情况如下: SSLServerSocket超时设置为 10 秒。一切都按预期工作,但是如果客户端试图建立 TLS 连接并在协商过程中“挂起” - 套接字将永远等待,忽略 10 秒超时......并且连接仅由客户端终止。这是一些黑客活动或某种其他活动。这是 Java 安全套接字漏洞吗?
活动日志:
SMTP PID=184 Date=2019-08-26,07:32:45 DEBUG: new connection from host [66.45.239.113] to port 465 (United States)
javax.net.ssl|DEBUG|CE|Thread-191|2019-08-26 07:32:45.547 EEST|HandshakeContext.java:296|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLS13
javax.net.ssl|DEBUG|CE|Thread-191|2019-08-26 07:32:45.548 EEST|HandshakeContext.java:296|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS13
javax.net.ssl|DEBUG|CE|Thread-191|2019-08-26 07:32:45.548 EEST|HandshakeContext.java:296|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLS13
javax.net.ssl|DEBUG|CE|Thread-191|2019-08-26 07:32:45.548 EEST|HandshakeContext.java:296|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLS13
javax.net.ssl|DEBUG|CE|Thread-191|2019-08-26 07:32:45.548 EEST|HandshakeContext.java:296|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLS13
javax.net.ssl|DEBUG|CE|Thread-191|2019-08-26 07:35:03.253 EEST|SSLSocketInputRecord.java:458|Raw read (
0000: 80 4C 01 03 01 .L...
)
javax.net.ssl|ERROR|CE|Thread-191|2019-08-26 07:35:03.254 EEST|TransportContext.java:312|Fatal (HANDSHAKE_FAILURE): SSLv2Hello is not enabled (
"throwable" : {
javax.net.ssl.SSLHandshakeException: SSLv2Hello is not enabled
at java.base/sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:366)
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:184)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1180)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1091)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:721)
at java.base/sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:331)
at com.xsistema.xmailserver.mail.smtp.session.SMTPConnection.getTLSVersion(SMTPConnection.java:141)
at com.xsistema.xmailserver.mail.smtp.session.SMTPConnection.run(SMTPConnection.java:240)}
)
javax.net.ssl|DEBUG|CE|Thread-191|2019-08-26 07:35:03.254 EEST|SSLSocketOutputRecord.java:71|WRITE: TLS13 alert(handshake_failure), length = 2
javax.net.ssl|DEBUG|CE|Thread-191|2019-08-26 07:35:03.254 EEST|SSLSocketOutputRecord.java:85|Raw write (
0000: 15 03 03 00 02 02 28 ......(
)
javax.net.ssl|DEBUG|CE|Thread-191|2019-08-26 07:35:03.254 EEST|SSLSocketImpl.java:1389|close the underlying socket
javax.net.ssl|DEBUG|CE|Thread-191|2019-08-26 07:35:03.254 EEST|SSLSocketImpl.java:1408|close the SSL connection (initiative)
javax.net.ssl|ERROR|CE|Thread-191|2019-08-26 07:35:03.254 EEST|SSLSocketImpl.java:334|handshake failed (
"throwable" : {
javax.net.ssl.SSLHandshakeException: SSLv2Hello is not enabled
at java.base/sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:366)
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:184)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1180)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1091)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:721)
at java.base/sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:331)
at com.xsistema.xmailserver.mail.smtp.session.SMTPConnection.getTLSVersion(SMTPConnection.java:141)
at com.xsistema.xmailserver.mail.smtp.session.SMTPConnection.run(SMTPConnection.java:240)}
)
SMTP PID=184 Date=2019-08-26,07:35:03 DEBUG: SSL socket cipher suite: NONE:SSL-NULL-WITH-NULL-NULL
SMTP PID=184 Date=2019-08-26,07:35:03 DEBUG: connection from remote host [66.45.239.113] was closed and removed. Current active or waiting connections: 3
客户端在07:32:45连接,并且仅在07:35:03超过 2 分钟后才发送一些字节。所以在这种情况下,它可以在一小时或更长时间后发送第一个字节,并且连接将被打开。如果它发送 1000 个请求并等待 - 1000 个连接将永远打开?也许解决方案是在阅读之前测量时间InputStream?