我正在努力在 java 服务器和 tls 客户端之间建立一个安全的通信通道。握手期间,一切顺利,客户端 Hello 和服务器 Hello 消息正确。此外,它们都为参与的会话生成相同的主密钥。但是在握手的真正结束时,服务器会抛出一个异常,告诉“密文完整性检查失败”。
客户端跟踪
0050 - 34 68 ed 2f 6e 4h./n
>>> TLS 1.2 ChangeCipherSpec [length 0001]
01
write to 0x1878b98 [0x18891f0] (6 bytes => 6 (0x6))
0000 - 14 03 03 00 01 01 ......
>>> TLS 1.2 Handshake [length 0010], Finished
14 00 00 0c 14 54 0c 4d c0 22 62 90 c2 92 a1 d1
write to 0x1878b98 [0x18891f0] (45 bytes => 45 (0x2D))
0000 - 16 03 03 00 28 b7 76 bd-36 cd cd eb 8d 9f 34 46 ....(.v.6.....4F
0010 - 25 f7 61 cc cd a3 8e af-6d da 14 60 3c 0f 50 21 %.a.....m..`<.P!
0020 - f4 cc 7a a4 af cf 75 d8-48 54 ee b9 44 ..z...u.HT..D
read from 0x1878b98 [0x187f7e3] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 02 .....
read from 0x1878b98 [0x187f7e8] (2 bytes => 2 (0x2))
0000 - 02 28 .(
<<< TLS 1.2 Alert [length 0002], fatal handshake_failure
02 28
服务器端:
[Raw read]: length = 5
0000: 14 03 03 00 01 .....
[Raw read]: length = 1
0000: 01 .
Thread-0, READ: TLSv1.2 Change Cipher Spec, length = 1
[Raw read]: length = 5
0000: 16 03 03 00 28 ....(
[Raw read]: length = 40
0000: B7 76 BD 36 CD CD EB 8D 9F 34 46 25 F7 61 CC CD .v.6.....4F%.a..
0010: A3 8E AF 6D DA 14 60 3C 0F 50 21 F4 CC 7A A4 AF ...m..`<.P!..z..
0020: CF 75 D8 48 54 EE B9 44 .u.HT..D
Thread-0, READ: TLSv1.2 Handshake, length = 40
%% Invalidated: [Session-1, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
Thread-0, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
Thread-0, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 28 ......(
Thread-0, called closeSocket()
Thread-0, handling exception: javax.net.ssl.SSLHandshakeException: ciphertext sanity check failed
我无法理解的是为什么服务器在成功解密从客户端发送的 ChangeCipherSpec 消息时会启动这样的异常?这种异常的原因可能是什么?
注意:我已经检查过了,他们都派生了相同的主密钥,这里是:
服务器端
CONNECTION KEYGEN:
Client Nonce:
0000: 48 B2 6C 02 B1 40 0B D9 6E 14 EB 7A 93 7D 2F 07 H.l..@..n..z../.
0010: 90 CF 1E 5D 65 8A 66 89 54 D4 60 50 BD AC AB 34 ...]e.f.T.`P...4
Server Nonce:
0000: 54 FD 9A E3 BB D4 15 61 A6 0C D3 30 FA 07 0A 16 T......a...0....
0010: 79 A8 79 0B 0A 81 00 95 9C CA C0 7A F1 FF 37 E7 y.y........z..7.
Master Secret:
0000: 39 5B EB 11 66 09 25 B5 6D E4 C7 86 E4 3E 10 BB 9[..f.%.m....>..
0010: B4 F0 D9 B7 BD 7D 8F AD 58 38 31 42 B6 90 53 AD ........X81B..S.
0020: 54 46 36 DC F5 75 8A 9D 77 58 D5 24 6C 96 90 02 TF6..u..wX.$l...
客户端
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Session-ID: 54FD9AE3A3B3BF807F408FA830641F850702E986C27FC631AF8E8E3097038166
Session-ID-ctx:
Master-Key: 395BEB11660925B56DE4C786E43E10BBB4F0D9B7BD7D8FAD58383142B69053AD544636DCF5758A9D7758D5246C969002
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
提前感谢你们。