我正在使用 Ability 邮件服务器 (AMS) 工具来测试我的 SMTP 服务器网络在各种配置(SMTP、带 TLS 的 SMTP、基于 SSL 的 SMTP 等)中的可用性。我的服务器端是用 java 编写的,并使用 SubethaSmtp 库来实现。
在我决定将服务器从 java 6 升级到 java 7 之前,AMS 运行良好并且可以很好地满足我的测试需求。从那时起,我无法使用此实用程序来测试我的 SMTP over SSL 和 SMTP 与 TLS 连接,因为每次尝试我越来越:
Outgoing Route: Relay localhost:40125 rejected connection with
我也写在 java 上的其他集成测试是成功的,但是这个问题仍然困扰着我。我无法找出,有什么不同。
我的 java 6 成功的 SSL 握手调试输出
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Handshake, length = 205
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
*** ClientHello, TLSv1
RandomCookie: GMT: 1366202273 bytes = { 29, 88, 44, 226, 58, 30, 188, 76, 46, 113, 18, 193, 226, 156, 129, 241, 160, 23, 39, 190, 177, 37, 141, 173, 175, 6, 125, 195 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, Unknown 0x0:0x88, Unknown 0x0:0x87, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, Unknown 0x0:0x9a, Unknown 0x0:0x99, Unknown 0x0:0x45, Unknown 0x0:0x44, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x96, Unknown 0x0:0x41, SSL_RSA_WITH_IDEA_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
Unsupported extension type_35, data:
***
%% Created: [Session-1, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1366202273 bytes = { 239, 167, 83, 82, 189, 146, 43, 152, 2, 25, 247, 132, 153, 169, 208, 74, 207, 219, 235, 179, 154, 225, 199, 147, 238, 91, 114, 53 }
Session ID: {81, 111, 152, 161, 109, 178, 13, 166, 232, 166, 36, 148, 10, 94, 92, 222, 61, 86, 245, 119, 215, 130, 31, 150, 99, 74, 121, 252, 181, 255, 30, 22}
Cipher Suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called closeSocket(selfInitiated)
chain [0] = [
[
Version: V3
Subject: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 16529753809247247111312284751522134978177807492128325820211425902224490010793234062180928535488108823704586950959318642289246645463583464189812207858850010614046945230962602914709480782247492980056070065328765412779951346605688731554625592721596539401530793434052536122002537683254913189373178145181405215449627192067321602357247727580287704588004112308611398315890251445283600299225291631455558225388037583805230035932707731947473961715066552985380371964947081577833023069202844021620640680874794841415527496125781091471359903204493217693952167487019116813691991952393229097684735681407566394557493095017917012563127
public exponent: 65537
Validity: [From: Tue Sep 18 11:41:33 GMT+04:00 2012,
To: Wed Sep 18 11:41:33 GMT+04:00 2013]
Issuer: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
SerialNumber: [ 6e640d68]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 CC 44 CE D3 FD EA 07 18 67 A0 BE F0 70 E9 97 ..D......g...p..
0010: D2 D7 1B E3 ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 12 8A E0 40 EB 91 7F 6D A5 06 E8 F8 A2 CD D5 EF ...@...m........
0010: AC E1 3A 95 7C 99 09 D7 04 AA 5E 59 4D FC 45 92 ..:.......^YM.E.
0020: CD 9F 58 95 8F F1 F4 17 D4 73 8D B4 D3 BC 8C DD ..X......s......
0030: 99 C7 47 5D 4E 22 43 BA 74 C1 4B 2B 76 98 1A AA ..G]N"C.t.K+v...
0040: 1F 6A 62 1E 1E 2B BD 13 3D 36 97 36 05 7F 31 F1 .jb..+..=6.6..1.
0050: 68 A9 60 E1 94 74 84 6A 60 68 B4 8A ED 94 04 43 h.`..t.j`h.....C
0060: 0F 89 D2 83 4F D2 A4 4F E7 24 D5 AE 13 7A CD F2 ....O..O.$...z..
0070: 4D AE DA B2 4C 27 C8 97 7D 10 20 13 A6 B5 83 A5 M...L'.... .....
0080: 79 96 52 CE C0 BC 2F 1E 67 7C 49 DC 3D 2E 55 24 y.R.../.g.I.=.U$
0090: 73 5E F1 95 10 6C 9A 21 1E 5F 2D 9B 75 7A D8 31 s^...l.!._-.uz.1
00A0: 59 42 B0 6C AD 86 6E 05 D9 59 86 67 16 E5 AD C1 YB.l..n..Y.g....
