Chrome closing connection on handshake with Java S

2019-03-13 06:46发布

站内文章 / Java
47 0 0

问题:

There are several questions that are similar to this, but none address this specific issue. If there is one and I missed it, please direct me to the relevant solution.

Now for my issue. I wrote a test SSL Server in Java:

import java.io.FileInputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;

public class Server {
  public static void main(String[] args) throws Exception {
    KeyStore ks = KeyStore.getInstance("JKS");  
    ks.load(new FileInputStream("server.jks"), "123456".toCharArray());

    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, "123456".toCharArray());

    SSLContext context = SSLContext.getInstance("TLS");
    context.init(kmf.getKeyManagers(), null, null);

    SSLServerSocketFactory factory = context.getServerSocketFactory();
    SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(8443);

    SSLSocket socket = null;
    OutputStream out = null;

    while (true) {
      try {
        System.out.println("Trying to connect");
        socket = (SSLSocket) serverSocket.accept();
        socket.startHandshake();
        out = socket.getOutputStream();
        out.write("Hello World".getBytes());
        out.flush();
      } catch (SSLHandshakeException e) {
        e.printStackTrace();
        continue;
      } finally {
        if (socket != null) {
          socket.close();
        }
      }
    }
  }
}

And I created my key store like so:

keytool -genkey -keyalg RSA -alias server-keys -keystore server.jks

When prompted, I put localhost for the key name.

Then I compile (I am using Sun/Oracle JDK and JRE version 1.6.0_26):

javac Server.java

Then I run:

java Server

I then tested by navigating to https://localhost:8443

It worked like a charm in the following browsers:

  • Firefox
  • Opera
  • Mobile Safari (iPhone4)
  • Safari

However, when I tried it with Chrome, I got the expected self-signed cert notification, I accepted the cert, I get this:

This webpage is not available
The connection to localhost was interrupted.
Here are some suggestions:
Reload this webpage later.
Check your Internet connection. Restart any router, modem, or other network devices you may be using.
Add Google Chrome as a permitted program in your firewall's or antivirus software's settings. If it is already a permitted program, try deleting it from the list of permitted programs and adding it again.
If you use a proxy server, check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don't believe you should be using a proxy server, adjust your proxy settings: Go to the wrench menu > Preferences > Under the Hood > Change Proxy Settings... and make sure your configuration is set to "no  proxy" or "direct."
Error 101 (net::ERR_CONNECTION_RESET): The connection was reset.

So, what gives? Is this a problem with Java, Chrome, or my implementation?

Any help in getting this working with Chrome as a client will be greatly appreciated.

Here is the Stack Trace for the error:

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
at Server.main(Server.java:32)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
... 4 more

The message from Chrome makes it seem that the server closed the connection too early, while the stack trace from the server makes it seem that Chrome closed the connection prematurely.

Update: I whipped up a non-SSL server in Java and tested it with Chrome, and it works just fine. The real problem seems to be that somehow the connection is getting lost during the SSL handshake. Does anyone have any suggestions about how to fix this?

If you have suggestions for code improvement or anything that might help, don't be shy. Thanks in advance.

