您的位置: 首页  >  技术问答  >  异常SSLException:收到致命警报:handshake_failure

异常SSLException:收到致命警报:handshake_failure

分类: 技术问答 2022-09-22 10:30:21
问题描述:

我的Java版本现在是1.6.0_20(在CentOS的),而握手,下面是我的错误日志异常SSLException:收到致命警报:handshake_failure

我已经试过了在1.6.0_65(在Mac OS失败)和1.7(centos),它工作正常。

有人能告诉我什么问题吗?

THX

%% No cached client session 
*** ClientHello, TLSv1 
RandomCookie: GMT: 1388162409 bytes = { 201, 80, 102, 52, 186, 58, 211, 29, 133, 98, 47, 125, 5, 21, 48, 206, 125, 170, 124, 89, 250, 83, 90, 47, 124, 120, 131, 28 } 
Session ID: {} 
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] 
Compression Methods: { 0 } 
*** 
qp-worker-3, WRITE: TLSv1 Handshake, length = 73 
qp-worker-3, WRITE: SSLv2 client hello message, length = 98 
[23:12:41 [qp-worker-3] DEBUG i.n.channel.DefaultChannelPipeline] - Discarded inbound message EmptyLastHttpContent that reached at the tail of the pipeline. Please check your pipeline configuration. 
qp-worker-3, READ: TLSv1 Handshake, length = 74 
*** ServerHello, TLSv1 
RandomCookie: GMT: 1388162391 bytes = { 12, 103, 251, 144, 26, 135, 139, 17, 21, 169, 221, 121, 219, 21, 55, 46, 40, 186, 251, 153, 225, 104, 71, 24, 18, 85, 249, 210 } 
Session ID: {68, 23, 151, 147, 160, 101, 199, 197, 40, 59, 68, 205, 207, 200, 151, 145, 147, 107, 248, 70, 145, 27, 151, 170, 1, 201, 210, 235, 138, 162, 50, 177} 
Cipher Suite: SSL_RSA_WITH_RC4_128_SHA 
Compression Method: 0 
*** 
%% Created: [Session-4, SSL_RSA_WITH_RC4_128_SHA] 
** SSL_RSA_WITH_RC4_128_SHA 
qp-worker-3, READ: TLSv1 Handshake, length = 3256 
*** Certificate chain 
chain [0] = [ 
[ 
    Version: V3 
    Subject: CN=*.eurolot.com, OU=ZHI, O=EUROLOT S.A, L=Warszawa, ST=Mazowieckie, C=PL 
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 

    Key: Sun RSA public key, 2048 bits 
    modulus: 26717493331350574149439057854903618167737193958673987690726300695457346279972631392320491962781127122899333760559484103614371343706808111202269438980170118210235833365938793936044343421959430293110131285244803242483740013959849587544202560762801349892191942309549256844093260258219101618660470390785366611465550577056253063909239354872865690205330242859582034382368971120250711768909598334637806994345777265659043445492851322189523711957606360806587817002724725860948865123154765517838001989719981766366568039690899154811668409941728394879679362224085287514684192560049324831862025454651970662842183481516113072605239 
    public exponent: 65537 
    Validity: [From: Wed Mar 05 08:00:00 CST 2014, 
       To: Wed Jun 17 07:59:59 CST 2015] 
    Issuer: CN=GeoTrust SSL CA - G2, O=GeoTrust Inc., C=US 
    SerialNumber: [ 5c1f383d b37279f5 463d4a64 abbba966] 

Certificate Extensions: 8 
[1]: ObjectId: 2.5.29.35 Criticality=false 
AuthorityKeyIdentifier [ 
KeyIdentifier [ 
0000: 11 4A D0 73 39 D5 5B 69 08 5C BA 3D BF 64 9A A8 .J.s9.[i.\.=.d.. 
0010: 8B 1C 55 BC          ..U. 
] 

] 

[2]: ObjectId: 2.5.29.31 Criticality=false 
CRLDistributionPoints [ 
    [DistributionPoint: 
    [URIName: http://gtssl2-crl.geotrust.com/gtssl2.crl] 
]] 

[3]: ObjectId: 2.5.29.17 Criticality=false 
SubjectAlternativeName [ 
    DNSName: *.eurolot.com 
    DNSName: eurolot.com 
] 

