Java 中的 SSL 对等方错误关闭
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28908835/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SSL peer shut down incorrectly in Java
提问by aneto
I need to make a request through a HTTPS protocol. I wrote the following code:
我需要通过 HTTPS 协议发出请求。我写了以下代码:
import java.net.HttpURLConnection;
import java.net.URL;
import org.junit.Test;
public class XMLHandlerTest {
private static final String URL = "https://ancine.band.com.br/xml/pgrt1_dta_20150303.xml";
@Test
public void testRetrieveSchedule() {
try {
HttpURLConnection connection = (HttpURLConnection) new URL(URL).openConnection();
connection.setRequestMethod("HEAD");
int responseCode = connection.getResponseCode();
System.out.println(responseCode);
} catch (Exception e) {
e.printStackTrace();
}
}
}
I got this exception stacktrace with a java.io.EOFException:
我用java.io.EOFException得到了这个异常堆栈跟踪:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at br.com.onebr.onesocial.arte1.service.core.scheduler.Arte1XMLHandlerTest.testRetrieveSchedule(Arte1XMLHandlerTest.java:16)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.junit.runners.model.FrameworkMethod.runReflectiveCall(FrameworkMethod.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.accessSystem.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");
0(ParentRunner.java:53)
at org.junit.runners.ParentRunner.evaluate(ParentRunner.java:229)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:675)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
... 32 more
I got successful response from https://google.combut this error from URL above (https://ancine.band.com.br/xml/pgrt1_dta_20150303.xml).
我从https://google.com得到了成功的响应,但从上面的 URL ( https://ancine.band.com.br/xml/pgrt1_dta_20150303.xml)得到了这个错误。
Using PHP, .NET and NodeJS that URL works fine.
使用 PHP、.NET 和 NodeJS,该 URL 工作正常。
Anyone has any idea why this happening?
任何人都知道为什么会发生这种情况?
采纳答案by aneto
That is a problem of security protocol. I am using TLSv1 but the host accept only TLSv1.1 and TLSv1.2 then I changed the protocol in Java with the instruction below:
那是安全协议的问题。我正在使用 TLSv1,但主机只接受 TLSv1.1 和 TLSv1.2,然后我使用以下说明更改了 Java 中的协议:
System.setProperty("https.protocols", "TLSv1.1");
System.setProperty("https.protocols", "TLSv1.1");
回答by D. Kovács
Apart from the accepted answer, other problems can cause the exception too. For me it was that the certificate was not trusted (i.e., self-signed cert and not in the trust store).
除了接受的答案外,其他问题也可能导致异常。对我来说,证书不受信任(即,自签名证书而不是在信任库中)。
If the certificate file does not exists, or could not be loaded (e.g., typo in path) can---in certain circumstances---cause the same exception.
如果证书文件不存在或无法加载(例如,路径中的拼写错误)可能会---在某些情况下---导致相同的异常。
回答by Serhii Maksymchuk
In my case there was just white space in URL. So check query string first!
就我而言,URL 中只有空格。所以首先检查查询字符串!
回答by Zigri2612
You can set protocol versions in system property as :
您可以在系统属性中将协议版本设置为:
overcome ssl handshake error
克服ssl握手错误
prop.put("mail.smtp.ssl.protocols", "TLSv1.2");
//And just in case probably you need to set these too
prop.put("mail.smtp.starttls.enable", true);
prop.put("mail.smtp.ssl.trust", {YOURSERVERNAME});
回答by Ali
I was facing same issue, for me adding certificate to trust store solved this issue.
我遇到了同样的问题,因为我将证书添加到信任存储解决了这个问题。
回答by Dylan
I had a similar issue that was resolved by unchecking the option in java advanced security for "Use SSL 2.0 compatible ClientHello format.
我有一个类似的问题,通过取消选中 Java 高级安全性中的“使用 SSL 2.0 兼容的 ClientHello 格式”选项解决了这个问题。
回答by jolumg
This error is generic of the security libraries and might happen in other cases. In case other people have this same error when sending emails with javax.mail to a smtp server. Then the code to force other protocol is setting a property like this:
此错误是安全库的通用错误,可能在其他情况下发生。以防其他人在将带有 javax.mail 的电子邮件发送到 smtp 服务器时遇到同样的错误。然后强制其他协议的代码设置如下属性:
##代码##回答by Sam Gh
The accepted answer didn't work in my situation, not sure why. I switched from JRE1.7 to JRE1.8 and that resolved the issue automatically. JRE1.8 uses TLS1.2 by default
接受的答案在我的情况下不起作用,不知道为什么。我从 JRE1.7 切换到 JRE1.8 并自动解决了问题。JRE1.8 默认使用 TLS1.2
