我在 JDK7 https tls connect 上遇到了这个问题,我尝试替换 security jar(UnlimitedJCEPolicyJDK7)。但不行。
我尝试了很多 SSLcontext SSLContext ctx = SSLContext.getInstance("TLS"); // 我试过 TLSv1、TLSv1.2、TLSv1.0、SSL都不能工作。
还有一些 System.setProperties、TLSv1、TLSv1.2,仍然无法正常工作
我的 JDK 版本是 1.7.085,由于某些原因,我们无法升级到最新或更高版本。 顺便说一句,我尝试运行用户 JDK8,它的工作,尝试在 Windows 服务器上运行,jdk1.7-085,工作!但在 Linux(CentOS7)上,无法工作。这是代码:
public static String post(String url, String json) {
HttpClient client = new DefaultHttpClient();
client = WebClientDevWrapper.wrapClient(client);
HttpPost post = new HttpPost(url);
// JSONObject response = null;
try {
// StringEntity s = new StringEntity(json);
// s.setContentEncoding("UTF-8");
// s.setContentType("application/json");
// post.setEntity(s);
Long startTime = System.currentTimeMillis();
HttpResponse res = client.execute(post);
System.out.println(System.currentTimeMillis() - startTime);
if (res.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
HttpEntity entity = res.getEntity();
String charset = EntityUtils.getContentCharSet(entity);
if(charset == null){
charset = "utf-8";
}
return entity.toString();
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return null;
}
public static class WebClientDevWrapper {
public static HttpClient wrapClient(HttpClient base) {
try {
SSLContext ctx = SSLContext.getInstance("TLS"); // i tried TLSv1,TLSv1.2, TLSv1.0, SSL all of them cannot work
X509TrustManager tm = new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException {
}
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
return new DefaultHttpClient(ccm, base.getParams());
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
}
这是日志:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3
Valid from Sun Nov 04 16:00:00 PST 2007 until Mon Jan 18 15:59:59 PST 2038
adding as trusted cert:
Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Algorithm: EC; Serial number: 0x5c8b99c55a94c5d27156decd8980cc26
Valid from Sun Jan 31 16:00:00 PST 2010 until Mon Jan 18 15:59:59 PST 2038
adding as trusted cert:
Subject: CN=Amazon Root CA 4, O=Amazon, C=US
Issuer: CN=Amazon Root CA 4, O=Amazon, C=US
Algorithm: EC; Serial number: 0x66c9fd7c1bb104c2943e5717b7b2cc81ac10e
Valid from Mon May 25 17:00:00 PDT 2015 until Fri May 25 17:00:00 PDT 2040
adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x1d
Valid from Fri Apr 06 00:29:40 PDT 2001 until Tue Apr 06 00:29:40 PDT 2021
adding as trusted cert:
Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
Valid from Thu Jan 12 06:38:43 PST 2006 until Wed Dec 31 14:59:59 PST 2025
adding as trusted cert:
Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: EC; Serial number: 0x1f47afaa62007050544c019e9b63992a
Valid from Wed Mar 05 16:00:00 PST 2008 until Mon Jan 18 15:59:59 PST 2038
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
EJB default - 3, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1589873969 bytes = { 222, 24, 98, 24, 65, 188, 120, 218, 192, 185, 167, 79, 96, 88, 137, 120, 155, 15, 245, 65, 248, 172, 68, 134, 134, 219, 224, 102 }
Session ID: {}
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
EJB default - 3, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1589873969 bytes = { 222, 24, 98, 24, 65, 188, 120, 218, 192, 185, 167, 79, 96, 88, 137, 120, 155, 15, 245, 65, 248, 172, 68, 134, 134, 219, 224, 102 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 61
0000: 01 00 00 39 03 01 5F C4 8D 31 DE 18 62 18 41 BC ...9.._..1..b.A.
0010: 78 DA C0 B9 A7 4F 60 58 89 78 9B 0F F5 41 F8 AC x....O`X.x...A..
0020: 44 86 86 DB E0 66 00 00 12 00 2F 00 33 00 32 00 D....f..../.3.2.
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
EJB default - 3, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
***** ClientHello, TLSv1**
RandomCookie: GMT: 1589873969 bytes = { 222, 24, 98, 24, 65, 188, 120, 218, 192, 185, 167, 79, 96, 88, 137, 120, 155, 15, 245, 65, 248, 172, 68, 134, 134, 219, 224, 102 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 61
0000: 01 00 00 39 03 01 5F C4 8D 31 DE 18 62 18 41 BC ...9.._..1..b.A.
0010: 78 DA C0 B9 A7 4F 60 58 89 78 9B 0F F5 41 F8 AC x....O`X.x...A..
0020: 44 86 86 DB E0 66 00 00 12 00 2F 00 33 00 32 00 D....f..../.3.2.
0030: 0A 00 16 00 13 00 05 00 04 00 FF 01 00 .............
EJB default - 3, WRITE: TLSv1 Handshake, length = 61
[Raw write]: length = 66
0000: 16 03 01 00 3D 01 00 00 39 03 01 5F C4 8D 31 DE ....=...9.._..1.
0010: 18 62 18 41 BC 78 DA C0 B9 A7 4F 60 58 89 78 9B .b.A.x....O`X.x.
0020: 0F F5 41 F8 AC 44 86 86 DB E0 66 00 00 12 00 2F ..A..D....f..../
0030: 00 33 00 32 00 0A 00 16 00 13 00 05 00 04 00 FF .3.2............
0040: 01 00 ..
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
**EJB default - 3, READ: TLSv1 Alert, length = 2
EJB default - 3, RECV TLSv1 ALERT: fatal, handshake_failure**
EJB default - 3, called closeSocket()
EJB default - 3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
EJB default - 3, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
EJB default - 3, called close()
EJB default - 3, called closeInternal(true)
EJB default - 3, called close()
EJB default - 3, called closeInternal(true)
java.lang.RuntimeException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.synnex.snif.util.HttpRequest.post(HttpRequest.java:201)
at com.synnex.snif.xxxx.ClientCustomSSL.httpGet(ClientCustomSSL.java:372)
at com.synnex.snif.xxxx.ClientCustomSSL.processExecute(ClientCustomSSL.java:232)
at com.synnex.snif.xxxx.ClientCustomSSL.process(ClientCustomSSL.java:190)
at com.synnex.snif.xxxx.SNIFJboss6Timer.perform(SNIFJboss6Timer.java:31)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:56)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:56)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
at org.jboss.as.ejb3.concurrency.ContainerManagedConcurrencyInterceptor.processInvocation(ContainerManagedConcurrencyInterceptor.java:104)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:52)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:272)
at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:339)
at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:238)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at org.jboss.as.ejb3.timerservice.TimedObjectInvokerImpl.callTimeout(TimedObjectInvokerImpl.java:101)
at org.jboss.as.ejb3.timerservice.task.CalendarTimerTask.callTimeout(CalendarTimerTask.java:60)
at org.jboss.as.ejb3.timerservice.task.TimerTask.run(TimerTask.java:132)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
at org.jboss.threads.JBossThread.run(JBossThread.java:122)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:641)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at com.synnex.snif.util.HttpRequest.post(HttpRequest.java:190)
... 52 more