[4]: ObjectId: 2.5.29.37 Criticality=false 
ExtendedKeyUsages [ 
    serverAuth 
    clientAuth 
] 

[5]: ObjectId: 2.5.29.32 Criticality=false 
CertificatePolicies [ 
    [CertificatePolicyId: [2.16.840.1.113733.1.7.54] 
[PolicyQualifierInfo: [ 
    qualifierID: 1.3.6.1.5.5.7.2.1 
    qualifier: 0000: 16 25 68 74 74 70 3A 2F 2F 77 77 77 2E 67 65 6F .%http://www.geo 
0010: 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 72 trust.com/resour 
0020: 63 65 73 2F 63 70 73        ces/cps 

]] ] 
] 

[6]: ObjectId: 2.5.29.15 Criticality=true 
KeyUsage [ 
    DigitalSignature 
    Key_Encipherment 
] 

[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false 
AuthorityInfoAccess [ 
    [ 
    accessMethod: 1.3.6.1.5.5.7.48.1 
    accessLocation: URIName: http://gtssl2-ocsp.geotrust.com, 
    accessMethod: 1.3.6.1.5.5.7.48.2 
    accessLocation: URIName: http://gtssl2-aia.geotrust.com/gtssl2.cer] 
] 

[8]: ObjectId: 2.5.29.19 Criticality=false 
BasicConstraints:[ 
    CA:false 
    PathLen: undefined 
] 

] 
    Algorithm: [SHA1withRSA] 
    Signature: 
0000: 42 28 EC 43 45 B3 95 4E 01 B0 9D B3 A1 E1 6D 25 B(.CE..N......m% 
0010: 48 B6 58 90 1D D0 C4 85 E2 BB B6 08 F8 AD 3A A0 H.X...........:. 
0020: 64 E1 F2 21 A5 09 B1 0D 7C 91 D9 BD 09 02 3F 36 d..!..........?6 
0030: 41 6C A2 B1 D7 4B 79 56 A7 69 23 76 76 C2 FB 65 Al...KyV.i#vv..e 
0040: B2 18 74 23 09 1A 84 0C 7B F7 02 67 DC 4A E9 C5 ..t#.......g.J.. 
0050: A4 13 27 E5 10 D0 85 98 66 32 4A D9 55 57 F8 61 ..'.....f2J.UW.a 
0060: 8E 58 E5 15 6A 62 53 C6 BA ED 88 3D 67 E4 E0 80 .X..jbS....=g... 
0070: 4A B9 25 3F F2 F3 4B E8 32 FE D4 2F 7F F7 FA 29 J.%?..K.2../...) 
0080: DF 2D 63 44 A3 42 96 BC 29 B6 62 2D 3F 55 39 E7 .-cD.B..).b-?U9. 
0090: B5 08 9A B2 66 2E AD 07 D5 41 BB 7D D6 FB 6D F2 ....f....A....m. 
00A0: 64 70 7F 85 8E C6 4A 74 74 16 87 F1 A3 1F 22 30 dp....Jtt....."0 
00B0: 95 96 2F 3F E1 70 D6 44 FA A1 5B 25 91 6D 8A 48 ../?.p.D..[%.m.H 
00C0: 82 D2 A8 D0 9F 1A 68 A9 3C 3E 1C AD CE 92 31 E6 ......h.<>....1. 
00D0: F0 43 D3 C3 18 15 8A 10 04 9C E6 07 6C BD B1 E5 .C..........l... 
00E0: 0C 55 A6 F1 E2 C6 76 42 09 02 BF 13 B9 CE 8E E5 .U....vB........ 
00F0: 76 25 E5 81 81 B6 4B 3A 0E 15 F6 32 A3 17 7B AE v%....K:...2.... 