Update: Here is the output from java -Djavax.net.debug=all Server

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
[Raw read]: length = 5
0000: 16 03 01 00 B0                                     .....
[Raw read]: length = 176
0000: 01 00 00 AC 03 01 4E 82   02 10 A6 FF DD 15 5E 3F  ......N.......^?
0010: 6E 00 75 43 BD AB 02 67   B7 D3 F8 9A C7 58 85 E2  n.uC...g.....X..
0020: 99 65 73 67 37 91 00 00   48 C0 0A C0 14 00 88 00  .esg7...H.......
0030: 87 00 39 00 38 C0 0F C0   05 00 84 00 35 C0 07 C0  ..9.8.......5...
0040: 09 C0 11 C0 13 00 45 00   44 00 66 00 33 00 32 C0  ......E.D.f.3.2.
0050: 0C C0 0E C0 02 C0 04 00   96 00 41 00 04 00 05 00  ..........A.....
0060: 2F C0 08 C0 12 00 16 00   13 C0 0D C0 03 FE FF 00  /...............
0070: 0A 02 01 00 00 3A 00 00   00 0E 00 0C 00 00 09 6C  .....:.........l
0080: 6F 63 61 6C 68 6F 73 74   FF 01 00 01 00 00 0A 00  ocalhost........
0090: 08 00 06 00 17 00 18 00   19 00 0B 00 02 01 00 00  ................
00A0: 23 00 00 33 74 00 00 00   05 00 05 01 00 00 00 00  #..3t...........
main, READ: TLSv1 Handshake, length = 176
*** ClientHello, TLSv1
RandomCookie:  GMT: 1300365840 bytes = { 166, 255, 221, 21, 94, 63, 110, 0, 117, 67, 189, 171, 2, 103, 183, 211, 248, 154, 199, 88, 133, 226, 153, 101, 115, 103, 55, 145 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x88, Unknown 0x0:0x87, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x45, Unknown 0x0:0x44, SSL_DHE_DSS_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x96, Unknown 0x0:0x41, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 1, 0 }
Unsupported extension server_name, [host_name: localhost]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data: 
Unsupported extension type_13172, data: 
Unsupported extension status_request, data: 01:00:00:00:00
***
[read] MD5 and SHA1 hashes:  len = 176
0000: 01 00 00 AC 03 01 4E 82   02 10 A6 FF DD 15 5E 3F  ......N.......^?
0010: 6E 00 75 43 BD AB 02 67   B7 D3 F8 9A C7 58 85 E2  n.uC...g.....X..
0020: 99 65 73 67 37 91 00 00   48 C0 0A C0 14 00 88 00  .esg7...H.......
0030: 87 00 39 00 38 C0 0F C0   05 00 84 00 35 C0 07 C0  ..9.8.......5...
0040: 09 C0 11 C0 13 00 45 00   44 00 66 00 33 00 32 C0  ......E.D.f.3.2.
0050: 0C C0 0E C0 02 C0 04 00   96 00 41 00 04 00 05 00  ..........A.....
0060: 2F C0 08 C0 12 00 16 00   13 C0 0D C0 03 FE FF 00  /...............
0070: 0A 02 01 00 00 3A 00 00   00 0E 00 0C 00 00 09 6C  .....:.........l
0080: 6F 63 61 6C 68 6F 73 74   FF 01 00 01 00 00 0A 00  ocalhost........
0090: 08 00 06 00 17 00 18 00   19 00 0B 00 02 01 00 00  ................
00A0: 23 00 00 33 74 00 00 00   05 00 05 01 00 00 00 00  #..3t...........
%% Created:  [Session-2, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie:  GMT: 1300365840 bytes = { 222, 252, 143, 86, 187, 89, 214, 118, 63, 242, 37, 135, 249, 157, 237, 68, 89, 183, 207, 35, 214, 165, 158, 236, 247, 198, 35, 127 }
Session ID:  {78, 130, 2, 16, 13, 19, 136, 228, 191, 64, 181, 90, 114, 50, 25, 82, 4, 243, 33, 245, 240, 52, 212, 152, 131, 33, 75, 87, 233, 215, 115, 40}
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 150590733090315595349916824289564207692943099832411234713235760334933701999028974289384033235479148899664720703153353063908054708567240747626032506431265644085048315430102573809958618243293819948440416636547643820235902609912005328682275839878326324697902360462814295687875085227151160366663023713790874542041
  public exponent: 65537
  Validity: [From: Mon Sep 26 15:14:30 PDT 2011,
               To: Sun Dec 25 14:14:30 PST 2011]
  Issuer: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
  SerialNumber: [    4e80f946]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 11 71 DF 8F 2B 4C 8C 3A   43 2F 91 49 FB 2E 45 41  .q..+L.:C/.I..EA
0010: B9 0D 9A E7 A9 48 36 FC   BC 87 E4 F2 7E 4C BE EB  .....H6......L..
0020: 0C E0 36 D2 67 0C C7 0D   D2 69 5E D7 65 93 F6 FE  ..6.g....i^.e...
0030: 48 1B 63 00 75 E5 96 AE   E5 82 BA ED 50 07 26 90  H.c.u.......P.&.
0040: 42 E1 CF 33 3F 84 A7 75   18 C0 0B 96 C3 E4 B4 FA  B..3?..u........
0050: AA AE 91 D2 48 E8 38 70   CA 60 E7 BC 19 EA 0D 76  ....H.8p.`.....v
0060: 55 B4 B7 D6 20 ED F3 C6   CE 8F 88 32 EE E8 D8 94  U... ......2....
0070: 2F 8A 58 55 30 90 4A A7   D1 88 3B C4 6E 4B 29 2A  /.XU0.J...;.nK)*

