我有一个嵌入Jetty的应用程序.我想在SSL中使用客户端证书认证,当我启用它时;我在请求开始时收到以下异常.但是之后请求得到正确的提供.此异常仅在从IE或Chrome访问时才会出现.从Firefox访问时不会出现.我们有自己的SSLConnector扩展SslSocketConnector.我试图调试它但是想知道是否有任何特定的地方/代码可以开始检查.
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:631)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
更新:
我启用了SSL调试选项,并且在ServerHelloDone消息之后立即得到这个异常.这是服务器发送证书的消息,以及相关客户端证书的请求.我不知道在第一次阅读时发生了什么.任何帮助深深的赞赏.
*** ClientHello,TLSv1
****
%% Created: [Session-1,TLS_RSA_WITH_AES_128_CBC_SHA]
*** ServerHello,TLSv1
*** Certificate chain
***
*** CertificateRequest
Cert Types: RSA,DSS
Cert Authorities:
*** ServerHelloDone
WRITE: TLSv1 Handshake,length = 703
received EOFException: error
handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
更新:
更新JDK到最新版本,23并尝试使用这两个属性启用/禁用.仍然得到同样的行为.
更多信息:
所有浏览器都启用了TLSv1和SSLv3.没有启用客户端认证,通信正常发生.使用客户端认证,始终我们在第一次握手时会收到异常,并且下一个正在完成并且无异常执行.在服务器端使用jetty版本6.1.14