如上所述,原因与使用setHostnameVerifier()的JDK错误与SNI(Extension server_name)相关.
https://bugs.openjdk.java.net/browse/JDK-8144566
我们的解决方法:
测试后,我们发现将连接的SSLSocketFactory设置为与默认值相似的任何内容似乎可以解决问题.
这不行:
HttpsURLConnection.setSSLSocketFactory((SSLSocketFactory)SSLSocketFactory.getDefault());
这样做有效:
HttpsURLConnection.setSSLSocketFactory(new SSLSocketFactoryFacade());
所以,要修复一个JAX-WS客户端,你可以这样做:
bindProvider.getRequestContext().put(“com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory”,新的SSLSocketFactoryFacade());
我们的SSLSocketFactory门面:(注意它真的没有做任何事情)
public class SSLSocketFactoryFacade extends SSLSocketFactory {
SSLSocketFactory sslsf;
public SSLSocketFactoryFacade() {
sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault();;
}
@Override
public String[] getDefaultCipherSuites() {
return sslsf.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return sslsf.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket socket,String s,int i,boolean b) throws IOException {
return sslsf.createSocket(socket,s,i,b);
}
@Override
public Socket createSocket(String s,int i) throws IOException,UnknownHostException {
return sslsf.createSocket(s,i);
}
@Override
public Socket createSocket(String s,InetAddress inetAddress,int i1) throws IOException,inetAddress,i1);
}
@Override
public Socket createSocket(InetAddress inetAddress,int i) throws IOException {
return createSocket(inetAddress,i);
}
@Override
public Socket createSocket(InetAddress inetAddress,InetAddress inetAddress1,int i1) throws IOException {
return createSocket(inetAddress,inetAddress1,i1);
}
}