이미 related question을 읽었지만 같은 장소에서 오류가 발생하지 않는 것 같습니다.공개 https 웹 사이트에서 jsse handshake_failure
public static void main(String [] argv) {
try {
URL u = new URL("https://membership.usairways.com/Login.aspx");
Object o = u.getContent();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
을하지만 실행할 때 나는 handshake_failure을 얻을 자바 6, 모두 내 Mac과 Windows 시스템에서 :
나는 아주 간단한 조작을 시도하고있다. 잘 발견되고
기타가 발견되지 않는 인증서에 문제가 계속하지만, 디버그 로그 (-Djavax.net.debug=ssl:handshake
가) 인증서를 보여줍니다
keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trustStore is: C:\Program Files (x86)\Java\jre6\lib\security\cacerts trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0x4eb200670c035d4f Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036 (repeat above for a large number of certs, notably the next one here) adding as trusted cert: Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Algorithm: RSA; Serial number: 0x1 Valid from Wed Jul 31 20:00:00 EDT 1996 until Thu Dec 31 18:59:59 EST 2020 trigger seeding of SecureRandom done seeding SecureRandom %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1264732935 bytes = { 200, 133, 119, 81, 212, 158, 149, 118, 153, 199, 116, 71, 201, 115, 67, 238, 141, 69, 2, 4, 158, 99, 39, 55, 242, 1, 155, 226 } Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] Compression Methods: { 0 } *** main, WRITE: TLSv1 Handshake, length = 73 main, WRITE: SSLv2 client hello message, length = 98 main, READ: SSLv3 Handshake, length = 74 *** ServerHello, SSLv3 RandomCookie: GMT: -1723164650 bytes = { 122, 187, 153, 122, 194, 216, 4, 86, 68, 106, 92, 83, 166, 22, 156, 103, 30, 93, 5, 89, 138, 108, 191, 101, 41, 38, 201, 7 } Session ID: {64, 200, 23, 188, 201, 247, 125, 29, 43, 132, 204, 32, 58, 18, 4, 215, 3, 228, 127, 3, 0, 13, 41, 240, 200, 79, 208, 166, 79, 178, 249, 123} Cipher Suite: SSL_RSA_WITH_RC4_128_MD5 Compression Method: 0 *** %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5] ** SSL_RSA_WITH_RC4_128_MD5 main, READ: SSLv3 Handshake, length = 1712 *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=*.usairways.com, OU=csmusairwayweb, O=US Airways, L=Phoenix, ST=Arizona, C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 117128872477092149134303805811049298494872749082923376652184544938174228731267664522970480129390452967053230586478159419504897327346652351403474804997804422528612377227107853983665176692187458180185822497353170111743696439530149540148901069359332724759471171438095948620900093160986648342991891132153788789693 public exponent: 65537 Validity: [From: Wed Apr 30 08:12:47 EDT 2008, To: Fri Apr 30 08:12:47 EDT 2010] Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA SerialNumber: [ 645f032d 08d4bd17 40df6c90 666e6bf3] Certificate Extensions: 4 [1]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl] ]] [2]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] [3]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] [4]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [accessMethod: 1.3.6.1.5.5.7.48.1 accessLocation: URIName: http://ocsp.thawte.com] ] ] Algorithm: [SHA1withRSA] Signature: 0000: 4A 2B 42 50 88 64 26 7E CA 06 8C B3 CA 88 B4 8D J+BP.d&......... 0010: 20 5A 11 F6 1F 9E 00 16 22 46 6F D9 18 8E CE 08 Z......"Fo..... 0020: 37 33 95 F9 08 2F 80 2D 26 73 C0 2A 54 2B 41 74 73.../.-&s.*T+At 0030: 2F 7F BC 17 9C 85 E3 71 E0 D7 1D CE 76 86 DD 53 /......q....v..S 0040: 2A 99 4E E7 92 27 F5 B5 2A A3 3C 9C D3 97 87 B9 *.N..'..*.%.....2q.. 0070: 86 5E ED 50 27 A6 0D A6 23 F9 BB CB A6 07 14 42 .^.P'...