jdk1.7访问https报javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure问题解决

版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/zml_2015/article/details/80957907

错误日志:

本地jdk版本java version "1.8.0_31",代码中已对https做了相应处理:信任所有来源证书,运行正常;上包到服务器(服务器jdk版本java version "1.7.0_80"),报以下ssl异常

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

解决方案尝试:
1. 如果代码还可以改动(代码未上线),直接在网络请求前加上

System.setProperty("https.protocols", "TLSv1.2,TLSv1.1,SSLv3");

2.如果代码已上线,可以设置JVM参数如下,以提高客户端的TLS版本

-Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1.0,SSLv3,SSLv2Hello

已上两种解决方案对我无效,我采用的是第三种
3.更换jdk中jce的jar包

网上资料说这个应该是旧版本jdkjce中安全机制的bug,要去oracle官网下载对应的jce包替换jdk中的jce包

jce所在jdk的路径: %JAVA_HOME%\jre\lib\security里的local_policy.jar,US_export_policy.jar

JDK7 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

JDK8 http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

4.升级 JDK到1.8版本

文章首次发布于个人博客 吾勇士的博客

阅读更多

没有更多推荐了,返回首页