1

我遇到了问题,客户端(浏览器)在连接到具有 CA 签名证书的密钥库的 SSLSocket 时超时。

我的 SSLServer 代码如下:

static{
    try {
        System.setProperty("javax.net.debug","all");
        //Security.addProvider(new Provider());
        System.setProperty("javax.net.debug","true");
        System.setProperty("javax.net.ssl.keyStore","C:/cert/hello.jks");
        System.setProperty("javax.net.ssl.keyStorePassword","****");
        System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
        System.setProperty("https.protocols", "TLSv1.1");
        SSLServerSocketFactory sslServerSocketfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
        serverSocket = (SSLServerSocket)sslServerSocketfactory.createServerSocket(443);
        //serverSocket = new ServerSocket(80);

        serverSocket.setSoTimeout(0);
        serverSocket.setReuseAddress(true);
        serverSocket.setReceiveBufferSize(524288);
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
}

接受连接的代码如下:

clientSocket = (SSLSocket) serverSocket.accept();
System.out.println(clientSocket);
                clientSocket.setKeepAlive(true);
                clientSocket.setSoTimeout(0);
                //clientSocket.setReuseAddress(true);
                clientSocket.setReceiveBufferSize(524288);

但不幸的是,当我尝试从浏览器连接该 ip 的端口 443 时,比如说 https://ip:443它超时

在对 KeyStore 进行了一些更改之后,当我尝试将某些内容刷新到 clientSocket 时,我现在遇到了远程主机关闭连接错误,例如以下行:

clinetSocket.flush

我得到以下异常:

    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handsh
ake
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
java:1312)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
        at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
        at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
        at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
        at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
        at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
        at java.io.BufferedWriter.flush(BufferedWriter.java:254)
        at com.xxx.yyy.SocketSubscribe.run(SocketSubscribe.java:209)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at sun.security.ssl.InputRecord.read(InputRecord.java:482)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
        ... 11 more

以下是 javax.net.ssl 调试日志,虽然我不是理解日志的专家,GET /rest/whoami但在显示套接字已关闭之后,不确定代码的哪一部分正在关闭套接字:

Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Server Socket Buffer Size: 524288
Protocols: [Ljava.lang.String;@56af5047
Cipher Suites:  [Ljava.lang.String;@fbf91c7
69fba7e4[SSL_NULL_WITH_NULL_NULL: Socket[addr=/0:0:0:0:0:0:0:1,port=56797,localport=443]]
Thread-2, setSoTimeout(0) called
Client Socket Buffer Size: 524288
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
[Raw read]: length = 5
0000: 16 03 01 00 D2                                     .....
[Raw read]: length = 210
0000: 01 00 00 CE 03 02 29 75   83 35 84 F8 E7 3B 32 97  ......)u.5...;2.
0010: 81 DD 54 10 FD 29 E8 05   72 ED 8C BC 11 B6 39 9C  ..T..)..r.....9.
0020: A8 93 FE 73 43 86 20 54   4B 96 FC 0D B8 56 E2 EE  ...sC. TK....V..
0030: 88 A6 05 ED 82 3E B2 C2   10 74 6C F0 68 4B 91 B3  .....>...tl.hK..
0040: 3D 8A FA 33 35 6F 88 00   28 C0 2B C0 2F 00 9E CC  =..35o..(.+./...
0050: 14 CC 13 C0 0A C0 09 C0   13 C0 14 C0 07 C0 11 00  ................
0060: 33 00 32 00 39 00 9C 00   2F 00 35 00 0A 00 05 00  3.2.9.../.5.....
0070: 04 01 00 00 5D 00 00 00   0E 00 0C 00 00 09 6C 6F  ....].........lo
0080: 63 61 6C 68 6F 73 74 FF   01 00 01 00 00 0A 00 08  calhost.........
0090: 00 06 00 17 00 18 00 19   00 0B 00 02 01 00 00 23  ...............#
00A0: 00 00 33 74 00 00 00 10   00 1B 00 19 06 73 70 64  ..3t.........spd
00B0: 79 2F 33 08 73 70 64 79   2F 33 2E 31 08 68 74 74  y/3.spdy/3.1.htt
00C0: 70 2F 31 2E 31 00 05 00   05 01 00 00 00 00 00 12  p/1.1...........
00D0: 00 00                                              ..
Thread-2, READ: TLSv1 Handshake, length = 210
*** ClientHello, TLSv1.1
RandomCookie:  GMT: 695501621 bytes = { 132, 248, 231, 59, 50, 151, 129, 221, 84, 16, 253, 41, 232, 5, 114, 237, 140, 188, 17, 182, 57, 156, 168, 147, 254, 115, 67, 134 }
Session ID:  {84, 75, 150, 252, 13, 184, 86, 226, 238, 136, 166, 5, 237, 130, 62, 178, 194, 16, 116, 108, 240, 104, 75, 145, 179, 61, 138, 250, 51, 53, 111, 136}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods:  { 0 }
Extension server_name, server_name: [host_name: localhost]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data: 
Unsupported extension type_13172, data: 
Unsupported extension type_16, data: 00:19:06:73:70:64:79:2f:33:08:73:70:64:79:2f:33:2e:31:08:68:74:74:70:2f:31:2e:31
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data: 
***
[read] MD5 and SHA1 hashes:  len = 210
0000: 01 00 00 CE 03 02 29 75   83 35 84 F8 E7 3B 32 97  ......)u.5...;2.
0010: 81 DD 54 10 FD 29 E8 05   72 ED 8C BC 11 B6 39 9C  ..T..)..r.....9.
0020: A8 93 FE 73 43 86 20 54   4B 96 FC 0D B8 56 E2 EE  ...sC. TK....V..
0030: 88 A6 05 ED 82 3E B2 C2   10 74 6C F0 68 4B 91 B3  .....>...tl.hK..
0040: 3D 8A FA 33 35 6F 88 00   28 C0 2B C0 2F 00 9E CC  =..35o..(.+./...
0050: 14 CC 13 C0 0A C0 09 C0   13 C0 14 C0 07 C0 11 00  ................
0060: 33 00 32 00 39 00 9C 00   2F 00 35 00 0A 00 05 00  3.2.9.../.5.....
0070: 04 01 00 00 5D 00 00 00   0E 00 0C 00 00 09 6C 6F  ....].........lo
0080: 63 61 6C 68 6F 73 74 FF   01 00 01 00 00 0A 00 08  calhost.........
0090: 00 06 00 17 00 18 00 19   00 0B 00 02 01 00 00 23  ...............#
00A0: 00 00 33 74 00 00 00 10   00 1B 00 19 06 73 70 64  ..3t.........spd
00B0: 79 2F 33 08 73 70 64 79   2F 33 2E 31 08 68 74 74  y/3.spdy/3.1.htt
00C0: 70 2F 31 2E 31 00 05 00   05 01 00 00 00 00 00 12  p/1.1...........
00D0: 00 00                                              ..
%% Resuming [Session-3, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
*** ServerHello, TLSv1.1
RandomCookie:  GMT: 1414174480 bytes = { 24, 194, 29, 184, 17, 188, 176, 74, 202, 134, 74, 228, 87, 199, 127, 151, 215, 71, 48, 249, 57, 34, 104, 251, 39, 138, 66, 110 }
Session ID:  {84, 75, 150, 252, 13, 184, 86, 226, 238, 136, 166, 5, 237, 130, 62, 178, 194, 16, 116, 108, 240, 104, 75, 145, 179, 61, 138, 250, 51, 53, 111, 136}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
CONNECTION KEYGEN:
Client Nonce:
0000: 29 75 83 35 84 F8 E7 3B   32 97 81 DD 54 10 FD 29  )u.5...;2...T..)
0010: E8 05 72 ED 8C BC 11 B6   39 9C A8 93 FE 73 43 86  ..r.....9....sC.
Server Nonce:
0000: 54 4B 97 10 18 C2 1D B8   11 BC B0 4A CA 86 4A E4  TK.........J..J.
0010: 57 C7 7F 97 D7 47 30 F9   39 22 68 FB 27 8A 42 6E  W....G0.9"h.'.Bn
Master Secret:
0000: B5 87 A5 75 CE 80 96 41   D6 44 EE 25 8B CE 58 F7  ...u...A.D.%..X.
0010: 9D 5A 7C 6D 21 25 B8 4B   6F 0D 0F ED E4 45 45 27  .Z.m!%.Ko....EE'
0020: 79 55 9B 23 B0 DF 55 41   A4 ED 4E 54 F0 F0 E9 BD  yU.#..UA..NT....
Client MAC write Secret:
0000: D6 C2 97 B5 6B 0E 30 5C   74 E3 97 74 4F 08 DA 7B  ....k.0\t..tO...
0010: DC 2B 2F DA                                        .+/.
Server MAC write Secret:
0000: C3 4D 73 9B FB D5 F4 B2   0F 6A 9D 78 0C 69 2F D4  .Ms......j.x.i/.
