javax.net.ssl.SSLException:收到致命警报:bad_record_mac
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22318729/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
提问by Amith
I'm getting a "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac" for an https connection. This doesn't happen for every request -- if I send the same request in 10 times I only get this error once or twice.
我收到一个 https 连接的“javax.net.ssl.SSLException:收到致命警报:bad_record_mac”。并非每个请求都会发生这种情况——如果我发送相同的请求 10 次,我只会收到一两次此错误。
I have the following code to validate the certificate:
我有以下代码来验证证书:
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
try {
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance("SSLv3");
} catch (NoSuchAlgorithmException e3) {
logException(Arrays.toString(e3.getStackTrace()));
}
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
SSLSocketFactory factory = sslContext.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(factory);
} catch (KeyManagementException e) {
logException(Arrays.toString(e.getStackTrace()));
}
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
/*
* end of the fix
*/
I've set two system properties in my main method:
我在主方法中设置了两个系统属性:
System.setProperty("jsse.enableSNIExtension", "false");
System.setProperty("https.protocols", "SSLv3");
But nothing helps.
但没有任何帮助。
please help!
请帮忙!
Thank you.
谢谢你。
回答by Old Pro
According to this rubygems issueand the detailed description of the error (see below), it appears to be a bug in Oracle's JDK that is not present in OpenJDK. I recall (but cannot verify) that there was a bug in OpenSSL that also caused this error, so you may want to check the software on the other side of the connection.
根据这个 rubygems 问题和错误的详细描述(见下文),它似乎是 Oracle JDK 中的一个错误,而 OpenJDK 中不存在。我记得(但无法验证)OpenSSL 中存在一个也导致此错误的错误,因此您可能需要检查连接另一端的软件。
You can read more details about what this error means here.
您可以在此处阅读有关此错误含义的更多详细信息。
回答by swist
It is a hard to say what causing this. You need to find out by analyzing the logs, set the
很难说是什么导致了这种情况。你需要通过分析日志找出来,设置
System.setProperty("javax.net.debug", "all");
and check what is wrong.
并检查出了什么问题。
A problem may be that server is not supporting TLS, which may be picked by implementation. To make sure that you always use the plain SSLv3 by setting the property:
一个问题可能是服务器不支持 TLS,这可能是由实现选择的。通过设置属性来确保您始终使用纯 SSLv3:
System.setProperty("https.protocols", "SSLv3");
Another cause may be the poor network, causing that occasionally some packets are broken but still have the correct checksum. In that case you may only retry the request.
另一个原因可能是网络不好,导致偶尔有一些数据包被破坏,但仍然有正确的校验和。在这种情况下,您只能重试请求。
回答by Alex
Try set com.sun.net.ssl.rsaPreMasterSecretFix to true
尝试将 com.sun.net.ssl.rsaPreMasterSecretFix 设置为 true
