0

我有一个 Web 应用程序(spring-boot,tomcat),它可以通过 https 正常工作和访问,但前提是客户端不在沃达丰的移动网络中并使用 chrome 浏览。如果是这样,当导航到页面时,chrome 会超时并且根本无法访问该网站,而另一个浏览器访问该网站没有问题。

一些有趣的事实可能是: - 我更新到 java11,使用采用openjdk v11.0.3(可能与 tls 1.3 相关的一些问题?) - 在更新之前它可能适用于移动网络/浏览器的所有组合 - ssl 握手失败,一些附加了有时(并非总是)出现在日志中的异常。- 仅在通过沃达丰移动网络中的 chrome 浏览时发生,即使在该设备上创建热点并通过该热点与另一台设备冲浪也将不起作用 - 证书链不完整,在https://www.ssllabs下运行测试.com获得 B 级。

有没有人也有类似的问题?任何想法这里出了什么问题?非常感谢任何帮助。

通过其 ip 直接浏览该站点也无济于事。

java.util.NoSuchElementException: No value present
    at java.base/java.util.Optional.get(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ServerHello$T13ServerHelloProducer.produce(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLHandshake.produce(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
    at java.base/java.security.AccessController.doPrivileged(Native Method) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source) ~[na:na]
    at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:423) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:483) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1724) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) ~[na:na]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at java.base/java.lang.Thread.run(Unknown Source) ~[na:na]

java.nio.BufferUnderflowException: null
    at java.base/java.nio.Buffer.nextGetIndex(Unknown Source) ~[na:na]
    at java.base/java.nio.HeapByteBuffer.get(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$ClientHelloMessage.<init>(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
    at java.base/java.security.AccessController.doPrivileged(Native Method) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source) ~[na:na]
    at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:423) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:483) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1724) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) ~[na:na]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at java.base/java.lang.Thread.run(Unknown Source) ~[na:na]

此外,日志中的另一个警告是关于:

The ClientHello was not presented in a single TLS record so no SNI information could be extracted
4

2 回答 2

0

看起来 ClientHello 握手消息被分成多个记录。请附上失败连接的调试日志(使用系统属性“javax.net.debug=all”)?

于 2019-07-10T13:29:22.700 回答
0

事实证明,它是提供者 (vodafone) + tls 1.3 + java 11 的组合。在更改配置并再次使用 tls 1.2 后,它又可以工作了。这根本不是解决办法,但让我们有更多时间调查确切原因

于 2019-07-25T16:37:47.410 回答