SSLHandshakeException:使用asynchttpclient和使用自签名证书的wiremock没有共同的密码套件

问题描述 投票:2回答:4

我有一个使用asynchttpclient库编写的java客户端。在集成测试期间,我正在设置一个用于测试的线缆服务器。连接需要超过ssl。

因此,我为我的域生成自签名证书:localhost.my-domain.com,它指向127.0.0.1

证书生成

证书生成如下:

#Generate the self signed keystore (first and last name use:  localhost.my-domain.com)
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changeit -validity 360 -keysize 2048

#Extract the public certificate 
keytool -export -keystore keystore.jks -alias selfsigned -file public.cer

#Create the truststore
keytool -import -file public.cer -alias selfsigned -keystore public.truststore

#extract pkcs12 private key
keytool -importkeystore -srckeystore keystore.jks -destkeystore private.pkcs12 -deststoretype PKCS12

#Convert public.cer into public.pem 
openssl x509 -inform der -in public.cer -out public.pem

#Convert pkcs12 key to pem format
openssl pkcs12 -in private.pkcs12 -out privatekey.pem -nocerts -nodes

为了测试,双方都使用相同的密钥库和信任库(我的客户端和线缆)

Wiremock

我的Wiremock配置如下:

@ClassRule
public static WireMockClassRule wireMockRule = new WireMockClassRule(wireMockConfig()
        .port(9998)
        .httpsPort(7777)
        .needClientAuth(true)
        .trustStorePath("/path/to/public.truststore")
        .trustStorePassword("changeit")
        .keystorePath("/path/to/keystore.jks")
        .keystorePassword("changeit")
);

Asynchttpclient

要在asynchttpclient中初始化连接,我将执行以下操作:

private DefaultAsyncHttpClient getSslConnection () {
        final SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();

            final KeyManagerFactory keyManagerFactory;
            try {
                keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                final KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(new FileInputStream(new File("/path/to/keystore.jks")), sslParameters.getKeystorePassword().toCharArray());
                keyManagerFactory.init(keyStore, "changeit".toCharArray());
            } catch (final Exception e) {
                throw new IllegalStateException("failed", e);
            }
            sslContextBuilder.keyManager(keyManagerFactory);

            final TrustManagerFactory trustManagerFactory;
            try {
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                final KeyStore trustStore = KeyStore.getInstance("JKS");
                trustStore.load(new FileInputStream(new File("/path/to/public.truststore")), "changeit".toCharArray());
                trustManagerFactory.init(trustStore);
            } catch (final Exception e) {
                throw new IllegalStateException("failed", e);
            }
            sslContextBuilder.trustManager(trustManagerFactory);


        final SslContext sslContext;
        try {
            sslContext = sslContextBuilder
                    .build();
        } catch (final SSLException e) {
            throw new IllegalStateException("Unable to create SslContext", e);
        }

        return new DefaultAsyncHttpClient(generateGenericHttpClientConfiguration()
                .setSslContext(sslContext)
                .build());
    }

private static DefaultAsyncHttpClientConfig.Builder generateGenericHttpClientConfiguration() {
        final DefaultAsyncHttpClientConfig.Builder builder = new DefaultAsyncHttpClientConfig.Builder()
                .setConnectTimeout(connectionTimeout)
                .setReadTimeout(readTimeout)
                .setHandshakeTimeout(handshakeTimeout)
                .setRequestTimeout(requestTimeout)
                .setShutdownTimeout(shutdownTimeout)
                .setSslSessionTimeout(sslSessionTimeout)
                .setPooledConnectionIdleTimeout(pooledConnectionIdleTimeout)
                .setMaxConnections(maxTotal)
                .setMaxConnectionsPerHost(maxRoute);
        return builder;
    }

错误

我的例外情况如下:

