1

我正在努力在 java 服务器和 tls 客户端之间建立一个安全的通信通道。握手期间,一切顺利,客户端 Hello 和服务器 Hello 消息正确。此外,它们都为参与的会话生成相同的主密钥。但是在握手的真正结束时,服务器会抛出一个异常,告诉“密文完整性检查失败”。

客户端跟踪

0050 - 34 68 ed 2f 6e                                    4h./n

>>> TLS 1.2 ChangeCipherSpec [length 0001]
    01
write to 0x1878b98 [0x18891f0] (6 bytes => 6 (0x6))
0000 - 14 03 03 00 01 01                                 ......
>>> TLS 1.2 Handshake [length 0010], Finished
    14 00 00 0c 14 54 0c 4d c0 22 62 90 c2 92 a1 d1
write to 0x1878b98 [0x18891f0] (45 bytes => 45 (0x2D))
0000 - 16 03 03 00 28 b7 76 bd-36 cd cd eb 8d 9f 34 46   ....(.v.6.....4F
0010 - 25 f7 61 cc cd a3 8e af-6d da 14 60 3c 0f 50 21   %.a.....m..`<.P!
0020 - f4 cc 7a a4 af cf 75 d8-48 54 ee b9 44            ..z...u.HT..D
read from 0x1878b98 [0x187f7e3] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 02                                    .....
read from 0x1878b98 [0x187f7e8] (2 bytes => 2 (0x2))
0000 - 02 28                                             .(
<<< TLS 1.2 Alert [length 0002], fatal handshake_failure
    02 28

服务器端:

[Raw read]: length = 5

0000: 14 03 03 00 01                                     ..... 
[Raw read]: length = 1
0000: 01                                                 .
Thread-0, READ: TLSv1.2 Change Cipher Spec, length = 1
[Raw read]: length = 5
0000: 16 03 03 00 28                                     ....(
[Raw read]: length = 40
0000: B7 76 BD 36 CD CD EB 8D   9F 34 46 25 F7 61 CC CD  .v.6.....4F%.a..
0010: A3 8E AF 6D DA 14 60 3C   0F 50 21 F4 CC 7A A4 AF  ...m..`<.P!..z..
0020: CF 75 D8 48 54 EE B9 44                            .u.HT..D
Thread-0, READ: TLSv1.2 Handshake, length = 40
%% Invalidated:  [Session-1, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
Thread-0, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
Thread-0, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 28                               ......(
Thread-0, called closeSocket()
Thread-0, handling exception: javax.net.ssl.SSLHandshakeException: ciphertext sanity check failed

我无法理解的是为什么服务器在成功解密从客户端发送的 ChangeCipherSpec 消息时会启动这样的异常?这种异常的原因可能是什么?

注意:我已经检查过了,他们都派生了相同的主密钥,这里是:

服务器端

CONNECTION KEYGEN:
Client Nonce:
0000: 48 B2 6C 02 B1 40 0B D9   6E 14 EB 7A 93 7D 2F 07  H.l..@..n..z../.
0010: 90 CF 1E 5D 65 8A 66 89   54 D4 60 50 BD AC AB 34  ...]e.f.T.`P...4
Server Nonce:
0000: 54 FD 9A E3 BB D4 15 61   A6 0C D3 30 FA 07 0A 16  T......a...0....
0010: 79 A8 79 0B 0A 81 00 95   9C CA C0 7A F1 FF 37 E7  y.y........z..7.
Master Secret:
0000: 39 5B EB 11 66 09 25 B5   6D E4 C7 86 E4 3E 10 BB  9[..f.%.m....>..
0010: B4 F0 D9 B7 BD 7D 8F AD   58 38 31 42 B6 90 53 AD  ........X81B..S.
0020: 54 46 36 DC F5 75 8A 9D   77 58 D5 24 6C 96 90 02  TF6..u..wX.$l...

客户端

SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-ECDSA-AES128-GCM-SHA256
    Session-ID: 54FD9AE3A3B3BF807F408FA830641F850702E986C27FC631AF8E8E3097038166
    Session-ID-ctx: 
    Master-Key: 395BEB11660925B56DE4C786E43E10BBB4F0D9B7BD7D8FAD58383142B69053AD544636DCF5758A9D7758D5246C969002
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)

提前感谢你们。

4

0 回答 0