0010: 01 8C 10 5C                                        ...\
Client write key:
0000: 94 4B 87 12 E0 22 1A 12   EF 1E B6 FC 92 34 9E 5A  .K...".......4.Z
Server write key:
0000: 52 6B E1 F0 75 7B A8 40   D1 05 8C 0A AB 45 09 39  Rk..u..@.....E.9
... no IV derived for this protocol
[write] MD5 and SHA1 hashes:  len = 81
0000: 02 00 00 4D 03 02 54 4B   97 10 18 C2 1D B8 11 BC  ...M..TK........
0010: B0 4A CA 86 4A E4 57 C7   7F 97 D7 47 30 F9 39 22  .J..J.W....G0.9"
0020: 68 FB 27 8A 42 6E 20 54   4B 96 FC 0D B8 56 E2 EE  h.'.Bn TK....V..
0030: 88 A6 05 ED 82 3E B2 C2   10 74 6C F0 68 4B 91 B3  .....>...tl.hK..
0040: 3D 8A FA 33 35 6F 88 C0   13 00 00 05 FF 01 00 01  =..35o..........
0050: 00                                                 .
Thread-2, WRITE: TLSv1.1 Handshake, length = 81
[Raw write]: length = 86
0000: 16 03 02 00 51 02 00 00   4D 03 02 54 4B 97 10 18  ....Q...M..TK...
0010: C2 1D B8 11 BC B0 4A CA   86 4A E4 57 C7 7F 97 D7  ......J..J.W....
0020: 47 30 F9 39 22 68 FB 27   8A 42 6E 20 54 4B 96 FC  G0.9"h.'.Bn TK..
0030: 0D B8 56 E2 EE 88 A6 05   ED 82 3E B2 C2 10 74 6C  ..V.......>...tl
0040: F0 68 4B 91 B3 3D 8A FA   33 35 6F 88 C0 13 00 00  .hK..=..35o.....
0050: 05 FF 01 00 01 00                                  ......
Thread-2, WRITE: TLSv1.1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 02 00 01 01                                  ......
*** Finished
verify_data:  { 57, 238, 77, 236, 77, 135, 122, 59, 25, 135, 211, 216 }
***
[write] MD5 and SHA1 hashes:  len = 16
0000: 14 00 00 0C 39 EE 4D EC   4D 87 7A 3B 19 87 D3 D8  ....9.M.M.z;....
Padded plaintext before ENCRYPTION:  len = 64
0000: 35 E9 9F 49 C4 FE BF AE   8B 55 4C 70 04 C5 C0 42  5..I.....ULp...B
0010: 14 00 00 0C 39 EE 4D EC   4D 87 7A 3B 19 87 D3 D8  ....9.M.M.z;....
0020: 28 85 41 30 DF F1 D2 42   74 EB 3E 82 1B 6D CC 4C  (.A0...Bt.>..m.L
0030: 4B 6E 80 4A 0B 0B 0B 0B   0B 0B 0B 0B 0B 0B 0B 0B  Kn.J............
Thread-2, WRITE: TLSv1.1 Handshake, length = 64
[Raw write]: length = 69
0000: 16 03 02 00 40 C9 9A 9A   D1 82 A2 AC 60 FA 4F 43  ....@.......`.OC
0010: DD 57 43 32 4A BF 92 8A   12 65 F0 16 CB 16 4F B5  .WC2J....e....O.
0020: 23 96 F2 48 C6 A9 4D 06   27 49 61 C5 53 80 77 D5  #..H..M.'Ia.S.w.
0030: 8A 1F B4 B6 DA 0C 25 E4   D8 DD A7 47 43 3D 0C 70  ......%....GC=.p
0040: B0 19 78 BA 73                                     ..x.s
[Raw read]: length = 5
0000: 14 03 02 00 01                                     .....
[Raw read]: length = 1
0000: 01                                                 .
Thread-2, READ: TLSv1.1 Change Cipher Spec, length = 1
[Raw read]: length = 5
0000: 16 03 02 00 40                                     ....@
[Raw read]: length = 64
0000: 72 4A F7 CA 9B A0 57 47   EB CE 9B DF D1 E4 2D A5  rJ....WG......-.
0010: 2F FE 67 96 4C 1A F6 56   D4 1F 1E 48 4F 64 86 4A  /.g.L..V...HOd.J
0020: 6A F7 BB 2F 87 C0 A3 CA   F0 39 C7 90 B2 E2 35 F4  j../.....9....5.
0030: 44 AE 64 D3 FF A8 C5 30   84 3A 0B 34 AE 84 F6 B9  D.d....0.:.4....
Thread-2, READ: TLSv1.1 Handshake, length = 64
Padded plaintext after DECRYPTION:  len = 64
0000: D2 BC DF 8A 80 40 10 DE   90 A1 D5 8A E0 B8 04 F9  .....@..........
0010: 14 00 00 0C 66 BD BC 35   7E 3D 7A 93 03 0B B6 64  ....f..5.=z....d
0020: B1 55 14 B8 5B 29 80 B4   0D 8F BE 97 39 79 86 B4  .U..[)......9y..
0030: 99 6E 5F E9 0B 0B 0B 0B   0B 0B 0B 0B 0B 0B 0B 0B  .n_.............
*** Finished
verify_data:  { 102, 189, 188, 53, 126, 61, 122, 147, 3, 11, 182, 100 }
***
[read] MD5 and SHA1 hashes:  len = 16
0000: 14 00 00 0C 66 BD BC 35   7E 3D 7A 93 03 0B B6 64  ....f..5.=z....d
Padded plaintext before ENCRYPTION:  len = 96
0000: 4B C0 CC 7C AA 1F 07 E5   55 CF 3E D9 5C F3 29 29  K.......U.>.\.))
0010: 47 45 54 20 2F 72 65 73   74 2F 77 68 6F 61 6D 69  GET /rest/whoami
0020: 20 48 54 54 50 2F 31 2E   31 0D 0A 48 6F 73 74 3A   HTTP/1.1..Host:
0030: 20 6E 75 6C 6C 3A 38 30   0D 0A 0D 0A 82 83 A4 49   null:80.......I
0040: 06 82 C4 7B 0C 30 66 1F   59 1A 55 E8 25 2A 1F 5C  .....0f.Y.U.%*.\
0050: 0F 0F 0F 0F 0F 0F 0F 0F   0F 0F 0F 0F 0F 0F 0F 0F  ................
Thread-2, WRITE: TLSv1.1 Application Data, length = 96
[Raw write]: length = 101
0000: 17 03 02 00 60 94 99 04   5E DD 65 08 26 C1 E9 EF  ....`...^.e.&...
0010: 04 A6 9A 75 4D 1E 29 25   3B E2 6D 2B 7D 97 43 A2  ...uM.)%;.m+..C.
0020: BB 13 CA 05 92 9D 5A 8F   1C B5 DE FF 06 BE AA D7  ......Z.........
0030: 87 D8 8A DF B2 1D A4 D8   17 34 82 66 2A 45 44 19  .........4.f*ED.
0040: A1 14 86 43 E9 79 0B EB   1E 4F 76 DD FD 8F 8E E7  ...C.y...Ov.....
0050: 9D 63 A7 85 B4 BC BB 6D   B7 B1 A2 6B C9 85 18 D5  .c.....m...k....
0060: 52 B4 B6 6F 37                                     R..o7
Sent Request: GET /rest/whoami HTTP/1.1
Host: null:80