00B0: E8 6C 21 15 19 8A 85 D8 70 59 B4 51 D6 3D 16 CE .l!.....pY.Q.=..
00C0: 2D AD 7B E8 08 32 0D B7 2F F0 15 1C 12 EE 9F 18 -....2../.......
00D0: C3 DE 61 16 C4 D3 A4 1A F2 1E E0 C5 BA 28 49 B8 ..a..........(I.
00E0: 70 0E 19 21 6E 1B 47 CA 1E E9 A0 33 D9 23 D5 CF p..!n.G....3.#..
00F0: CE 91 71 AA 6B 54 0B 24 49 4A CE 2F 92 6D 4D DA ..q.kT.$IJ./.mM.
]
***
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 233, 230, 66, 89, 157, 53, 95, 55, 201, 127, 253, 53, 103, 18, 11, 142, 37, 201, 205, 67, 233, 39, 179, 169, 103, 15, 190, 197, 216, 144, 20, 25, 34, 210, 195, 179, 173, 36, 128, 9, 55, 153, 134, 157, 30, 132, 106, 171, 73, 250, 176, 173, 38, 210, 206, 106, 34, 33, 157, 71, 11, 206, 125, 119, 125, 74, 33, 251, 233, 194, 112, 181, 127, 96, 112, 2, 243, 206, 248, 57, 54, 148, 207, 69, 238, 54, 136, 193, 26, 140, 86, 171, 18, 122, 61, 175 }
DH Base: { 48, 71, 10, 213, 160, 5, 251, 20, 206, 45, 157, 205, 135, 227, 139, 199, 209, 177, 197, 250, 203, 174, 203, 233, 95, 25, 10, 167, 163, 29, 35, 196, 219, 188, 190, 6, 23, 69, 68, 64, 26, 91, 44, 2, 9, 101, 216, 194, 189, 33, 113, 211, 102, 132, 69, 119, 31, 116, 186, 8, 77, 32, 41, 216, 60, 28, 21, 133, 71, 243, 169, 241, 162, 113, 91, 226, 61, 81, 174, 77, 62, 90, 31, 106, 112, 100, 243, 22, 147, 58, 52, 109, 63, 82, 146, 82 }
Server DH Public Key: { 196, 174, 239, 97, 244, 9, 222, 141, 94, 81, 143, 199, 56, 23, 160, 164, 140, 162, 44, 78, 243, 75, 44, 208, 229, 164, 90, 214, 232, 7, 55, 101, 24, 164, 116, 13, 189, 175, 113, 183, 170, 161, 229, 93, 86, 216, 238, 9, 179, 130, 120, 140, 173, 190, 119, 34, 131, 169, 114, 230, 223, 139, 79, 128, 46, 17, 200, 81, 229, 13, 176, 73, 129, 204, 10, 243, 197, 24, 174, 152, 108, 11, 14, 58, 168, 9, 11, 49, 222, 189, 117, 125, 126, 49, 230, 250 }
Signed with a DSA or RSA public key
*** ServerHelloDone
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Handshake, length = 1570
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Handshake, length = 102
*** ClientKeyExchange, DH
DH Public key: { 95, 208, 98, 2, 159, 50, 206, 212, 96, 80, 180, 201, 119, 130, 53, 165, 5, 81, 35, 243, 18, 0, 100, 250, 160, 150, 10, 60, 129, 126, 9, 130, 58, 236, 226, 104, 238, 19, 255, 109, 213, 240, 24, 22, 47, 10, 6, 114, 91, 199, 56, 238, 79, 158, 30, 199, 90, 16, 174, 112, 202, 125, 87, 70, 101, 86, 131, 15, 73, 103, 223, 186, 196, 132, 4, 54, 46, 6, 58, 211, 70, 213, 246, 244, 250, 125, 1, 175, 155, 197, 68, 73, 224, 19, 133, 189 }
SESSION KEYGEN:
PreMaster Secret:
0000: 68 1E 91 97 0A 91 6A E3 B2 41 17 32 41 B9 80 24 h.....j..A.2A..$
0010: 4F C8 84 F2 7F C7 D8 F5 28 BB 84 82 4E C9 C3 53 O.......(...N..S
0020: 0B B8 10 3E 08 0B C0 87 D8 2D FB A1 BA D4 1C FB ...>.....-......
0030: 01 DA 8F F2 10 E0 63 EA BF 41 90 D5 25 1C EC 52 ......c..A..%..R
0040: 00 6A 33 92 C3 84 78 C4 2D 5B 8D 87 9A CE CC E9 .j3...x.-[......