#......B ] *** Found trusted certificate: [ [ Version: V3 Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 1024 bits modulus: 147615723393259181416635428961329342020669051439139433844527551020558419419302186744111967954084722208863267607710475139716371688682959340524636682374402009636778742019638875797953488482650734868036331360260559337468576998663423718393870107693392913633351064416793992445974512528326405756434384337574662315063 public exponent: 65537 Validity: [From: Wed Jul 31 20:00:00 EDT 1996, To: Thu Dec 31 18:59:59 EST 2020] Issuer: [email protected]om, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA SerialNumber: [ 01] Certificate Extensions: 1 [1]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] ] Algorithm: [MD5withRSA] Signature: 0000: 26 48 2C 16 C2 58 FA E8 16 74 0C AA AA 5F 54 3F &H,..X...t..._T? 0010: F2 D7 C9 78 60 5E 5E 6E 37 63 22 77 36 7E B2 17 ...x`^^n7c"w6... 0020: C4 34 B9 F5 08 85 FC C9 01 38 FF 4D BE F2 16 42 .4.......8.M...B 0030: 43 E7 BB 5A 46 FB C1 C6 11 1F F1 4A B0 28 46 C9 C..ZF......J.(F. 0040: C3 C4 42 7D BC FA AB 59 6E D5 B7 51 88 11 E3 A4 ..B....Yn..Q.... 0050: 85 19 6B 82 4C A4 0C 12 AD E9 A4 AE 3F F1 C3 49 ..k.L.......?..I 0060: 65 9A 8C C5 C8 3E 25 B7 94 99 BB 92 32 71 07 F0 e....>%.....2q.. 0070: 86 5E ED 50 27 A6 0D A6 23 F9 BB CB A6 07 14 42 .^.P'...#......B ] main, READ: SSLv3 Handshake, length = 4 *** ServerHelloDone *** ClientKeyExchange, RSA PreMasterSecret, SSLv3 main, WRITE: SSLv3 Handshake, length = 132 SESSION KEYGEN: PreMaster Secret: 0000: 03 00 90 43 CA FE 69 A1 9B C1 D2 2A B2 52 B5 F7 ...C..i....*.R.. 0010: 8F D7 6E 89 CB 9D B1 8F C0 C1 EE 54 D8 70 4A F2 ..n........T.pJ. 0020: B6 FB D2 F2 1C BC FD 7A 2C AD 75 60 C0 5F 3B 15 .......z,.u`._;. CONNECTION KEYGEN: Client Nonce: 0000: 4B 62 4B 07 C8 85 77 51 D4 9E 95 76 99 C7 74 47 KbK...wQ...v..tG 0010: C9 73 43 EE 8D 45 02 04 9E 63 27 37 F2 01 9B E2 .sC..E...c'7.... Server Nonce: 0000: 99 4B 98 16 7A BB 99 7A C2 D8 04 56 44 6A 5C 53 .K..z..z...VDj\S 0010: A6 16 9C 67 1E 5D 05 59 8A 6C BF 65 29 26 C9 07 ...g.].Y.l.e)&.. Master Secret: 0000: 65 CA 12 63 80 48 D8 4A 33 63 A3 93 6F FB F8 5A e..c.H.J3c..o..Z 0010: 87 7D 2E C4 19 3D 0E 2E 66 D4 0A 28 B8 27 76 79 .....=..f..(.'vy 0020: F9 C8 53 67 0D 87 CB 47 29 9E 3E 37 44 7D 19 11 ..Sg...G).>7D... Client MAC write Secret: 0000: 26 03 49 9F 35 73 6B B4 2E 22 BF EC 57 84 F1 55 &.I.5sk.."..W..U Server MAC write Secret: 0000: 3F D0 4C 7F AD 9B 16 CD 9F 1E 81 DD 0E B9 88 CF ?.L............. Client write key: 0000: 55 C0 0D 36 BA 82 88 26 7B CE 16 BC B0 96 5D 9F U..6...&......]. Server write key: 0000: 73 B1 C3 EF E5 1F E7 B4 B9 90 BA B9 EC D7 13 70 s..............p ... no IV used for this cipher main, WRITE: SSLv3 Change Cipher Spec, length = 1 *** Finished verify_data: { 36, 108, 19, 115, 108, 210, 76, 3, 226, 30, 160, 20, 81, 59, 1, 35, 71, 57, 221, 18, 4, 164, 97, 253, 166, 69, 253, 104, 207, 70, 44, 39, 0, 231, 237, 172 } *** main, WRITE: SSLv3 Handshake, length = 56 main, READ: SSLv3 Alert, length = 2 main, RECV SSLv3 ALERT: fatal, handshake_failure main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at java.net.URLConnection.getContent(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(Unknown Source) at java.net.URL.getContent(Unknown Source) at h.Hacks.main(Hacks.java:11)
편집 2010년 1월 31일 :
wireshark를 사용하여 패킷을 보면 클라이언트 안녕 메시지가 Firefox 3.5와 Java 1.6간에 약간 다릅니다.
자바 1.6 SSLv2의의 헬로 메시지를 전송하지만, 버전 TLS 1.0 (0x0301)
파이어 폭스 3.5 SSLv2의 헬로우 메시지를 전송 설정되지만 버전 (0x0300)
SSLv3.0로 설정된서버가 두 방법 모두 동일한 방식으로 응답하는 것으로 보입니다. 먼저 서버 헬로 패킷
자바와 파이어 폭스 다르게 반응 '할 서버 안녕하세요'서버 인증서와 가진 후 결합 된 패킷 : 자바는 3 개 개의 패킷으로 세 개의 SSL 레코드를 보냅니다 클라이언트 키 교환, 다음 변경 암호 사양 암호화 된 핸드 셰이크 메시지
Firefox은이 세 가지 SSL 레코드를 모두 하나의 패킷으로 보냅니다.
이 시점에서 Java의 경우 서버는 핸드 셰이크 실패를 나타내는 치명적인 경고를 보내고 firefox는 핸드 셰이크 프로세스를 성공적으로 완료하는 응답을받습니다.
자바에서 TLSv1의 초기 요청이 혼란 스럽거나 별도의 패킷이 서버를 혼란스럽게합니다. 어떻게 그 이론들 중 하나를 테스트 할 수 있었는지 아는 것이 있습니까?
편집 2010년 2월 1일 : 관련된 질문을 읽고 , 나는 '하려면 openssl'명령 행 도구는 특정 문제를 진단 할 수 있다고 보았다.
openssl s_client -connect membership.usairways.com:443
을 실행하면 TLSv1 요청 전송이 정상적으로 작동 함을 알 수 있습니다. 그래서 자바가 서버와 상호 작용하는 방식에 더 미묘한 점이 있습니다.
와우! 고마워, 그건 속임수 였어. – TheDon
나는 잊지 않았다. :) 일단 대답을 수락하면 마음을 바꿀 수 없으므로 원하는대로 할 수 있습니다. – TheDon
ok :) btw, 나는 그것을 테스트하고 페이지의 전체 내용을 반환했습니다. – Bozho