Response is null, returning
Thread-2, called close()
Thread-2, called closeInternal(true)
Thread-2, SEND TLSv1.1 ALERT:  warning, description = close_notify
Padded plaintext before ENCRYPTION:  len = 48
0000: 65 95 C1 4A D3 F0 60 38   39 3E 42 88 E0 BB AC 89  e..J..`89>B.....
0010: 01 00 FF 2D FE 2D B1 0A   24 17 19 6A 1A CD FB 54  ...-.-..$..j...T
0020: 0E CA C6 C1 BF A8 09 09   09 09 09 09 09 09 09 09  ................
Thread-2, WRITE: TLSv1.1 Alert, length = 48
[Raw write]: length = 53
0000: 15 03 02 00 30 8B DC 0A   C6 99 93 A4 22 D0 A4 3E  ....0......."..>
0010: AE 6E 0D B1 33 AF 2E 1D   FB 48 52 5E 97 16 DD 1E  .n..3....HR^....
0020: 43 79 53 1F 87 FE AC 23   FE 2B E6 85 EC F3 03 B7  CyS....#.+......
0030: 02 07 65 6A 00                                     ..ej.
Thread-2, called closeSocket(selfInitiated)

我写了一个客户端,它最终从服务器获得请求。但是当客户端将响应发送回服务器时。服务器套接字已经关闭。我还看到,由于我们使用 TLS,客户端发送了两条服务器无法解密的应用程序消息,服务器发送了 ALert 21 并断开了连接。