]
***
*** Diffie-Hellman ServerKeyExchange
DH Modulus:  { 233, 230, 66, 89, 157, 53, 95, 55, 201, 127, 253, 53, 103, 18, 11, 142, 37, 201, 205, 67, 233, 39, 179, 169, 103, 15, 190, 197, 216, 144, 20, 25, 34, 210, 195, 179, 173, 36, 128, 9, 55, 153, 134, 157, 30, 132, 106, 171, 73, 250, 176, 173, 38, 210, 206, 106, 34, 33, 157, 71, 11, 206, 125, 119, 125, 74, 33, 251, 233, 194, 112, 181, 127, 96, 112, 2, 243, 206, 248, 57, 54, 148, 207, 69, 238, 54, 136, 193, 26, 140, 86, 171, 18, 122, 61, 175 }
DH Base:  { 48, 71, 10, 213, 160, 5, 251, 20, 206, 45, 157, 205, 135, 227, 139, 199, 209, 177, 197, 250, 203, 174, 203, 233, 95, 25, 10, 167, 163, 29, 35, 196, 219, 188, 190, 6, 23, 69, 68, 64, 26, 91, 44, 2, 9, 101, 216, 194, 189, 33, 113, 211, 102, 132, 69, 119, 31, 116, 186, 8, 77, 32, 41, 216, 60, 28, 21, 133, 71, 243, 169, 241, 162, 113, 91, 226, 61, 81, 174, 77, 62, 90, 31, 106, 112, 100, 243, 22, 147, 58, 52, 109, 63, 82, 146, 82 }
Server DH Public Key:  { 223, 130, 204, 208, 52, 175, 11, 85, 214, 72, 110, 90, 77, 68, 217, 136, 237, 178, 54, 164, 253, 209, 6, 158, 45, 31, 163, 85, 50, 239, 30, 8, 182, 172, 102, 95, 13, 100, 82, 42, 208, 217, 211, 182, 60, 83, 105, 182, 33, 25, 180, 69, 90, 92, 193, 127, 207, 7, 224, 113, 107, 150, 106, 20, 38, 190, 185, 60, 47, 69, 155, 242, 29, 51, 230, 214, 149, 167, 250, 125, 42, 158, 148, 136, 202, 227, 159, 250, 160, 191, 193, 10, 192, 73, 235, 70 }
Signed with a DSA or RSA public key
*** ServerHelloDone
[write] MD5 and SHA1 hashes:  len = 1122
0000: 02 00 00 4D 03 01 4E 82   02 10 DE FC 8F 56 BB 59  ...M..N......V.Y
0010: D6 76 3F F2 25 87 F9 9D   ED 44 59 B7 CF 23 D6 A5  .v?.%....DY..#..
0020: 9E EC F7 C6 23 7F 20 4E   82 02 10 0D 13 88 E4 BF  ....#. N........
0030: 40 B5 5A 72 32 19 52 04   F3 21 F5 F0 34 D4 98 83  @.Zr2.R..!..4...
0040: 21 4B 57 E9 D7 73 28 00   33 00 00 05 FF 01 00 01  !KW..s(.3.......
0050: 00 0B 00 02 5D 00 02 5A   00 02 57 30 82 02 53 30  ....]..Z..W0..S0
0060: 82 01 BC A0 03 02 01 02   02 04 4E 80 F9 46 30 0D  ..........N..F0.
0070: 06 09 2A 86 48 86 F7 0D   01 01 05 05 00 30 6E 31  ..*.H........0n1
0080: 10 30 0E 06 03 55 04 06   13 07 55 6E 6B 6E 6F 77  .0...U....Unknow
0090: 6E 31 10 30 0E 06 03 55   04 08 13 07 55 6E 6B 6E  n1.0...U....Unkn
00A0: 6F 77 6E 31 10 30 0E 06   03 55 04 07 13 07 55 6E  own1.0...U....Un
00B0: 6B 6E 6F 77 6E 31 10 30   0E 06 03 55 04 0A 13 07  known1.0...U....
00C0: 55 6E 6B 6E 6F 77 6E 31   10 30 0E 06 03 55 04 0B  Unknown1.0...U..
