径的文件: G:\Java\jre1.8.0_201\l...
javax.net.ssl.SSLHandshakeException: Unacceptable certificate
12-22
javax.net.ssl.SSLHandshakeException: Unacceptable certificate错误是由于访问的域名证书不在有效期内或者JDK中不存在该证书的信任导致的。解决这个问题的方法有以下几种: 1. 更新JDK信任库:可以通过更新JDK的信任库来解决该问题。可以使用以下命令将证书添加到信任库中: ```shell keytool -import -alias <alias> -keystore <path_to_truststore> -file <path_to_certificate> ``` 其中,`<alias>`是证书的别名,`<path_to_truststore>`是信任库的路径,`<path_to_certificate>`是证书的路径。 2. 忽略证书验证:在某些情况下,可以选择忽略证书验证来解决该问题。可以通过以下代码来实现: ```java TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { } } }; SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); ``` 3. 添加自定义信任证书:如果访问的是自签名证书或者不受信任的证书,可以将该证书添加到信任库中。可以使用以下命令将证书添加到信任库中: ```shell keytool -import -alias <alias> -keystore <path_to_truststore> -file <path_to_certificate> ``` 其中,`<alias>`是证书的别名,`<path_to_truststore>`是信任库的路径,`<path_to_certificate>`是证书的路径。
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值