WireMock方面:

javax.net.ssl.SSLHandshakeException: no cipher suites in common
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
    at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1036)
    at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:739)
    at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
    at com.github.tomakehurst.wiremock.jetty6.DelayableSslSocketConnector$1.run(DelayableSslSocketConnector.java:52)
    at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

我的客户方:

java.util.concurrent.ExecutionException: java.net.ConnectException: Received fatal alert: handshake_failure

    at org.asynchttpclient.netty.NettyResponseFuture.abort(NettyResponseFuture.java:239)
    at org.asynchttpclient.netty.channel.NettyConnectListener.onFailure(NettyConnectListener.java:141)
    at org.asynchttpclient.netty.channel.NettyConnectListener$1.onFailure(NettyConnectListener.java:109)
    at org.asynchttpclient.netty.SimpleFutureListener.operationComplete(SimpleFutureListener.java:26)
    at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:683)
    at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:604)
    at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:564)
    at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:425)
    at io.netty.handler.ssl.SslHandler.notifyHandshakeFailure(SslHandler.java:1239)
    at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1234)
    at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1209)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1064)
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:904)
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:387)
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:245)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278)
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962)
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:528)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:485)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:399)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:371)
    at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)
    at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.ConnectException: Received fatal alert: handshake_failure
    at org.asynchttpclient.netty.channel.NettyConnectListener.onFailure(NettyConnectListener.java:138)
    ... 24 more
Caused by: javax.net.ssl.SSLException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
    at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800)
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1098)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:970)
    ... 14 more

调试信息

如果我使用ssl运行,请握手java调试信息,如下所示:

trustStore is: C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0xc3517
  Valid from Mon Jun 21 06:00:00 CEST 1999 until Mon Jun 22 06:00:00 CEST 2020
... and several others....

***
found key for : selfsigned
chain [0] = [
[
  Version: V3
  Subject: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 22322185126194550795772462085219600605765741974258242212144535570744433693090067697037964532896095888501895176212954181087848506804238875167464582276363224932343212155653874664548116380333979698329196870411155489258120063788253980453150948066639518586839190752172742369244848200670971411040704766236660687310131008467164466602724947105963538159324675914388308835198923964161860881537353803508615054561772507456948494859333876540386345557203373685823145636638162034516089507658075673049538151350225012579285735891440944786147926900982654525113394239397843171301247569748674320790243789470675827095807550007258334440131
  public exponent: 65537
  Validity: [From: Wed Jun 08 17:24:26 CEST 2016,
               To: Sat Jun 03 17:24:26 CEST 2017]
  Issuer: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
  SerialNumber: [    3dad149a]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 80 EF E8 17 92 61 B0 D6   62 29 1A 4C 45 84 5E A0  .....a..b).LE.^.
0010: ED E7 16 00                                        ....
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 14 14 E7 30 68 39 F7 61   82 6C 29 52 EB F5 3A E6  ...0h9.a.l)R..:.
0010: 25 E8 49 3B 86 3F 63 D0   07 E7 82 D3 51 52 3E BD  %.I;.?c.....QR>.
0020: 7F 18 A8 B8 53 4D C4 AC   BC 66 7D 1D 16 99 56 5D  ....SM...f....V]
0030: AA 77 70 D1 DF B6 4F 4D   BC 45 3B F6 1E 18 10 7B  .wp...OM.E;.....
0040: FD 8B 19 BC 9E 28 A5 2F   B4 32 4D D6 1B 5A F4 EF  .....(./.2M..Z..
0050: 0A C6 7E F4 6E 17 DE 44   39 6F 4C 36 FB 24 52 3A  ....n..D9oL6.$R:
0060: EF 98 09 9D 33 E8 80 73   0C CC 8A 80 4B B6 A8 34  ....3..s....K..4
0070: D6 00 DF C3 DC CB 45 16   A0 60 67 8A 25 52 33 3D  ......E..`g.%R3=
0080: 4B F9 A6 A7 AD 4A 91 7C   05 23 F8 DC 5B 76 09 05  K....J...#..[v..
0090: D6 E7 33 8C CD 0C EC 9F   EB 20 62 E1 57 51 F7 A9  ..3...... b.WQ..
00A0: B9 9A ED 25 7D B9 D9 BA   D4 2C 72 C5 62 F8 DB CB  ...%.....,r.b...
00B0: C2 48 83 2F 8D A3 15 27   99 29 4E 34 3B 18 13 A7  .H./...'.)N4;...
00C0: 30 DF BE 49 30 1B 7A DF   CE E0 C2 DA 97 1F 5D BA  0..I0.z.......].
00D0: 84 B9 92 64 34 8B 19 D2   C4 C7 96 A8 32 34 19 36  ...d4.......24.6
00E0: 7E 75 5D B7 85 F6 19 0E   1D 67 DE 50 29 02 FF CD  .u]......g.P)...
00F0: 3B 64 40 AE 7B 13 30 FA   69 52 3C 13 8A 94 46 3B  ;[email protected]<...F;

