java.net.SocketException:连接重置
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5995997/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
java.net.SocketException: Connection reset
提问by Pablo
I am coding an application where I control the code of both the client and the server. I am using SSLSockets to implement it. I have the protocol already running with normal unsecured sockets, but when I try to switch to SSLSockets (using exactly the same protocol), I keep getting the following stack trace:
我正在编写一个应用程序,我可以在其中控制客户端和服务器的代码。我正在使用 SSLSockets 来实现它。我已经使用普通的不安全套接字运行了该协议,但是当我尝试切换到 SSLSockets(使用完全相同的协议)时,我不断收到以下堆栈跟踪:
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:782)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:739)
For some reason, the exact same code works perfectly with unsecured sockets. Why could this be?
出于某种原因,完全相同的代码可以完美地用于不安全的套接字。为什么会这样?
Any feedback would be appreciated. Thank you.
对于任何反馈,我们都表示感谢。谢谢你。
Pablo
巴勃罗
回答by Cratylus
From your post it is not possile to detect the problem.
When you switch to secure sockets the most secure ciphers are used by default.
If you have not configured your truststore/keystore correctly (or have not enabled the non-authenticated suites) then the SSL handshake will fail.
The exception seems to indicate that.
What you can do is run your program using javax.net.debug=ssl,handshaketo enable SSL debugging info and post the debugging info and your code if you expect someone to help you.
从您的帖子中无法检测到问题。
当您切换到安全套接字时,默认使用最安全的密码。
如果您没有正确配置您的信任库/密钥库(或没有启用未经身份验证的套件),那么 SSL 握手将失败。
例外似乎表明了这一点。如果您希望有人帮助您,
您可以做的是运行您的程序javax.net.debug=ssl,handshake以启用 SSL 调试信息并发布调试信息和您的代码。
回答by bubak
Reasons can vary, -Djavax.net.debug=ssl is your friend, as suggested by Vladimir Dyuzhev.
原因可能有所不同,-Djavax.net.debug=ssl 是您的朋友,正如 Vladimir Dyuzhev 所建议的那样。
Anyway, it may be a certificate problem -- make sure you have correct keystore and trustore. You will require one entry in keystore with:
无论如何,这可能是证书问题——确保您拥有正确的密钥库和信任库。您将需要在密钥库中输入一个条目:
- private key
- certificate
- complete chain of issuer of the certificate
- 私钥
- 证书
- 完整的证书颁发者链
And a truststore:
还有一个信任库:
- complete chain of certificates for server certificate
- 服务器证书的完整证书链
I have problems generating proper keystore (trustore is easy -- just use keytool). For keystore you need st like this (Linux with openssl + java):
我在生成正确的密钥库时遇到问题(trustore 很简单——只需使用 keytool)。对于密钥库,您需要像这样的 st(带有 openssl + java 的 Linux):
# convert all to PEM
openssl x509 -in ${ca}.der -inform DER -outform PEM -out ${ca}.pem
openssl x509 -in ${subca}.der -inform DER -outform PEM -out ${subca}.pem
# create one large PEM file containing certificate chain
cat ${ca}.pem ${subca}.pem > tmp_cert_chain.pem
# generate PKCS#12 BUNDLE
openssl pkcs12 -export -in ${cert}.pem -inkey ${key}.pem -certfile tmp_cert_chain.pem -out tmp_pkcs12.pfx
# convert PKCS#12 bundle to JKS
keytool -importkeystore -srckeystore tmp_pkcs12.pfx -srcstoretype pkcs12 -srcstorepass ${storepass} -destkeystore $keystore -deststoretype jks -deststorepass ${storepass}
# print out JKS keystore
keytool -list -keystore $keystore -storepass $storepass
回答by Jesse Webb
Depending on what OS you are using, it may require admin/root priveledges to bind to or listen to the SSL port. Trying running your application with admin rights (in Windows) or sudo'd (on Linux).
根据您使用的操作系统,它可能需要管理员/root 权限来绑定或侦听 SSL 端口。尝试使用管理员权限(在 Windows 中)或 sudo'd(在 Linux 上)运行您的应用程序。
