sslhandshakeexception:握手失败

nszi6y05  于 2021-07-08  发布在  Java
关注(0)|答案(0)|浏览(270)

我在openjdk11.(11.0.7)中遇到ssl握手失败。
客户端发送的大多数密码都不受支持。但我可以看到有两个密码仍然有效。
知道为什么吗?
更新:
我知道服务器在spring boot上运行 1.5.9 Spring Cloud Edgeware.SR2 . 客户端正在spring boot上运行 2.3.4 Spring Cloud Hoxton.SR6 .
有什么问题吗?

javax.net.ssl|ALL|29|boundedElastic-2|2020-11-24 12:18:40.937 SGT|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|29|boundedElastic-2|2020-11-24 12:18:40.937 SGT|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.945 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS13
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.945 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS13
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.945 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS13
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.945 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS13
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.945 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA for TLS13
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.945 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA for TLS13
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.945 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLS13
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.945 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA for TLS13
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.945 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA for TLS13
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.946 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.946 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.946 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.946 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.946 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.946 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.946 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.946 SGT|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|ALL|23|reactor-http-nio-4|2020-11-24 12:18:40.947 SGT|SignatureScheme.java:373|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|23|reactor-http-nio-4|2020-11-24 12:18:40.947 SGT|SignatureScheme.java:373|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|23|reactor-http-nio-4|2020-11-24 12:18:40.947 SGT|SignatureScheme.java:373|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|23|reactor-http-nio-4|2020-11-24 12:18:40.947 SGT|SignatureScheme.java:373|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|23|reactor-http-nio-4|2020-11-24 12:18:40.947 SGT|SignatureScheme.java:373|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|23|reactor-http-nio-4|2020-11-24 12:18:40.947 SGT|SignatureScheme.java:393|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|INFO|23|reactor-http-nio-4|2020-11-24 12:18:40.947 SGT|AlpnExtension.java:161|No available application protocols
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.948 SGT|SSLExtensions.java:259|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.948 SGT|SSLExtensions.java:259|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.949 SGT|PreSharedKeyExtension.java:635|No session to resume.
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.950 SGT|SSLExtensions.java:259|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.951 SGT|ClientHello.java:651|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "A2 9C 5E 22 23 EC 55 9E C6 88 66 07 7D BC 72 9D 5F B1 C9 0C 38 F9 D0 02 73 82 5A 3D 53 17 3C 37",
"session id" : "7B 07 82 67 0A 3D 64 8F 7A 7F 9C 21 EC DB 22 0C 13 15 38 32 2A 24 60 BD 88 7F 55 8A A3 9A 28 1F",
"cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=x01stmupapp2a.uat.lmt.com
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": secp256r1
"key_exchange": {
0000: 04 B5 2A 5E F5 3B B9 AA FC 4C 56 4D F5 DA 68 4C ..*^.;...LVM..hL
0010: 63 3E 78 B8 9A 1D 32 33 CE 99 93 94 A1 87 04 23 c>x...23.......#
0020: 73 85 57 BE 46 B4 1B E3 E0 4A 51 52 A8 C2 81 A7 s.W.F....JQR....
0030: FF DD DC 72 3B 92 98 60 B5 63 DF B0 10 A5 50 1F ...r;..`.c....P.
0040: 39
}
},
]
},
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.951 SGT|SSLEngineOutputRecord.java:505|WRITE: TLS13 handshake, length = 362
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.951 SGT|SSLEngineOutputRecord.java:523|Raw write (
0000: 16 03 03 01 6A 01 00 01 66 03 03 A2 9C 5E 22 23 ....j...f....^"#
0010: EC 55 9E C6 88 66 07 7D BC 72 9D 5F B1 C9 0C 38 .U...f...r._...8
0020: F9 D0 02 73 82 5A 3D 53 17 3C 37 20 7B 07 82 67 ...s.Z=S.<7 ...g
0030: 0A 3D 64 8F 7A 7F 9C 21 EC DB 22 0C 13 15 38 32 .=d.z..!.."...82
0040: 2A 24 60 BD 88 7F 55 8A A3 9A 28 1F 00 16 C0 2C *$`...U...(....,
0050: C0 2B C0 2F C0 30 C0 13 C0 14 00 9C 00 2F 00 35 .+./.0......./.5
0060: 13 01 13 02 01 00 01 07 00 00 00 1E 00 1C 00 00 ................
0070: 19 78 30 31 73 74 6D 75 70 61 70 70 32 61 2E 75 .x01stmupapp2a.u
0080: 61 74 2E 64 62 73 2E 63 6F 6D 00 05 00 05 01 00 at.lmt.com......
0090: 00 00 00 00 0A 00 12 00 10 00 17 00 18 00 19 01 ................
00A0: 00 01 01 01 02 01 03 01 04 00 0B 00 02 01 00 00 ................
00B0: 0D 00 22 00 20 04 03 05 03 06 03 08 04 08 05 08 ..". ...........
00C0: 06 08 09 08 0A 08 0B 04 01 05 01 06 01 04 02 02 ................
00D0: 03 02 01 02 02 00 32 00 22 00 20 04 03 05 03 06 ......2.". .....
00E0: 03 08 04 08 05 08 06 08 09 08 0A 08 0B 04 01 05 ................
00F0: 01 06 01 04 02 02 03 02 01 02 02 00 11 00 09 00 ................
0100: 07 02 00 04 00 00 00 00 00 17 00 00 00 2B 00 09 .............+..
0110: 08 03 04 03 03 03 02 03 01 00 2D 00 02 01 01 00 ..........-.....
0120: 33 00 47 00 45 00 17 00 41 04 B5 2A 5E F5 3B B9 3.G.E...A..*^.;.
0130: AA FC 4C 56 4D F5 DA 68 4C 63 3E 78 B8 9A 1D 32 ..LVM..hLc>x...2
0140: 33 CE 99 93 94 A1 87 04 23 73 85 57 BE 46 B4 1B 3.......#s.W.F..
0150: E3 E0 4A 51 52 A8 C2 81 A7 FF DD DC 72 3B 92 98 ..JQR.......r;..
0160: 60 B5 63 DF B0 10 A5 50 1F 39 FF 01 00 01 00 `.c....P.9.....
)
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.955 SGT|SSLEngineInputRecord.java:177|Raw read (
0000: 15 03 03 00 02 02 28 ......(
)
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.955 SGT|SSLEngineInputRecord.java:214|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|23|reactor-http-nio-4|2020-11-24 12:18:40.955 SGT|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|ERROR|23|reactor-http-nio-4|2020-11-24 12:18:40.956 SGT|TransportContext.java:319|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:187)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:685)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:640)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:456)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:435)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1380)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1275)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1322)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:501)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:440)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:834)}

)
javax.net.ssl|ALL|23|reactor-http-nio-4|2020-11-24 12:18:40.956 SGT|SSLSessionImpl.java:784|Invalidated session: Session(1606191520939|SSL_NULL_WITH_NULL_NULL)
12:18:40.957 [reactor-http-nio-4] ERROR o.s.b.a.w.r.e.AbstractErrorWebExceptionHandler - [3cbdb16e-10] 500 Server Error for HTTP GET "/api/wealth-permission/admin/users"
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题