Java SSL 致命错误 - 握手失败 (40)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31970283/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SSL FATAL ERROR - Handshake Failure (40)
提问by Loganathan Mohanraj
I am trying to access the web application hosted in our radius server and the Firefox browser throws this error code ssl_error_no_cypher_overlap. The following is the message displayed in the browser.
我正在尝试访问我们的 Radius 服务器中托管的 Web 应用程序,而 Firefox 浏览器抛出此错误代码ssl_error_no_cypher_overlap。以下是浏览器中显示的消息。
An error occurred during a connection to X.X.X.X. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)
连接到 XXXX 期间发生错误 无法与对等方安全通信:没有通用的加密算法。(错误代码:ssl_error_no_cypher_overlap)
After surfing the internet, I thought the cipher suites which are exchanged between the client and server caused the problem and tried capturing the packet. Surprisingly there is a common cipher between the client and server and the Server Hello is sent from the server as well.
上网后,我认为是客户端和服务器之间交换的密码套件导致了问题,并尝试捕获数据包。令人惊讶的是,客户端和服务器之间有一个共同的密码,并且服务器 Hello 也是从服务器发送的。
Client Hello Packet:
客户端问候包:
Server Hello Packet:
服务器问候包:
With in a few seconds, the server sends a fatal error says handshake failure (40).
几秒钟后,服务器发送一个致命错误,说握手失败 (40)。
Does anyone has faced this issue before and any idea what would have caused the problem?
有没有人以前遇到过这个问题,知道是什么导致了这个问题?
My server is Java 6 based, it uses the encryption algorithm DSA with SHA1 and I am using the latest Firefox 40.0.
我的服务器基于 Java 6,它使用带有 SHA1 的加密算法 DSA,我使用的是最新的 Firefox 40.0。
采纳答案by Loganathan Mohanraj
After surfing the internet for a long time, I came to know that the support for DSA encryption is disabled permanently by the latest browsers which caused the handshake failure (40).
上网很久,才知道最新的浏览器永久禁用了对DSA加密的支持,导致握手失败(40)。
There are several security enhancements done in Firefox in the recent days. Read more:
最近几天在 Firefox 中完成了几项安全增强。阅读更多:
https://hacks.mozilla.org/2015/04/trainspotting-firefox-37-developer-edition-and-more/
https://hacks.mozilla.org/2015/04/trainspotting-firefox-37-developer-edition-and-more/
The interesting thing that I am wondering here is, the cipher suites are exchanged between client and server successfully and after few seconds handshake failure is sent from server though there is no packet is exchanged from client.
我在这里想知道的有趣的事情是,密码套件在客户端和服务器之间成功交换,几秒钟后握手失败从服务器发送,尽管没有从客户端交换数据包。
Anyway, the handshake is happening properly with RSA encryption and I will mark my answer as correct till I get a best answer from someone.
无论如何,使用 RSA 加密握手正确发生,我会将我的答案标记为正确,直到我从某人那里得到最佳答案。
回答by Charley Cui
I met the same issue, describe the scenario as following:
我遇到了同样的问题,将场景描述如下:
SSL client only support TLSv1.0 with MD5/base SHA, while SSL server support TLSv1-TLSv1.2,
It looks goods, while the problem is server only select support SHA256ANDHIGHER, while the client does not support SHA256ANDHIGHERWhich log prints
看起来不错,问题是服务器只选择支持SHA256ANDHIGHER,而客户端不支持SHA256ANDHIGHER哪个日志打印
ACE_SSL (4694|4055886656) error code: 336151568 - error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
It confused me a lot before make it clear, after tcpdump from client side, Alert 21 and Handshke Failure (40) states all:
在澄清之前让我很困惑,在客户端 tcpdump 之后,Alert 21 和 Handshke Failure (40) 说明了所有:
Then I change the server to support SHA and MD5(lower version), it succeed !
然后我把服务器改成支持SHA和MD5(低版本),成功了!
Just for your reference
仅供参考
Thanks, Charley
谢谢,查理