0050: 23 36 49 58 9C 20 20 15 DD 4D AC 01 10 FE D6 DD #6IX. ..M......
CONNECTION KEYGEN:
Client Nonce:
0000: 51 6F 98 A1 1D 58 2C E2 3A 1E BC 4C 2E 71 12 C1 Qo...X,.:..L.q..
0010: E2 9C 81 F1 A0 17 27 BE B1 25 8D AD AF 06 7D C3 ......'..%......
Server Nonce:
0000: 51 6F 98 A1 EF A7 53 52 BD 92 2B 98 02 19 F7 84 Qo....SR..+.....
0010: 99 A9 D0 4A CF DB EB B3 9A E1 C7 93 EE 5B 72 35 ...J.........[r5
Master Secret:
0000: DD 91 8B 8B 81 B8 DA 9F EC 60 E9 F4 DF 0E C3 27 .........`.....'
0010: F8 BD 3E B1 A7 28 03 FB A7 E7 24 DB D6 80 D5 3F ..>..(....$....?
0020: 8C 90 F0 EF 31 65 51 03 20 CB CA 12 D8 0A 05 AB ....1eQ. .......
Client MAC write Secret:
0000: F2 6C AE B6 C0 3B 2D D7 8E 7C D7 00 6A 3B 80 D3 .l...;-.....j;..
0010: 16 73 B2 57 .s.W
Server MAC write Secret:
0000: 69 2C A7 C1 32 B9 D3 3A FD 30 15 F0 78 4E DE 76 i,..2..:.0..xN.v
0010: 6B F2 EE F2 k...
Client write key:
0000: C3 33 CC EC 07 6C 4F 51 1C B6 14 74 29 6C 82 59 .3...lOQ...t)l.Y
0010: 02 1D A1 99 EA 4A 10 45 .....J.E
Server write key:
0000: 4B 6F 90 B3 C3 C0 00 35 EA DF 0F C7 7F 2D 77 3A Ko.....5.....-w:
0010: 12 C8 34 C9 8B 6E E6 7E ..4..n..
Client write IV:
0000: C2 23 F2 38 C0 E2 46 99 .#.8..F.
Server write IV:
0000: 08 CC 53 9B 23 D6 23 6B ..S.#.#k
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Change Cipher Spec, length = 1
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Handshake, length = 40
*** Finished
verify_data: { 76, 73, 162, 146, 43, 189, 56, 224, 219, 30, 197, 162 }
***
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 253, 203, 94, 73, 30, 8, 230, 39, 100, 105, 142, 219 }
***
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Handshake, length = 40
%% Cached server session: [Session-1, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA]
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Application Data, length = 80
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Application Data, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Application Data, length = 48
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Application Data, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Application Data, length = 80
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Alert, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, RECV TLSv1 ALERT: warning, close_notify
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeInternal(false)
org.subethamail.smtp.server.Session-/127.0.0.1:51806, SEND TLSv1 ALERT: warning, description = close_notify
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Alert, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeSocket(selfInitiated)
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeInternal(true)
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeInternal(true)
我的 java 7 总是失败 SSL 握手调试输出
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
org.subethamail.smtp.server.Session-/127.0.0.1:51856, READ: TLSv1 Handshake, length = 205
*** ClientHello, TLSv1
RandomCookie: GMT: 1366202735 bytes = { 148, 248, 66, 243, 154, 205, 184, 147, 105, 230, 198, 110, 97, 132, 40, 233, 246, 125, 120, 183, 97, 219, 182, 40, 20, 87, 103, 53 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_SEED_CBC_SHA, TLS_DHE_DSS_WITH_SEED_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_SEED_CBC_SHA, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_RSA_WITH_IDEA_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
Unsupported extension type_35, data:
***
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: server_certificate
%% Negotiating: [Session-1, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1366202735 bytes = { 218, 177, 74, 98, 93, 153, 110, 141, 95, 69, 218, 102, 107, 215, 209, 26, 0, 157, 60, 33, 94, 70, 40, 77, 46, 103, 173, 224 }
Session ID: {81, 111, 153, 111, 235, 17, 119, 190, 82, 45, 15, 130, 77, 69, 37, 136, 91, 110, 135, 121, 204, 13, 56, 171, 101, 52, 110, 122, 85, 126, 15, 109}
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 16529753809247247111312284751522134978177807492128325820211425902224490010793234062180928535488108823704586950959318642289246645463583464189812207858850010614046945230962602914709480782247492980056070065328765412779951346605688731554625592721596539401530793434052536122002537683254913189373178145181405215449627192067321602357247727580287704588004112308611398315890251445283600299225291631455558225388037583805230035932707731947473961715066552985380371964947081577833023069202844021620640680874794841415527496125781091471359903204493217693952167487019116813691991952393229097684735681407566394557493095017917012563127
public exponent: 65537
Validity: [From: Tue Sep 18 11:41:33 GMT+04:00 2012,
To: Wed Sep 18 11:41:33 GMT+04:00 2013]
Issuer: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
SerialNumber: [ 6e640d68]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 CC 44 CE D3 FD EA 07 18 67 A0 BE F0 70 E9 97 ..D......g...p..