00D0: 13 07 55 6E 6B 6E 6F 77   6E 31 12 30 10 06 03 55  ..Unknown1.0...U
00E0: 04 03 13 09 6C 6F 63 61   6C 68 6F 73 74 30 1E 17  ....localhost0..
00F0: 0D 31 31 30 39 32 36 32   32 31 34 33 30 5A 17 0D  .110926221430Z..
0100: 31 31 31 32 32 35 32 32   31 34 33 30 5A 30 6E 31  111225221430Z0n1
0110: 10 30 0E 06 03 55 04 06   13 07 55 6E 6B 6E 6F 77  .0...U....Unknow
0120: 6E 31 10 30 0E 06 03 55   04 08 13 07 55 6E 6B 6E  n1.0...U....Unkn
0130: 6F 77 6E 31 10 30 0E 06   03 55 04 07 13 07 55 6E  own1.0...U....Un
0140: 6B 6E 6F 77 6E 31 10 30   0E 06 03 55 04 0A 13 07  known1.0...U....
0150: 55 6E 6B 6E 6F 77 6E 31   10 30 0E 06 03 55 04 0B  Unknown1.0...U..
0160: 13 07 55 6E 6B 6E 6F 77   6E 31 12 30 10 06 03 55  ..Unknown1.0...U
0170: 04 03 13 09 6C 6F 63 61   6C 68 6F 73 74 30 81 9F  ....localhost0..
0180: 30 0D 06 09 2A 86 48 86   F7 0D 01 01 01 05 00 03  0...*.H.........
0190: 81 8D 00 30 81 89 02 81   81 00 D6 72 C5 3F 68 BE  ...0.......r.?h.
01A0: C7 2A 8E 24 13 EB 54 C4   16 49 68 A0 1C 1F 4D 26  .*.$..T..Ih...M&
01B0: E6 C5 A1 EC 63 4E EF B6   49 A2 26 8A 2B 47 D1 A5  ....cN..I.&.+G..
01C0: ED 4C F0 61 15 AE E0 AA   20 7B 59 6C 42 4B A8 3D  .L.a.... .YlBK.=
01D0: 8A DC 0F E9 B2 67 2C 74   F8 22 F3 00 40 17 40 11  .....g,t."..@.@.
01E0: A5 8E 9F 0D 9C 7D 7B 0A   57 7F EC 29 2E 74 83 27  ........W..).t.'
01F0: 9C 3D BF 9E 23 74 C5 FC   95 6C B9 0B 3B 33 DB AE  .=..#t...l..;3..
0200: A2 F3 2C 35 8A EB 57 F6   5B 97 73 88 F0 BF 06 AD  ..,5..W.[.s.....
0210: F7 E0 58 6A 0E 66 36 16   DF D9 02 03 01 00 01 30  ..Xj.f6........0
0220: 0D 06 09 2A 86 48 86 F7   0D 01 01 05 05 00 03 81  ...*.H..........
0230: 81 00 11 71 DF 8F 2B 4C   8C 3A 43 2F 91 49 FB 2E  ...q..+L.:C/.I..
0240: 45 41 B9 0D 9A E7 A9 48   36 FC BC 87 E4 F2 7E 4C  EA.....H6......L
0250: BE EB 0C E0 36 D2 67 0C   C7 0D D2 69 5E D7 65 93  ....6.g....i^.e.
0260: F6 FE 48 1B 63 00 75 E5   96 AE E5 82 BA ED 50 07  ..H.c.u.......P.
0270: 26 90 42 E1 CF 33 3F 84   A7 75 18 C0 0B 96 C3 E4  &.B..3?..u......
0280: B4 FA AA AE 91 D2 48 E8   38 70 CA 60 E7 BC 19 EA  ......H.8p.`....
0290: 0D 76 55 B4 B7 D6 20 ED   F3 C6 CE 8F 88 32 EE E8  .vU... ......2..
02A0: D8 94 2F 8A 58 55 30 90   4A A7 D1 88 3B C4 6E 4B  ../.XU0.J...;.nK
02B0: 29 2A 0C 00 01 A8 00 60   E9 E6 42 59 9D 35 5F 37  )*.....`..BY.5_7
02C0: C9 7F FD 35 67 12 0B 8E   25 C9 CD 43 E9 27 B3 A9  ...5g...%..C.'..
02D0: 67 0F BE C5 D8 90 14 19   22 D2 C3 B3 AD 24 80 09  g......."....$..
02E0: 37 99 86 9D 1E 84 6A AB   49 FA B0 AD 26 D2 CE 6A  7.....j.I...&..j