] 
chain [1] = [ 
[ 
    Version: V3 
    Subject: CN=GeoTrust SSL CA - G2, O=GeoTrust Inc., C=US 
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 

    Key: Sun RSA public key, 2048 bits 
    modulus: 2337379827096990844466499141978910038086822623352964704982865618033323559273154288514111535732299127495682213294937375378833766151146168058614367747342541867622013711327557199749744544058400668704242091421979403059252371213073851619247891984829267298067528522879828066554288979550028
    public exponent: 65537 
    Validity: [From: Tue Aug 28 04:40:40 CST 2012, 
       To: Sat May 21 04:40:40 CST 2022] 
    Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US 
    SerialNumber: [ 023a63] 

Certificate Extensions: 8 
[1]: ObjectId: 2.5.29.14 Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
0000: 11 4A D0 73 39 D5 5B 69 08 5C BA 3D BF 64 9A A8 .J.s9.[i.\.=.d.. 
0010: 8B 1C 55 BC          ..U. 
] 
] 

[2]: ObjectId: 2.5.29.35 Criticality=false 
AuthorityKeyIdentifier [ 
KeyIdentifier [ 
0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e 
0010: B8 CA CC 4E          ...N 
] 

] 

[3]: ObjectId: 2.5.29.17 Criticality=false 
SubjectAlternativeName [ 
    CN=VeriSignMPKI-2-254 
] 

[4]: ObjectId: 2.5.29.31 Criticality=false 
CRLDistributionPoints [ 
    [DistributionPoint: 
    [URIName: http://crl.geotrust.com/crls/gtglobal.crl] 
]] 

[5]: ObjectId: 2.5.29.32 Criticality=false 
CertificatePolicies [ 
    [CertificatePolicyId: [2.16.840.1.113733.1.7.54] 
[PolicyQualifierInfo: [ 
    qualifierID: 1.3.6.1.5.5.7.2.1 
    qualifier: 0000: 16 25 68 74 74 70 3A 2F 2F 77 77 77 2E 67 65 6F .%http://www.geo 
0010: 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 72 trust.com/resour 
0020: 63 65 73 2F 63 70 73        ces/cps 

]] ] 
] 

[6]: ObjectId: 2.5.29.15 Criticality=true 
KeyUsage [ 
    Key_CertSign 
    Crl_Sign 
] 

[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false 
AuthorityInfoAccess [ 
    [ 
    accessMethod: 1.3.6.1.5.5.7.48.1 
    accessLocation: URIName: http://ocsp.geotrust.com] 
] 

[8]: ObjectId: 2.5.29.19 Criticality=true 
BasicConstraints:[ 
    CA:true 
    PathLen:0 
] 

] 
    Algorithm: [SHA1withRSA] 
    Signature: 
0000: 3C E5 3D 5A 1B A2 37 2A E3 46 CF 36 96 18 3C 7B <.=Z..7*.F.6..<. 
0010: F1 84 C5 57 86 77 40 9D 35 F0 12 F0 78 18 FB 22 [email protected]" 
0020: A4 DE 98 4B 78 81 E6 4D 86 E3 91 0F 42 E3 B9 DC ...Kx..M....B... 
0030: A0 D6 FF A9 F8 B1 79 97 99 D1 C3 6C 42 A5 92 94 ......y....lB... 
0040: E0 5D 0C 33 18 25 C9 2B 95 53 E0 E5 A9 0C 7D 47 .].3.%.+.S.....G 
0050: FE 7F 51 31 44 5E F7 2A 1E 35 A2 94 32 F7 C9 EE ..Q1D^.*.5..2... 
0060: C0 B6 C6 9A AC DE 99 21 6A 23 A0 38 64 EE A3 C4 .......!j#.8d... 
0070: 88 73 32 3B 50 CE BF AD D3 75 1E A6 F4 E9 F9 42 .s2;P....u.....B 
0080: 6B 60 B2 DD 45 FD 5D 57 08 CE 2D 50 E6 12 32 16 k`..E.]W..-P..2. 
0090: 13 8A F2 94 A2 9B 47 A8 86 7F D9 98 E5 F7 E5 76 ......G........v 
00A0: 74 64 D8 91 BC 84 16 28 D8 25 44 30 7E 82 D8 AC td.....(.%D0.... 
00B0: B1 E4 C0 E4 15 6C DB B6 24 27 02 2A 01 12 85 BA .....l..$'.*.... 
00C0: 31 88 58 47 74 E3 B8 D2 64 A6 C3 32 59 2E 29 4B 1.XGt...d..2Y.)K 
00D0: 45 F1 5B 89 49 2E 82 9A C6 18 15 44 D0 2E 64 01 E.[.I......D..d. 
00E0: 15 68 38 F9 F6 F9 66 03 0C 55 1B 9D BF 00 40 AE [email protected] 
00F0: F0 48 27 4C E0 80 5E 2D B9 2A 15 7A BC 66 F8 35 .H'L..^-.*.z.f.5 