客户端如下:

公共静态无效主要(字符串[]参数){

 try {

     SSLSocketFactory socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
     SSLSocket socket = (SSLSocket) 
     socketFactory.createSocket(new Socket("IP",443), "IP", 443, false);
     socket.startHandshake();
     socket.setKeepAlive(true);
     socket.setSoTimeout(0);
     BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
     System.out.println(in.readLine());
     BufferedWriter out = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
     out.write("I got the rest call whoami");
     out.flush();

} catch (UnknownHostException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (IOException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}

}

4

2 回答 2

0

从您的调试输出中:

....
Sent Request: GET /rest/whoami HTTP/1.1
Host: null:80

Response is null, returning
Thread-2, called close()
Thread-2, called closeInternal(true)
Thread-2, SEND TLSv1.1 ALERT:  warning, description = close_notify

这意味着服务器成功解密了来自客户端的请求。但看起来您的服务器不喜欢该请求,因此它不会创建任何响应并且连接会关闭而不会发回任何数据。警报无需担心,这close_notify只是 SSL 连接正常关闭的一部分。

因为您没有发布任何在服务器端实现应用程序逻辑的代码(即 HTTP 协议部分),所以我不知道服务器不喜欢客户端请求中的哪些内容。

我写了一个客户端,它最终从服务器获得请求。但是当客户端将响应发送回服务器时。服务器套接字已经关闭。

我想你在这里有点困惑。客户端(浏览器)向服务器(您已经实现)发送一个(HTTP)请求,然后服务器必须解析该请求,然后将一个(HTTP)响应发送回客户端,而不是像您那样反过来形容它。

于 2014-10-26T09:57:44.250 回答
0

也许为时已晚。但是我查阅了您的帖子,并获得了成功。所以,我想我应该把我的代码给她,如果它可以帮助你。

首先,我使用 Java 工具 keygen (ignore *) 创建了一个 KeyStore: keytool -genkey -alias key_name -keyalg RSA -keypass key_password -storepass keystore_password -keystore keystore_path(.jks)

然后我用:

    try {
        Properties properties = new Properties();
        Class clase = this.getClass();        
        InputStream inputstream = clase.getResourceAsStream("/recursos/0.0.properties");
        properties.load(inputstream);
            System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
            javax_net_debug = properties.getProperty("javax_net_debug");
            if (javax_net_debug == null || javax_net_debug.isEmpty()) {
                javax_net_debug = System.getProperty("javax.net.debug");
            }
            if (javax_net_debug != null) {
                System.setProperty("javax.net.debug", javax_net_debug);
            }

