使用 TooTallNate 的 Websockets 库来实现 websocket 服务器,效果很好。现在我需要安全地实现 Websockets。我在 示例中创建了密钥库并实现了 WSS 服务器。像这样创建密钥库:
keytool -genkey -validity 3650 -keystore "keystore.jks" -storepass "storepassword" -keypass "keypassword" -alias "default" -dname "CN=127.0.0.1, OU=MyOrgUnit, O=MyOrg, L=MyCity, S=MyRegion, C=MyCountry"
(也尝试使用-keyalg RSA
参数创建密钥库)
现在,当我尝试将服务器与我的 JS 客户端连接时,成功的连接尝试仅占所有尝试的 10%。在其余 90% 的情况下,Chrome 控制台会TIMEOUT
显示 WSS 连接。尝试使用 OpenSSL 连接服务器,WSS 服务器在服务器启动后仅提供一次证书。
-Djavax.net.debug=all
从带有VM 参数的控制台:
`Using SSLEngineImpl. Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 [Raw read]: length = 5 0000: 16 03 01 00 94 ..... [Raw read]: length = 148 0000: 01 00 00 90 03 03 3F 41 BA 59 AE 98 8B 40 F0 09 ......?A.Y...@.. 0010: 7A 19 E8 A1 69 69 A2 74 40 14 32 72 D3 D7 2F D4 z...ii.t@.2r../. 0020: A3 6B 7C 3C 73 57 00 00 16 C0 2B C0 2F C0 0A C0 .k.<sW....+./... 0030: 09 C0 13 C0 14 00 33 00 39 00 2F 00 35 00 0A 01 ......3.9./.5... 0040: 00 00 51 FF 01 00 01 00 00 0A 00 08 00 06 00 17 ..Q............. 0050: 00 18 00 19 00 0B 00 02 01 00 00 23 00 00 33 74 ...........#..3t 0060: 00 00 00 10 00 0B 00 09 08 68 74 74 70 2F 31 2E .........http/1. 0070: 31 00 05 00 05 01 00 00 00 00 00 0D 00 16 00 14 1............... 0080: 04 01 05 01 06 01 02 01 04 03 05 03 06 03 02 03 ................ 0090: 04 02 02 02 .... WebsocketSelector35, READ: TLSv1 Handshake, length = 148`
在我看来,这是我这边的一些愚蠢的错误配置,但我不知道它可能在哪里。你能给我一个建议如何解决它吗?