在certificateverify步骤中,双方ssl握手失败

tjvv9vkg  于 2021-07-06  发布在  Java
关注(0)|答案(0)|浏览(301)

我们有一个客户端应用程序正在尝试使用mutualssl(java1.8.0µ181)连接到服务器。通过使用 -Djavax.net.debug=ssl 选项和阅读https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/readdebug.html,显示为:
密钥库和信任库正在正确初始化(适当的) found key for : 20200724101630-mybox-int 密钥库和 adding as trusted cert: Subject: CN=myOrgCN, OU=myOrgOU, O=myOrgO, C=BE, DC=myOrg, DC=com 信任库条目)
成功的clienthello消息
成功的serverhello消息,他们同意密码( TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 )
证书匹配( Found trusted certificate: Issuer: CN=myOrgCN, OU=myOrgOU, O=myOrgO, C=BE, DC=myOrg, DC=com 在日志中)
成功的服务器hellodone消息
找到匹配的证书( matching alias: 20200724101630-mybox-int 在日志中)
成功的ecdhclientkeyexchange消息
失败的certificateverify消息
失败的certificateverify消息没有包含太多信息,只是一个eof/断开连接。从什么我可以告诉你以前的步骤工作没有问题?有人有什么建议吗?
客户端日志:


***ClientHello, TLSv1.2
***ServerHello, TLSv1.2
***Certificate chain
***ECDH ServerKeyExchange
***CertificateRequest
***ServerHelloDone
***ECDHClientKeyExchange

ECDH Public value:  { 4, 183, 178, 125, 32, 33, 188, 107, 247, 199, 129, 51, 106, 171, 247, 13, 191, 230, 107, 60, 229, 194, 177, 104, 246, 108, 193, 41, 123, 152, 179, 124, 106, 157, 241, 162, 155, 218, 176, 160, 1, 149, 177, 167, 106, 119, 155, 83, 30, 47, 223, 217, 177, 55, 81, 163, 131, 186, 38, 204, 146, 236, 102, 246, 84 }
main, WRITE: TLSv1.2 Handshake, length = 4829
SESSION KEYGEN:
PreMaster Secret:
0000: BE 88 D0 99 DB BE B4 63   79 F6 B1 FE B1 48 27 9A  .......cy....H'.
0010: 32 7B 14 58 D9 BE 42 8E   74 0F 6B CC C9 7A 4A B0  2..X..B.t.k..zJ.
CONNECTION KEYGEN:
Client Nonce:
0000: 5F 40 45 44 68 1D 74 41   2E 2B 3B 53 EC 3C 12 68  _@EDh.tA.+;S.<.h
0010: B9 47 00 87 B9 1D 2D E3   83 2A 5F 24 D0 4B 3F 77  .G....-..*_$.K?w
Server Nonce:
0000: 5F 40 45 44 F8 73 BB 6E   F2 6F AF 22 E2 36 F7 4E  _@ED.s.n.o.".6.N
0010: 6D 14 1E D5 FE EC 7A C3   57 0B A6 1A 43 A0 E8 87  m.....z.W...C...
Master Secret:
0000: 71 35 29 46 00 D8 85 63   4B 2F 57 B4 1C B6 EA 4A  q5)F...cK/W....J
0010: D9 0D 90 3F B1 52 FE BD   9A 13 26 9C 75 29 8A 99  ...?.R....&.u)..
0020: B1 4C 2D C2 21 8D 54 23   18 69 EE 17 F3 4D 00 84  .L-.!.T#.i...M..
Client MAC write Secret:
0000: E2 13 DC 30 B9 62 82 E2   1B 3B EA 3F F2 4D D0 33  ...0.b...;.?.M.3
0010: 59 09 A3 3B 2E 37 DA 53   FA 84 8E 95 90 A6 24 D7  Y..;.7.S......$.
0020: 04 60 29 A9 B8 AA E5 6E   09 3E C9 CC 61 42 71 50  .`)....n.>..aBqP
Server MAC write Secret:
0000: 7C EF 07 AB 10 D1 99 C0   07 B4 6E 74 0C A1 98 C6  ..........nt....
0010: 7F E7 2E 6B 8B BB B4 1D   B5 5F E4 78 0F 8E 59 EB  ...k....._.x..Y.
0020: 94 88 C9 C5 C2 35 EC AF   26 C8 65 34 EA DC FC 3D  .....5..&.e4...=
Client write key:
0000: A0 D0 9A E0 2F 16 BC E5   CA F9 B2 6D D2 C0 D2 7C  ..../......m....
0010: CD 69 FF A0 EF B4 02 8D   E7 20 94 A5 8A 6A DB A0  .i....... ...j..
Server write key:
0000: 8E 43 C9 6C 93 96 7C 44   41 3C 57 80 5F 70 33 DE  .C.l...DA<W._p3.
0010: 77 AF 3C A6 3D 3A CB D4   A9 AA BF 4C 06 80 3C B7  w.<.=:.....L..<.
... no IV derived for this protocol

***CertificateVerify

Signature Algorithm SHA512withRSA
main, WRITE: TLSv1.2 Handshake, length = 264
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1

***Finished

verify_data:  { 145, 206, 234, 159, 33, 65, 40, 99, 192, 197, 143, 244 }

***

main, WRITE: TLSv1.2 Handshake, length = 96
main, waiting for close_notify or alert: state 1
main, received EOFException: error
main, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
main, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
main, WRITE: TLSv1.2 Alert, length = 80
main, Exception sending alert: java.net.SocketException: Broken pipe (Write failed)
main, called closeSocket()
java.io.EOFException: SSL peer shut down incorrectly

要运行: java -Djavax.net.debug=ssl -Djavax.net.ssl.keyStore="mykeystore.jks" -Djavax.net.ssl.keyStorePassword=mypassword SSLPoke mydomain.local.int 13309 源代码:

import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;

/**Establish a SSL connection to a host and port, writes a byte and
 * prints the response. See
 * http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
 */
public class SSLPoke {
    public static void main(String[] args) {
        if (args.length != 2) {
            System.out.println("Usage: "+SSLPoke.class.getName()+" <host> <port>");
            System.exit(1);
        }
        try {
            SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(args[0], Integer.parseInt(args[1]));

            InputStream in = sslsocket.getInputStream();
            OutputStream out = sslsocket.getOutputStream();

            // Write a test byte to get a reaction :)
            out.write(1);

            while (in.available() > 0) {
                System.out.print(in.read());
            }
            System.out.println("Successfully connected");

        } catch (Exception exception) {
            exception.printStackTrace();
        }
    }
}

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题