02F0: 22 21 9D 47 0B CE 7D 77   7D 4A 21 FB E9 C2 70 B5  "!.G...w.J!...p.
0300: 7F 60 70 02 F3 CE F8 39   36 94 CF 45 EE 36 88 C1  .`p....96..E.6..
0310: 1A 8C 56 AB 12 7A 3D AF   00 60 30 47 0A D5 A0 05  ..V..z=..`0G....
0320: FB 14 CE 2D 9D CD 87 E3   8B C7 D1 B1 C5 FA CB AE  ...-............
0330: CB E9 5F 19 0A A7 A3 1D   23 C4 DB BC BE 06 17 45  .._.....#......E
0340: 44 40 1A 5B 2C 02 09 65   D8 C2 BD 21 71 D3 66 84  D@.[,..e...!q.f.
0350: 45 77 1F 74 BA 08 4D 20   29 D8 3C 1C 15 85 47 F3  Ew.t..M ).<...G.
0360: A9 F1 A2 71 5B E2 3D 51   AE 4D 3E 5A 1F 6A 70 64  ...q[.=Q.M>Z.jpd
0370: F3 16 93 3A 34 6D 3F 52   92 52 00 60 DF 82 CC D0  ...:4m?R.R.`....
0380: 34 AF 0B 55 D6 48 6E 5A   4D 44 D9 88 ED B2 36 A4  4..U.HnZMD....6.
0390: FD D1 06 9E 2D 1F A3 55   32 EF 1E 08 B6 AC 66 5F  ....-..U2.....f_
03A0: 0D 64 52 2A D0 D9 D3 B6   3C 53 69 B6 21 19 B4 45  .dR*....<Si.!..E
03B0: 5A 5C C1 7F CF 07 E0 71   6B 96 6A 14 26 BE B9 3C  Z\.....qk.j.&..<
03C0: 2F 45 9B F2 1D 33 E6 D6   95 A7 FA 7D 2A 9E 94 88  /E...3......*...
03D0: CA E3 9F FA A0 BF C1 0A   C0 49 EB 46 00 80 17 76  .........I.F...v
03E0: 7D D7 E4 0E D7 D5 6E 5B   0A B3 C5 DA 92 13 20 1E  ......n[...... .
03F0: 4A D7 A3 07 C4 2B DA F8   ED 13 48 3A 6B 39 4E 5F  J....+....H:k9N_
0400: 1B 01 A3 A1 47 AB 65 21   D3 62 7B D3 01 7D AF C5  ....G.e!.b......
0410: B2 D0 C0 A1 CB 04 DA C3   82 4F DA 16 5C 7D A6 BD  .........O..\...
0420: 48 6F 8C E9 E0 FF A0 E9   BF 44 16 4B 33 E1 DA 70  Ho.......D.K3..p
0430: 75 3C EE E5 9D 50 BE 17   56 E7 50 D6 E5 EF 29 6F  u<...P..V.P...)o
0440: 66 A0 45 6D 91 CA D5 97   72 15 BD F7 8D 98 65 35  f.Em....r.....e5
0450: 87 52 35 FB D6 43 42 5D   90 C6 36 EB E6 8A 0E 00  .R5..CB]..6.....
0460: 00 00                                              ..
main, WRITE: TLSv1 Handshake, length = 1122
[Raw write]: length = 1127
0000: 16 03 01 04 62 02 00 00   4D 03 01 4E 82 02 10 DE  ....b...M..N....
0010: FC 8F 56 BB 59 D6 76 3F   F2 25 87 F9 9D ED 44 59  ..V.Y.v?.%....DY
0020: B7 CF 23 D6 A5 9E EC F7   C6 23 7F 20 4E 82 02 10  ..#......#. N...
0030: 0D 13 88 E4 BF 40 B5 5A   72 32 19 52 04 F3 21 F5  .....@.Zr2.R..!.
0040: F0 34 D4 98 83 21 4B 57   E9 D7 73 28 00 33 00 00  .4...!KW..s(.3..
0050: 05 FF 01 00 01 00 0B 00   02 5D 00 02 5A 00 02 57  .........]..Z..W
0060: 30 82 02 53 30 82 01 BC   A0 03 02 01 02 02 04 4E  0..S0..........N
0070: 80 F9 46 30 0D 06 09 2A   86 48 86 F7 0D 01 01 05  ..F0...*.H......
0080: 05 00 30 6E 31 10 30 0E   06 03 55 04 06 13 07 55  ..0n1.0...U....U
