javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/38203971/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
提问by Viks
I am posting this question after trying many options from two days. Below are the options I tried.
在尝试了两天的许多选项后,我发布了这个问题。以下是我尝试过的选项。
- Disable ssl certificate validation
- By downloading crt from browser and converting to .jks and importing keystore.
- 禁用 ssl 证书验证
- 通过从浏览器下载 crt 并转换为 .jks 并导入密钥库。
Still I am getting this issue, any help very much appreciated in advance.
我仍然遇到这个问题,非常感谢任何帮助。
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1943)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1059)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1321)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1305)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:523)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1296)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at com.honeywell.sensibo.api.NewMain.main(NewMain.java:73)
采纳答案by Viks
Issue resolved.!!! Below are the solutions.
问题解决了。!!!以下是解决方案。
For Java 6: Add below jars into {JAVA_HOME}/jre/lib/ext. 1. bcprov-ext-jdk15on-154.jar 2. bcprov-jdk15on-154.jar
对于 Java 6:将以下 jar 添加到 {JAVA_HOME}/jre/lib/ext。1. bcprov-ext-jdk15on-154.jar 2. bcprov-jdk15on-154.jar
Add property into {JAVA_HOME}/jre/lib/security/java.security security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
将属性添加到 {JAVA_HOME}/jre/lib/security/java.security security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
Java 7:download jar from below link and add to {JAVA_HOME}/jre/lib/security http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Java 7:从下面的链接下载 jar 并添加到 {JAVA_HOME}/jre/lib/security http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Java 8:download jar from below link and add to {JAVA_HOME}/jre/lib/security http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
Java 8:从下面的链接下载 jar 并添加到 {JAVA_HOME}/jre/lib/security http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
Issue is that it is failed to decrypt 256 bits of encryption.
问题是它无法解密 256 位加密。
回答by Jorge_B
I am getting similar errors recently because recent JDKs (and browsers, and the Linux TLS stack, etc.) refuse to communicate with some servers in my customer's corporate network. The reason of this is that some servers in this network still have SHA-1 certificates.
我最近遇到了类似的错误,因为最近的 JDK(和浏览器,以及 Linux TLS 堆栈等)拒绝与我客户公司网络中的某些服务器进行通信。原因是该网络中的某些服务器仍然具有 SHA-1 证书。
Please see: https://www.entrust.com/understanding-sha-1-vulnerabilities-ssl-longer-secure/https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know
请参阅:https: //www.entrust.com/understanding-sha-1-vulnerabilities-ssl-longer-secure/ https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what -你得知道
If this would be your current case (recent JDK vs deprecated certificate encription) then your best move is to update your network to the proper encription technology.
如果这是您当前的情况(最近的 JDK 与已弃用的证书加密),那么您最好的做法是将您的网络更新为正确的加密技术。
In case that you should provide a temporal solution for that, please see another answers to have an idea about how to make your JDK trust or distrust certain encription algorithms:
如果您应该为此提供临时解决方案,请参阅另一个答案以了解如何让您的 JDK 信任或不信任某些加密算法:
How to force java server to accept only tls 1.2 and reject tls 1.0 and tls 1.1 connections
如何强制 java 服务器只接受 tls 1.2 并拒绝 tls 1.0 和 tls 1.1 连接
Anyway I insist that, in case that I have guessed properly your problem, this is not a good solution to the problem and that your network admin should consider removing these deprecated certificates and get a new one.
无论如何,我坚持认为,如果我正确地猜到了您的问题,这不是解决问题的好方法,您的网络管理员应该考虑删除这些已弃用的证书并获得一个新证书。
