1

连接到 HTTPS 服务时出现异常。

我在多个论坛中进行了交叉检查,并了解到服务器中使用的算法与 Java1.8 的标准相比可能不太安全。

此外,通过在“Java\jdk1.8.0_51\jre\lib\security\java.security”文件中注释“jdk.certpath.disabledAlgorithms”属性,我们可以启用禁用的算法。但这并没有帮助,即使在将其注释掉后也会出现相同的错误。

其他分析点:

  • 更新了无限强度本地策略 jar 文件。
  • 能够使用来自同一台机器的独立程序连接到服务。
  • 即使启用了“jdk.certpath.disabledAlgorithms”属性,也能够从独立程序连接到服务。

我的代码使用自签名证书连接到 HTTPS 连接,该证书中的算法是否会覆盖默认的 java 属性?以下异常还有其他可能性吗?

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_51]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[na:1.8.0_51]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[na:1.8.0_51]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[na:1.8.0_51]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1497) ~[na:1.8.0_51]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) ~[na:1.8.0_51]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_51]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_51]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_51]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_51]
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747) ~[na:1.8.0_51]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) ~[na:1.8.0_51]
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) ~[na:1.8.0_51]
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:121) ~[na:1.8.0_51]
at org.apache.commons.httpclient.WireLogOutputStream.write(WireLogOutputStream.java:68) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.methods.multipart.FilePart.sendData(FilePart.java:223) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.methods.multipart.Part.send(Part.java:312) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.methods.multipart.Part.sendParts(Part.java:385) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity.writeRequest(MultipartRequestEntity.java:164) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) ~[commons-httpclient-3.1.jar:na]
4

1 回答 1

0

你的问题可能是

“我的代码使用自签名证书连接到 HTTPS 连接”

不要使用自签名证书,或者如果您必须使其在服务器和客户端上受信任。

于 2016-07-05T19:24:11.807 回答