]
***
trigger seeding of SecureRandom
done seeding SecureRandom
adding as trusted cert:
  Subject: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
  Issuer:  CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
  Algorithm: RSA; Serial number: 0x3dad149a
  Valid from Wed Jun 08 17:24:26 CEST 2016 until Sat Jun 03 17:24:26 CEST 2017

trigger seeding of SecureRandom
done seeding SecureRandom
trustStore is: C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0xc3517
  Valid from Mon Jun 21 06:00:00 CEST 1999 until Mon Jun 22 06:00:00 CEST 2020

.... and several others ....

trigger seeding of SecureRandom
done seeding SecureRandom***
found key for : selfsigned
chain [0] = [
[
  Version: V3
  Subject: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 22322185126194550795772462085219600605765741974258242212144535570744433693090067697037964532896095888501895176212954181087848506804238875167464582276363224932343212155653874664548116380333979698329196870411155489258120063788253980453150948066639518586839190752172742369244848200670971411040704766236660687310131008467164466602724947105963538159324675914388308835198923964161860881537353803508615054561772507456948494859333876540386345557203373685823145636638162034516089507658075673049538151350225012579285735891440944786147926900982654525113394239397843171301247569748674320790243789470675827095807550007258334440131
  public exponent: 65537
  Validity: [From: Wed Jun 08 17:24:26 CEST 2016,
               To: Sat Jun 03 17:24:26 CEST 2017]
  Issuer: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
  SerialNumber: [    3dad149a]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 80 EF E8 17 92 61 B0 D6   62 29 1A 4C 45 84 5E A0  .....a..b).LE.^.
0010: ED E7 16 00                                        ....
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 14 14 E7 30 68 39 F7 61   82 6C 29 52 EB F5 3A E6  ...0h9.a.l)R..:.
0010: 25 E8 49 3B 86 3F 63 D0   07 E7 82 D3 51 52 3E BD  %.I;.?c.....QR>.
0020: 7F 18 A8 B8 53 4D C4 AC   BC 66 7D 1D 16 99 56 5D  ....SM...f....V]
0030: AA 77 70 D1 DF B6 4F 4D   BC 45 3B F6 1E 18 10 7B  .wp...OM.E;.....
0040: FD 8B 19 BC 9E 28 A5 2F   B4 32 4D D6 1B 5A F4 EF  .....(./.2M..Z..
0050: 0A C6 7E F4 6E 17 DE 44   39 6F 4C 36 FB 24 52 3A  ....n..D9oL6.$R:
0060: EF 98 09 9D 33 E8 80 73   0C CC 8A 80 4B B6 A8 34  ....3..s....K..4
0070: D6 00 DF C3 DC CB 45 16   A0 60 67 8A 25 52 33 3D  ......E..`g.%R3=
0080: 4B F9 A6 A7 AD 4A 91 7C   05 23 F8 DC 5B 76 09 05  K....J...#..[v..
0090: D6 E7 33 8C CD 0C EC 9F   EB 20 62 E1 57 51 F7 A9  ..3...... b.WQ..
00A0: B9 9A ED 25 7D B9 D9 BA   D4 2C 72 C5 62 F8 DB CB  ...%.....,r.b...
00B0: C2 48 83 2F 8D A3 15 27   99 29 4E 34 3B 18 13 A7  .H./...'.)N4;...
00C0: 30 DF BE 49 30 1B 7A DF   CE E0 C2 DA 97 1F 5D BA  0..I0.z.......].
00D0: 84 B9 92 64 34 8B 19 D2   C4 C7 96 A8 32 34 19 36  ...d4.......24.6
00E0: 7E 75 5D B7 85 F6 19 0E   1D 67 DE 50 29 02 FF CD  .u]......g.P)...
00F0: 3B 64 40 AE 7B 13 30 FA   69 52 3C 13 8A 94 46 3B  ;[email protected]<...F;