            javax_net_ssl_keyStore = properties.getProperty("javax_net_ssl_keyStore");
            File file = new File (javax_net_ssl_keyStore);
            if (file.isAbsolute() == false) {
                URL url = clase.getResource("/");
                javax_net_ssl_keyStore = url.getPath() + javax_net_ssl_keyStore;
            }
            javax_net_ssl_keyStorePassword = properties.getProperty("javax_net_ssl_keyStorePassword");
            javax_net_ssl_keyStorePassword = decodificar(javax_net_ssl_keyStorePassword);
            if (javax_net_ssl_keyStore == null || javax_net_ssl_keyStore.isEmpty()) {
                javax_net_ssl_keyStore = System.getProperty("javax.net.ssl.keyStore");
            }
            if (javax_net_ssl_keyStorePassword == null || javax_net_ssl_keyStorePassword.isEmpty()) {
                javax_net_ssl_keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
            }
            if (javax_net_ssl_keyStore != null) {
                System.setProperty("javax.net.ssl.keyStore", javax_net_ssl_keyStore);
            }
            if (javax_net_ssl_keyStorePassword != null) {
                System.setProperty("javax.net.ssl.keyStorePassword", javax_net_ssl_keyStorePassword);
            }
    } catch (Exception e) {
        String mensaje = e.getMessage();
        if (mensaje == null) {
            mensaje = "";
        }
        error[0] = "Error configuring SSL. " + mensaje;
        ret = false;
    }

之后,我创建了 SSLServerSocket:

    try {
        SSLServerSocketFactory ssl_server_socket_factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
        SSLServerSocket sslserversocket = (SSLServerSocket) ssl_server_socket_factory.createServerSocket();
        String[] protocols = sslserversocket.getSupportedProtocols();
        String[] protocols_enabled = sslserversocket.getEnabledProtocols();
        sslserversocket.setEnabledProtocols(protocols);
        String[] suites = sslserversocket.getSupportedCipherSuites();
        String[] suites_default = ssl_server_socket_factory.getDefaultCipherSuites();
        sslserversocket.setEnabledCipherSuites(suites);
        sslserversocket.setReuseAddress(true);
        InetSocketAddress socketaddress = new InetSocketAddress (puerto);
        sslserversocket.bind(socketaddress);
        serversocket = sslserversocket;
    } catch (Exception e) {
        String mensaje = e.getMessage ();
        if (mensaje == null) {
            mensaje = "";
        }
        error [0] = "Error in SSLServerSocket. " + mensaje;
        ret = false;
    }

最后,我必须仔细检查来自套接字的数据输入:

        SSLServerSocket sslserversocket = (SSLServerSocket) serversocket;
        SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
        Thread thread_socket = new Thread () {
            @Override
            public void run () {
                try {
                    boolean ret = true;
                    String [] error = { "" };
                    InputStream inputstream = null;
                    InputStreamReader inputstreamreader = null;
                    OutputStream outputstream = null;
                    inputstream = socket.getInputStream();
                    inputstreamreader = new InputStreamReader (inputstream);
                    outputstream = socket.getOutputStream();
                    int tam_buffer = socket.getReceiveBufferSize();
                    char [] texto = new char [tam_buffer];
                    String lectura = "";
                    int tam = 0;
                    while (true) {
                        tam = inputstreamreader.read(texto);
                        if (tam >= 0) {
                            lectura = lectura + new String(texto,0, tam);
                        } else {
                            break;
                        }
                        if (inputstream.available() <= 0) {
                            break;
                        }
                     }
                     if (lectura.isEmpty() == false) {
                        Map <String, String> parametros_mapa = new HashMap ();
                        ret = procesar_input(lectura, outputstream, parametros_mapa, error);
                     }
                     inputstream.close();
                     outputstream.close();
                     socket.close();
                 } catch (Exception e) {
                     String mensaje = e.getMessage ();
                     if (mensaje == null) {
                        mensaje = "";
                     }
                     error [0] = "Connection ended. " + mensaje;
                 }
             }
         };
         thread_socket.start ();
     }
 } catch (Exception e) {
     String mensaje = e.getMessage ();
     if (mensaje == null) {
        mensaje = "";
     }
     error [0] = "Servidor finished. " + mensaje;
 }
 try {
     if (getServersocket() != null) {
        getServersocket().close();
     }
 } catch (Exception e) {
     String mensaje = e.getMessage ();
     if (mensaje == null) {
        mensaje = "";
     }
     error [0] = "Error closing ServerSocket. " + mensaje;
 }

}

于 2017-05-23T14:07:14.067 回答