0
リモートサーバ(Java 7クライアントアプリケーション内)とTLS接続を確立しようとしましたが、ハンドシェイクフェーズの最後に発生するエラーを理解できません。ハンドシェイク失敗でTLSv1接続に失敗しました
- のClientHelloとのServerHello彼らはTLS_RSA_WITH_AES_256_CBC_SHA暗号スイートでのTLSv1に会う
- 発生します
しかし、私はOKです。この手順では、ログで見つかりました。
- クライアントは
- クライアントが前の要求にALERTを受け取り、検証要求を送信し、セッション鍵を生成し、
- クライアントを共有している
- 証明書は、JavaのtrustStore
- で知られているサーバ証明書を取得します。
ログ(私はこの情報が公開されていることを知っているが、私はxxxxxはと以下の情報の一部を置換することを好む)、以下のとおりです。
*** ClientHello, TLSv1
RandomCookie: GMT: 1457187030 bytes = { 203, 230, 21, 102, 49, 116, 144, 208, 65, 56, 189, 59, 187, 202, 135, 116, 34, 12, 12, 108, 140, 192, 134, 248, 224, 95, 62, 206 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
Compression Methods: { 0 }
Extension server_name, server_name: [host_name: toto.fr]
***
actionThreadPoolExecutor-1, WRITE: TLSv1 Handshake, length = 127
actionThreadPoolExecutor-1, READ: TLSv1 Handshake, length = 85
*** ServerHello, TLSv1
RandomCookie: GMT: -1851106123 bytes = { 154, 79, 112, 4, 18, 128, 113, 248, 236, 128, 147, 254, 224, 152, 167, 28, 122, 146, 115, 216, 118, 202, 52, 242, 178, 31, 191, 229 }
Session ID: {242, 247, 110, 41, 51, 194, 94, 53, 3, 168, 235, 147, 197, 255, 91, 2, 237, 109, 62, 241, 111, 22, 177, 245, 106, 165, 18, 157, 157, 225, 157, 199}
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension server_name, server_name:
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
** TLS_RSA_WITH_AES_256_CBC_SHA
actionThreadPoolExecutor-1, READ: TLSv1 Handshake, length = 742
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = xxxx
Key: Sun RSA public key, 1024 bits
modulus: XXXXXXX
public exponent: xxxxx
Validity: [From: Tue Feb 19 20:31:08 CET 2013,
To: Fri Feb 17 20:31:08 CET 2023]
Issuer: OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR
SerialNumber: [ xxx xxx]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: xxxx
0010: xxxx
]
[OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR]
SerialNumber: [ xxxx xxxx]
]
[2]: ObjectId: xxx Criticality=false
BasicConstraints:[
CA:true
PathLen:xxx
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: xxxxx
0010: xxxxx
]
]
]
Algorithm: [SHA1withRSA]
Signature:
xxxxxx
]
***
Found trusted certificate:
[
[
Version: V3
Subject: OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = xxxxx
Key: Sun RSA public key, 1024 bits
modulus: xxxxx
public exponent: xxxxx
Validity: [From: Tue Feb 19 20:31:08 CET 2013,
To: Fri Feb 17 20:31:08 CET 2023]
Issuer: OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR
SerialNumber: [ xxxxx xxxxx]
Certificate Extensions: 3
[1]: ObjectId: xxxxx Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: xxxxx
0010: xxxxx
]
[OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR]
SerialNumber: [ xxxxx xxxxx]
]
[2]: ObjectId: xxxxx Criticality=false
BasicConstraints:[
CA:true
PathLen:xxxxx
]
[3]: ObjectId: xxxxx Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: xxxxx
0010: xxxxx
]
]
]
Algorithm: [SHA1withRSA]
Signature:
xxxxx
]
actionThreadPoolExecutor-1, READ: TLSv1 Handshake, length = 100
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<OU=DSI, O=TOTO, L=PARIS, ST=FRANCE, C=FR>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
actionThreadPoolExecutor-1, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: xxxxx
0010: xxxxx
0020: xxxxx
CONNECTION KEYGEN:
Client Nonce:
0000: xxxxx
0010: xxxxx
Server Nonce:
0000: xxxxx
0010: xxxxx
Master Secret:
0000: xxxxx
0010: xxxxx
0020: xxxxx
Client MAC write Secret:
0000: xxxxx
0010: xxxxx
Server MAC write Secret:
0000: xxxxx
0010: xxxxx
Client write key:
0000: xxxxx
0010: xxxxx
Server write key:
0000: xxxxx
0010: xxxxx
Client write IV:
0000: xxxxx
Server write IV:
0000: xxxxx
actionThreadPoolExecutor-1, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 133, 240, 14, 227, 40, 216, 150, 52, 90, 136, 122, 71 }
***
actionThreadPoolExecutor-1, WRITE: TLSv1 Handshake, length = 48
actionThreadPoolExecutor-1, READ: TLSv1 Alert, length = 2
actionThreadPoolExecutor-1, RECV TLSv1 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
actionThreadPoolExecutor-1, called closeSocket()
actionThreadPoolExecutor-1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
あなたはハンドシェイクの失敗の理由のいずれかのアイデアを持っている可能性があり?
ありがとうございます!
ありがとうございました。 その他の情報については、次のURLを参照してください。http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html –