ПРЕДУПРЕЖДЕНИЕ JDK 7 RECV TLSv1: фатальный, сбой рукопожатия

#java #https #tls1.0

#java #https #tls1.0

Вопрос:

Я столкнулся с этой проблемой при подключении JDK7 по протоколу https tls, и я попытался заменить security jar (UnlimitedJCEPolicyJDK7). Но не работает.

Я пробовал много SSLContext SSLContext ctx = SSLContext.getInstance («TLS»); // я пробовал TLSv1, TLSv1.2, TLSv1.0, SSL, все они не могут работать.

Также некоторые System.setProperties, TLSv1, TLSv1.2, все еще не работают

Моя версия JDk 1.7.085, и по какой-то причине мы не можем обновиться до последней или более поздней версии.Кстати, я попробовал запустить пользователя JDK8, его работу, попробовал запустить на Windows server, jdk1.7-085, работает! Но в Linux (CentOS7) не может работать. вот код:

   public static String post(String url, String json) {  
    HttpClient client = new DefaultHttpClient();  
    client = WebClientDevWrapper.wrapClient(client);  
    HttpPost post = new HttpPost(url);  
   // JSONObject response = null;  
    try {  
      //  StringEntity s = new StringEntity(json);  
       // s.setContentEncoding("UTF-8");  
       // s.setContentType("application/json");  
       // post.setEntity(s);  
  
        Long startTime = System.currentTimeMillis();  
        HttpResponse res = client.execute(post);  
        System.out.println(System.currentTimeMillis() - startTime);  
        if (res.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {  
            HttpEntity entity = res.getEntity();  
            String charset = EntityUtils.getContentCharSet(entity);  
            if(charset == null){  
                charset = "utf-8";  
            }  
           return entity.toString();
        }  
    } catch (Exception e) {  
        throw new RuntimeException(e);  
    }  
    return null;  
}  
  
public static class WebClientDevWrapper {  
    public static HttpClient wrapClient(HttpClient base) {  
        try {  
            SSLContext ctx = SSLContext.getInstance("TLS");  // i tried TLSv1,TLSv1.2, TLSv1.0, SSL all of them cannot work
            X509TrustManager tm = new X509TrustManager() {  
                @Override  
                public X509Certificate[] getAcceptedIssuers() {  
                    return null;  
                }  
  
                @Override  
                public void checkClientTrusted(  
                        java.security.cert.X509Certificate[] chain,  
                        String authType)  
                        throws java.security.cert.CertificateException {  
                      
                }  
  
                @Override  
                public void checkServerTrusted(  
                        java.security.cert.X509Certificate[] chain,  
                        String authType)  
                        throws java.security.cert.CertificateException {  
                      
                }  
            };  
            ctx.init(null, new TrustManager[] { tm }, null);  
            SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);  
            ClientConnectionManager ccm = base.getConnectionManager();  
            SchemeRegistry sr = ccm.getSchemeRegistry();  
            sr.register(new Scheme("https", 443, ssf));  
            return new DefaultHttpClient(ccm, base.getParams());  
        } catch (Exception ex) {  
            ex.printStackTrace();  
            return null;  
        }  
    }  
}  
 

Вот журнал:

       Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3
    Valid from Sun Nov 04 16:00:00 PST 2007 until Mon Jan 18 15:59:59 PST 2038
  
  adding as trusted cert:
    Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
    Issuer:  CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
    Algorithm: EC; Serial number: 0x5c8b99c55a94c5d27156decd8980cc26
    Valid from Sun Jan 31 16:00:00 PST 2010 until Mon Jan 18 15:59:59 PST 2038
  
  adding as trusted cert:
    Subject: CN=Amazon Root CA 4, O=Amazon, C=US
    Issuer:  CN=Amazon Root CA 4, O=Amazon, C=US
    Algorithm: EC; Serial number: 0x66c9fd7c1bb104c2943e5717b7b2cc81ac10e
    Valid from Mon May 25 17:00:00 PDT 2015 until Fri May 25 17:00:00 PDT 2040
  
  adding as trusted cert:
    Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
    Issuer:  CN=Sonera Class2 CA, O=Sonera, C=FI
    Algorithm: RSA; Serial number: 0x1d
    Valid from Fri Apr 06 00:29:40 PDT 2001 until Tue Apr 06 00:29:40 PDT 2021
  
  adding as trusted cert:
    Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
    Issuer:  CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
    Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
    Valid from Thu Jan 12 06:38:43 PST 2006 until Wed Dec 31 14:59:59 PST 2025
  
  adding as trusted cert:
    Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
    Issuer:  CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
    Algorithm: EC; Serial number: 0x1f47afaa62007050544c019e9b63992a
    Valid from Wed Mar 05 16:00:00 PST 2008 until Mon Jan 18 15:59:59 PST 2038
  