0090: 6E 6B 6E 6F 77 6E 31 10   30 0E 06 03 55 04 08 13  nknown1.0...U...
00A0: 07 55 6E 6B 6E 6F 77 6E   31 10 30 0E 06 03 55 04  .Unknown1.0...U.
00B0: 07 13 07 55 6E 6B 6E 6F   77 6E 31 10 30 0E 06 03  ...Unknown1.0...
00C0: 55 04 0A 13 07 55 6E 6B   6E 6F 77 6E 31 10 30 0E  U....Unknown1.0.
00D0: 06 03 55 04 0B 13 07 55   6E 6B 6E 6F 77 6E 31 12  ..U....Unknown1.
00E0: 30 10 06 03 55 04 03 13   09 6C 6F 63 61 6C 68 6F  0...U....localho
00F0: 73 74 30 1E 17 0D 31 31   30 39 32 36 32 32 31 34  st0...1109262214
0100: 33 30 5A 17 0D 31 31 31   32 32 35 32 32 31 34 33  30Z..11122522143
0110: 30 5A 30 6E 31 10 30 0E   06 03 55 04 06 13 07 55  0Z0n1.0...U....U
0120: 6E 6B 6E 6F 77 6E 31 10   30 0E 06 03 55 04 08 13  nknown1.0...U...
0130: 07 55 6E 6B 6E 6F 77 6E   31 10 30 0E 06 03 55 04  .Unknown1.0...U.
0140: 07 13 07 55 6E 6B 6E 6F   77 6E 31 10 30 0E 06 03  ...Unknown1.0...
0150: 55 04 0A 13 07 55 6E 6B   6E 6F 77 6E 31 10 30 0E  U....Unknown1.0.
0160: 06 03 55 04 0B 13 07 55   6E 6B 6E 6F 77 6E 31 12  ..U....Unknown1.
0170: 30 10 06 03 55 04 03 13   09 6C 6F 63 61 6C 68 6F  0...U....localho
0180: 73 74 30 81 9F 30 0D 06   09 2A 86 48 86 F7 0D 01  st0..0...*.H....
0190: 01 01 05 00 03 81 8D 00   30 81 89 02 81 81 00 D6  ........0.......
01A0: 72 C5 3F 68 BE C7 2A 8E   24 13 EB 54 C4 16 49 68  r.?h..*.$..T..Ih
01B0: A0 1C 1F 4D 26 E6 C5 A1   EC 63 4E EF B6 49 A2 26  ...M&....cN..I.&
01C0: 8A 2B 47 D1 A5 ED 4C F0   61 15 AE E0 AA 20 7B 59  .+G...L.a.... .Y
01D0: 6C 42 4B A8 3D 8A DC 0F   E9 B2 67 2C 74 F8 22 F3  lBK.=.....g,t.".
01E0: 00 40 17 40 11 A5 8E 9F   0D 9C 7D 7B 0A 57 7F EC  .@.@.........W..
01F0: 29 2E 74 83 27 9C 3D BF   9E 23 74 C5 FC 95 6C B9  ).t.'.=..#t...l.
0200: 0B 3B 33 DB AE A2 F3 2C   35 8A EB 57 F6 5B 97 73  .;3....,5..W.[.s
0210: 88 F0 BF 06 AD F7 E0 58   6A 0E 66 36 16 DF D9 02  .......Xj.f6....
0220: 03 01 00 01 30 0D 06 09   2A 86 48 86 F7 0D 01 01  ....0...*.H.....
0230: 05 05 00 03 81 81 00 11   71 DF 8F 2B 4C 8C 3A 43  ........q..+L.:C
0240: 2F 91 49 FB 2E 45 41 B9   0D 9A E7 A9 48 36 FC BC  /.I..EA.....H6..
0250: 87 E4 F2 7E 4C BE EB 0C   E0 36 D2 67 0C C7 0D D2  ....L....6.g....
0260: 69 5E D7 65 93 F6 FE 48   1B 63 00 75 E5 96 AE E5  i^.e...H.c.u....
0270: 82 BA ED 50 07 26 90 42   E1 CF 33 3F 84 A7 75 18  ...P.&.B..3?..u.
0280: C0 0B 96 C3 E4 B4 FA AA   AE 91 D2 48 E8 38 70 CA  ...........H.8p.
0290: 60 E7 BC 19 EA 0D 76 55   B4 B7 D6 20 ED F3 C6 CE  `.....vU... ....
02A0: 8F 88 32 EE E8 D8 94 2F   8A 58 55 30 90 4A A7 D1  ..2..../.XU0.J..