] 
chain [2] = [ 
[ 
    Version: V3 
    Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US 
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 

    Key: Sun RSA public key, 2048 bits 
    modulus: 27620593608073140957439440929253438012688864718977347268272053725994928948867769687165112265058896553974818505070806430256424431940072485024407486246475597522063246121214348496326377341879755851197260401080498544606788760407243324127929930612201002157618691487713632251700065187865963692723720912135393438861302779432180613616167225206519123176430362410262429702404863434904116727055203524505580952824336979641923534005571504410997292144760317953739063178352809680844232935574095508445145910310675421726257114605895831426222686272114090063230017292595425393719031924942422176213538487957041730136782988405751614792953 
    public exponent: 65537 
    Validity: [From: Tue May 21 12:00:00 CST 2002, 
       To: Tue Aug 21 12:00:00 CST 2018] 
    Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US 
    SerialNumber: [ 12bbe6] 

Certificate Extensions: 6 
[1]: ObjectId: 2.5.29.14 Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e 
0010: B8 CA CC 4E          ...N 
] 
] 

[2]: ObjectId: 2.5.29.35 Criticality=false 
AuthorityKeyIdentifier [ 
KeyIdentifier [ 
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3 
0010: 98 90 9F D4          .... 
] 

] 

[3]: ObjectId: 2.5.29.31 Criticality=false 
CRLDistributionPoints [ 
    [DistributionPoint: 
    [URIName: http://crl.geotrust.com/crls/secureca.crl] 
]] 

[4]: ObjectId: 2.5.29.32 Criticality=false 
CertificatePolicies [ 
    [CertificatePolicyId: [2.5.29.32.0] 
[PolicyQualifierInfo: [ 
    qualifierID: 1.3.6.1.5.5.7.2.1 
    qualifier: 0000: 16 2D 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 65 .-https://www.ge 
0010: 6F 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 otrust.com/resou 
0020: 72 63 65 73 2F 72 65 70 6F 73 69 74 6F 72 79  rces/repository 

]] ] 
] 

[5]: ObjectId: 2.5.29.15 Criticality=true 
KeyUsage [ 
    Key_CertSign 
    Crl_Sign 
] 

[6]: ObjectId: 2.5.29.19 Criticality=true 
BasicConstraints:[ 
    CA:true 
    PathLen:2147483647 
] 

] 
    Algorithm: [SHA1withRSA] 
    Signature: 
0000: 76 E1 12 6E 4E 4B 16 12 86 30 06 B2 81 08 CF F0 v..nNK...0...... 
0010: 08 C7 C7 71 7E 66 EE C2 ED D4 3B 1F FF F0 F0 C8 ...q.f....;..... 
0020: 4E D6 43 38 B0 B9 30 7D 18 D0 55 83 A2 6A CB 36 N.C8..0...U..j.6 
0030: 11 9C E8 48 66 A3 6D 7F B8 13 D4 47 FE 8B 5A 5C ...Hf.m....G..Z\ 
0040: 73 FC AE D9 1B 32 19 38 AB 97 34 14 AA 96 D2 EB s....2.8..4..... 
0050: A3 1C 14 08 49 B6 BB E5 91 EF 83 36 EB 1D 56 6F ....I......6..Vo 
0060: CA DA BC 73 63 90 E4 7F 7B 3E 22 CB 3D 07 ED 5F ...sc....>".=.._ 
0070: 38 74 9C E3 03 50 4E A1 AF 98 EE 61 F2 84 3F 12 8t...PN....a..?. 