  trigger seeding of SecureRandom
  done seeding SecureRandom
  Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
  Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
  Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
  Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
  Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
  EJB default - 3, setSoTimeout(0) called
  Allow unsafe renegotiation: false
  Allow legacy hello messages: true
  Is initial handshake: true
  Is secure renegotiation: false
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie:  GMT: 1589873969 bytes = { 222, 24, 98, 24, 65, 188, 120, 218, 192, 185, 167, 79, 96, 88, 137, 120, 155, 15, 245, 65, 248, 172, 68, 134, 134, 219, 224, 102 }
  Session ID:  {}
  Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
  Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
  EJB default - 3, setSoTimeout(0) called
  Allow unsafe renegotiation: false
  Allow legacy hello messages: true
  Is initial handshake: true
  Is secure renegotiation: false
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie:  GMT: 1589873969 bytes = { 222, 24, 98, 24, 65, 188, 120, 218, 192, 185, 167, 79, 96, 88, 137, 120, 155, 15, 245, 65, 248, 172, 68, 134, 134, 219, 224, 102 }
  Session ID:  {}
  Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
  Compression Methods:  { 0 }
  ***
  [write] MD5 and SHA1 hashes:  len = 61
  0000: 01 00 00 39 03 01 5F C4   8D 31 DE 18 62 18 41 BC  ...9.._..1..b.A.
  0010: 78 DA C0 B9 A7 4F 60 58   89 78 9B 0F F5 41 F8 AC  x....O`X.x...A..
  0020: 44 86 86 DB E0 66 00 00   12 00 2F 00 33 00 32 00  D....f..../.3.2.
  Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
  Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
  EJB default - 3, setSoTimeout(0) called
  Allow unsafe renegotiation: false
  Allow legacy hello messages: true
  Is initial handshake: true
  Is secure renegotiation: false
  %% No cached client session
  ***** ClientHello, TLSv1**
  RandomCookie:  GMT: 1589873969 bytes = { 222, 24, 98, 24, 65, 188, 120, 218, 192, 185, 167, 79, 96, 88, 137, 120, 155, 15, 245, 65, 248, 172, 68, 134, 134, 219, 224, 102 }
  Session ID:  {}
  Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
  Compression Methods:  { 0 }
  ***
  [write] MD5 and SHA1 hashes:  len = 61
  0000: 01 00 00 39 03 01 5F C4   8D 31 DE 18 62 18 41 BC  ...9.._..1..b.A.
  0010: 78 DA C0 B9 A7 4F 60 58   89 78 9B 0F F5 41 F8 AC  x....O`X.x...A..
  0020: 44 86 86 DB E0 66 00 00   12 00 2F 00 33 00 32 00  D....f..../.3.2.
  0030: 0A 00 16 00 13 00 05 00   04 00 FF 01 00           .............
  EJB default - 3, WRITE: TLSv1 Handshake, length = 61
  [Raw write]: length = 66
  0000: 16 03 01 00 3D 01 00 00   39 03 01 5F C4 8D 31 DE  ....=...9.._..1.
  0010: 18 62 18 41 BC 78 DA C0   B9 A7 4F 60 58 89 78 9B  .b.A.x....O`X.x.
  0020: 0F F5 41 F8 AC 44 86 86   DB E0 66 00 00 12 00 2F  ..A..D....f..../
  0030: 00 33 00 32 00 0A 00 16   00 13 00 05 00 04 00 FF  .3.2............
  0040: 01 00                                              ..
  [Raw read]: length = 5
  0000: 15 03 01 00 02                                     .....
  [Raw read]: length = 2
  0000: 02 28                                              .(
  **EJB default - 3, READ: TLSv1 Alert, length = 2
  EJB default - 3, RECV TLSv1 ALERT:  fatal, handshake_failure**
  EJB default - 3, called closeSocket()
  EJB default - 3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
  EJB default - 3, IOException in getSession():  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
  EJB default - 3, called close()
  EJB default - 3, called closeInternal(true)
  EJB default - 3, called close()
  EJB default - 3, called closeInternal(true)
  java.lang.RuntimeException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
      at com.synnex.snif.util.HttpRequest.post(HttpRequest.java:201)
      at com.synnex.snif.xxxx.ClientCustomSSL.httpGet(ClientCustomSSL.java:372)
      at com.synnex.snif.xxxx.ClientCustomSSL.processExecute(ClientCustomSSL.java:232)
      at com.synnex.snif.xxxx.ClientCustomSSL.process(ClientCustomSSL.java:190)
      at com.synnex.snif.xxxx.SNIFJboss6Timer.perform(SNIFJboss6Timer.java:31)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:606)
      at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
      at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:56)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
      at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:56)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
      at org.jboss.as.ejb3.concurrency.ContainerManagedConcurrencyInterceptor.processInvocation(ContainerManagedConcurrencyInterceptor.java:104)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
      at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:52)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:272)
      at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:339)
      at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:238)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
      at org.jboss.as.ejb3.timerservice.TimedObjectInvokerImpl.callTimeout(TimedObjectInvokerImpl.java:101)
      at org.jboss.as.ejb3.timerservice.task.CalendarTimerTask.callTimeout(CalendarTimerTask.java:60)
      at org.jboss.as.ejb3.timerservice.task.TimerTask.run(TimerTask.java:132)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
      at java.util.concurrent.FutureTask.run(FutureTask.java:262)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:745)
      at org.jboss.threads.JBossThread.run(JBossThread.java:122)
  Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
      at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421)
      at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
      at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
      at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
      at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
      at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:641)
      at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
      at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
      at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
      at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
      at com.synnex.snif.util.HttpRequest.post(HttpRequest.java:190)
      ... 52 more