02B0: 88 3B C4 6E 4B 29 2A 0C   00 01 A8 00 60 E9 E6 42  .;.nK)*.....`..B
02C0: 59 9D 35 5F 37 C9 7F FD   35 67 12 0B 8E 25 C9 CD  Y.5_7...5g...%..
02D0: 43 E9 27 B3 A9 67 0F BE   C5 D8 90 14 19 22 D2 C3  C.'..g......."..
02E0: B3 AD 24 80 09 37 99 86   9D 1E 84 6A AB 49 FA B0  ..$..7.....j.I..
02F0: AD 26 D2 CE 6A 22 21 9D   47 0B CE 7D 77 7D 4A 21  .&..j"!.G...w.J!
0300: FB E9 C2 70 B5 7F 60 70   02 F3 CE F8 39 36 94 CF  ...p..`p....96..
0310: 45 EE 36 88 C1 1A 8C 56   AB 12 7A 3D AF 00 60 30  E.6....V..z=..`0
0320: 47 0A D5 A0 05 FB 14 CE   2D 9D CD 87 E3 8B C7 D1  G.......-.......
0330: B1 C5 FA CB AE CB E9 5F   19 0A A7 A3 1D 23 C4 DB  ......._.....#..
0340: BC BE 06 17 45 44 40 1A   5B 2C 02 09 65 D8 C2 BD  ....ED@.[,..e...
0350: 21 71 D3 66 84 45 77 1F   74 BA 08 4D 20 29 D8 3C  !q.f.Ew.t..M ).<
0360: 1C 15 85 47 F3 A9 F1 A2   71 5B E2 3D 51 AE 4D 3E  ...G....q[.=Q.M>
0370: 5A 1F 6A 70 64 F3 16 93   3A 34 6D 3F 52 92 52 00  Z.jpd...:4m?R.R.
0380: 60 DF 82 CC D0 34 AF 0B   55 D6 48 6E 5A 4D 44 D9  `....4..U.HnZMD.
0390: 88 ED B2 36 A4 FD D1 06   9E 2D 1F A3 55 32 EF 1E  ...6.....-..U2..
03A0: 08 B6 AC 66 5F 0D 64 52   2A D0 D9 D3 B6 3C 53 69  ...f_.dR*....<Si
03B0: B6 21 19 B4 45 5A 5C C1   7F CF 07 E0 71 6B 96 6A  .!..EZ\.....qk.j
03C0: 14 26 BE B9 3C 2F 45 9B   F2 1D 33 E6 D6 95 A7 FA  .&..</E...3.....
03D0: 7D 2A 9E 94 88 CA E3 9F   FA A0 BF C1 0A C0 49 EB  .*............I.
03E0: 46 00 80 17 76 7D D7 E4   0E D7 D5 6E 5B 0A B3 C5  F...v......n[...
03F0: DA 92 13 20 1E 4A D7 A3   07 C4 2B DA F8 ED 13 48  ... .J....+....H
0400: 3A 6B 39 4E 5F 1B 01 A3   A1 47 AB 65 21 D3 62 7B  :k9N_....G.e!.b.
0410: D3 01 7D AF C5 B2 D0 C0   A1 CB 04 DA C3 82 4F DA  ..............O.
0420: 16 5C 7D A6 BD 48 6F 8C   E9 E0 FF A0 E9 BF 44 16  .\...Ho.......D.
0430: 4B 33 E1 DA 70 75 3C EE   E5 9D 50 BE 17 56 E7 50  K3..pu<...P..V.P
0440: D6 E5 EF 29 6F 66 A0 45   6D 91 CA D5 97 72 15 BD  ...)of.Em....r..
0450: F7 8D 98 65 35 87 52 35   FB D6 43 42 5D 90 C6 36  ...e5.R5..CB]..6
0460: EB E6 8A 0E 00 00 00                               .......
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT:  fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28                               ......(
main, called closeSocket()
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
    at java.io.OutputStream.write(OutputStream.java:58)
    at Server.main(Server.java:44)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
    ... 5 more