] 
*** 
qp-worker-3, READ: TLSv1 Handshake, length = 4 
*** ServerHelloDone 
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1 
qp-worker-3, WRITE: TLSv1 Handshake, length = 262 
SESSION KEYGEN: 
PreMaster Secret: 
0000: 03 01 88 A9 7D 45 5B 3D C6 71 5F 24 0D 66 E0 21 .....E[=.q_$.f.! 
0010: 4F F1 7A 38 47 74 8C 6E 30 31 24 79 9F 81 9D DD O.z8Gt.n01$y.... 
0020: 89 52 4F 9C 4F CA 88 76 1B D6 72 39 87 0B B2 83 .RO.O..v..r9.... 
CONNECTION KEYGEN: 
Client Nonce: 
0000: 53 BE AD 69 C9 50 66 34 BA 3A D3 1D 85 62 2F 7D S..i.Pf4.:...b/. 
0010: 05 15 30 CE 7D AA 7C 59 FA 53 5A 2F 7C 78 83 1C ..0....Y.SZ/.x.. 
Server Nonce: 
0000: 53 BE AD 57 0C 67 FB 90 1A 87 8B 11 15 A9 DD 79 S..W.g.........y 
0010: DB 15 37 2E 28 BA FB 99 E1 68 47 18 12 55 F9 D2 ..7.(....hG..U.. 
Master Secret: 
0000: 28 2B 8C 01 30 6D 63 B8 6D BA 64 2F 73 26 DE 4A (+..0mc.m.d/s&.J 
0010: 90 3F B1 41 C4 3E 2A 0D 0D C3 91 76 A5 79 26 99 .?.A.>*....v.y&. 
0020: 68 D5 66 D9 A4 6D F7 90 7B 8C DC B6 ED 08 6B 6C h.f..m........kl 
Client MAC write Secret: 
0000: E4 93 C2 3B 1C 32 D3 21 A3 7E F8 7F 9E 47 09 34 ...;.2.!.....G.4 
0010: 45 09 A4 07          E... 
Server MAC write Secret: 
0000: 80 09 70 EC 01 0A B8 8E 3B 86 80 A1 CE E3 4C D0 ..p.....;.....L. 
0010: 4D F3 96 45          M..E 
Client write key: 
0000: C6 96 AD 12 E4 17 28 70 F9 69 D0 79 A9 39 D6 C1 ......(p.i.y.9.. 
Server write key: 
0000: 5F 95 CA 70 D5 C0 48 A8 2A A7 90 A7 CD 50 A9 9A _..p..H.*....P.. 
... no IV used for this cipher 
qp-worker-3, WRITE: TLSv1 Change Cipher Spec, length = 1 
*** Finished 
verify_data: { 252, 222, 202, 222, 151, 254, 82, 255, 41, 171, 134, 206 } 
*** 
qp-worker-3, WRITE: TLSv1 Handshake, length = 36 
qp-worker-3, READ: TLSv1 Change Cipher Spec, length = 1 
qp-worker-3, READ: TLSv1 Handshake, length = 36 
*** Finished 
verify_data: { 196, 131, 130, 244, 200, 34, 14, 228, 14, 212, 150, 139 } 
*** 
%% Cached client session: [Session-4, SSL_RSA_WITH_RC4_128_SHA] 
[23:12:46 [qp-worker-3] DEBUG io.netty.handler.ssl.SslHandler] - [id: 0xfe86ff32, /192.168.237.222:51922 => /117.122.138.115:9001] HANDSHAKEN: SSL_RSA_WITH_RC4_128_SHA 
qp-worker-3, WRITE: TLSv1 Application Data, length = 525 
[23:12:46 [qp-worker-3] DEBUG q.t.q.client.DefaultRequestExecutor] - Request sent to proxy server successfully 
qp-worker-3, READ: TLSv1 Alert, length = 22 
qp-worker-3, RECV TLSv1 ALERT: fatal, handshake_failure 
qp-worker-3, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure 
qp-worker-3, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure 
qp-worker-3, called closeOutbound() 
qp-worker-3, closeOutboundInternal() 
qp-worker-3, SEND TLSv1 ALERT: warning, description = close_notify 
qp-worker-3, WRITE: TLSv1 Alert, length = 22 
qp-worker-3, called closeInbound() 
qp-worker-3, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
+0

“可能截断攻击?”。发布一些代码。 – EJP

+0

Hi @EJP。我只是使用Netty的SslHandler,并向“https://eurolot.com”发送请求,我可以向您展示用于创建sslHandler的sslEngine。看到我的更新 – Alexis

通过更新JDK解决这1.6.0_45

相关推荐