]
***
adding as trusted cert:
  Subject: CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
  Issuer:  CN=localhost.my-domain.com, OU=my-domain Sofware Ltd, O=my-domain Software Ltd, L=Sliema, ST=Malta, C=MT
  Algorithm: RSA; Serial number: 0x3dad149a
  Valid from Wed Jun 08 17:24:26 CEST 2016 until Sat Jun 03 17:24:26 CEST 2017

trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
214187874@qtp-1409545055-0 - Acceptor0 [email protected]:7777, setSoTimeout(200000) called
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1465403695 bytes = { 30, 118, 6, 181, 187, 105, 144, 0, 40, 135, 10, 57, 140, 23, 96, 35, 255, 117, 199, 166, 250, 139, 47, 126, 51, 172, 237, 45 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [type=host_name (0), value=localhost.my-domain.com]
Extension renegotiation_info, renegotiated_connection: <empty>
***
AsyncHttpClient-3-1, WRITE: TLSv1.2 Handshake, length = 196
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
2009745500@qtp-1409545055-2, READ: TLSv1.2 Handshake, length = 196
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1465403695 bytes = { 30, 118, 6, 181, 187, 105, 144, 0, 40, 135, 10, 57, 140, 23, 96, 35, 255, 117, 199, 166, 250, 139, 47, 126, 51, 172, 237, 45 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [type=host_name (0), value=localhost.my-domain.com]
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
2009745500@qtp-1409545055-2, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
2009745500@qtp-1409545055-2, WRITE: TLSv1.2 Alert, length = 2
2009745500@qtp-1409545055-2, called closeSocket()
2009745500@qtp-1409545055-2, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common

我尝试过使用spark框架而不是Wiremock但是我仍然得到相同的情况。

java ssl asynchttpclient wiremock spark-framework
4个回答
0
投票

免责声明:我是AsyncHttpClient的作者

My2cents:你生成了一个带有大键的证书(“keysize 2048”),但你忘了用JCE unlimited strength extension修补你的JDK。

0
投票

事实证明,在Wiremock和Spark Framework中似乎都存在一些问题。一旦我使用相同的确切键设置我自己的服务器它没有任何麻烦。

0
投票

以防万一它会帮助任何人,在我的情况下我得到这个错误,因为我已经将p12格式文件加载到服务器的密钥库,而不是jks文件。

即:

@ClassRule
public static WireMockClassRule wireMockRule = new WireMockClassRule(wireMockConfig()
        .httpsPort(7777)
        .keystorePath("/path/to/keystore.p12")
        .keystorePassword("changeit")
);
0
投票

另一个潜在的问题是.keystorePassword()不提供传统上理解的密钥库密码。它为密钥库中的单个密钥提供密码。

我通过将密钥从我自己的密钥库导入到wiremock(密码为password)中来解决这个问题 - 这使我的密码保存在密钥条目上,但密钥库密码作为密码然后工作。如果实际的密钥库密码不是密码,我认为wiremock不会起作用。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.