0010: D2 D7 1B E3 ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 12 8A E0 40 EB 91 7F 6D A5 06 E8 F8 A2 CD D5 EF ...@...m........
0010: AC E1 3A 95 7C 99 09 D7 04 AA 5E 59 4D FC 45 92 ..:.......^YM.E.
0020: CD 9F 58 95 8F F1 F4 17 D4 73 8D B4 D3 BC 8C DD ..X......s......
0030: 99 C7 47 5D 4E 22 43 BA 74 C1 4B 2B 76 98 1A AA ..G]N"C.t.K+v...
0040: 1F 6A 62 1E 1E 2B BD 13 3D 36 97 36 05 7F 31 F1 .jb..+..=6.6..1.
0050: 68 A9 60 E1 94 74 84 6A 60 68 B4 8A ED 94 04 43 h.`..t.j`h.....C
0060: 0F 89 D2 83 4F D2 A4 4F E7 24 D5 AE 13 7A CD F2 ....O..O.$...z..
0070: 4D AE DA B2 4C 27 C8 97 7D 10 20 13 A6 B5 83 A5 M...L'.... .....
0080: 79 96 52 CE C0 BC 2F 1E 67 7C 49 DC 3D 2E 55 24 y.R.../.g.I.=.U$
0090: 73 5E F1 95 10 6C 9A 21 1E 5F 2D 9B 75 7A D8 31 s^...l.!._-.uz.1
00A0: 59 42 B0 6C AD 86 6E 05 D9 59 86 67 16 E5 AD C1 YB.l..n..Y.g....
00B0: E8 6C 21 15 19 8A 85 D8 70 59 B4 51 D6 3D 16 CE .l!.....pY.Q.=..
00C0: 2D AD 7B E8 08 32 0D B7 2F F0 15 1C 12 EE 9F 18 -....2../.......
00D0: C3 DE 61 16 C4 D3 A4 1A F2 1E E0 C5 BA 28 49 B8 ..a..........(I.
00E0: 70 0E 19 21 6E 1B 47 CA 1E E9 A0 33 D9 23 D5 CF p..!n.G....3.#..
00F0: CE 91 71 AA 6B 54 0B 24 49 4A CE 2F 92 6D 4D DA ..q.kT.$IJ./.mM.
]
***
*** ECDH ServerKeyExchange
Server key: Sun EC public key, 163 bits
public x coord: 9136528840887878846890758313033245846487987894913
public y coord: 10222364285200404385822101945158338799500469323918
parameters: sect163k1 [NIST K-163] (1.3.132.0.1)
*** ServerHelloDone
org.subethamail.smtp.server.Session-/127.0.0.1:51856, WRITE: TLSv1 Handshake, length = 1323
org.subethamail.smtp.server.Session-/127.0.0.1:51856, received EOFException: error
org.subethamail.smtp.server.Session-/127.0.0.1:51856, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]
org.subethamail.smtp.server.Session-/127.0.0.1:51856, SEND TLSv1 ALERT: fatal, description = handshake_failure
org.subethamail.smtp.server.Session-/127.0.0.1:51856, WRITE: TLSv1 Alert, length = 2
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called closeSocket()
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called closeInternal(true)
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called closeInternal(true)
我的 SMTP over SSL 服务器实现
private static class SmtpServer extends SMTPServer {
private SSLContext context;
protected SmtpServer(MessageHandlerFactory factory, SSLContext context) {
super(factory);
this.context = context;
}
@Override
public SSLSocket createSSLSocket(Socket socket) throws IOException {
InetSocketAddress remoteAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
SSLSocketFactory sf = context.getSocketFactory();
SSLSocket s = (SSLSocket) sf.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true);
// we are the server
s.setUseClientMode(false);
return s;
}
}
实施与以往没有任何区别。唯一的区别是 JDK 的版本。
我不知道,握手期间会出什么问题。是在测试实用程序问题还是我应该执行任何步骤来修复此错误以防止发生?