It appears something went horribly wrong after Server Hello Done. Although, at the moment, I have no idea what to do about it. Any suggestions?

Update: I ran the debug test from http://prefetch.net/articles/debuggingssl.html, and everything looked fine. I'm beginning to suspect a bad SSL implementation in Chrome.

Update: I ran this Server on Windows XP, and Chrome worked beautifully. However, I want to get it working in Linux (Ubuntu). That is where I have the troubles. Also, I have to revise all my previous statements about IE working. It gives me the self signed warning, but when I say its OK, IE tells me it can't render the page. The IE problems occur on both Windows and Linux. Still looking for answers.

SOLVED See my answer below.

回答1:

WooHoo! I finally figured this one out. After long, frustrating hours of searching the Intarwebz, I found documentation on this hidden Java library in J2SE 6+.

com.sun.net.httpserver

This implementation simply negotiates the SSL handshake and returns the request as plain text:

import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsExchange;
import com.sun.net.httpserver.HttpsParameters;
import com.sun.net.httpserver.HttpsServer;

import java.io.FileInputStream;
import java.io.InputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.util.concurrent.Executor;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;

public class HTTPS {
  public static void main(String[] args) throws Exception {
    KeyStore ks = KeyStore.getInstance("JKS");  
    ks.load(new FileInputStream("server.jks"), "123456".toCharArray());

    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, "123456".toCharArray());

    SSLContext context = SSLContext.getInstance("TLS");
    context.init(kmf.getKeyManagers(), null, null);

    final HttpsServer server = HttpsServer.create(new InetSocketAddress("localhost", 8443), 10);

    server.createContext("/", new HttpHandler() {
      public void handle(HttpExchange xchng) throws IOException {
        HttpsExchange exchange = (HttpsExchange) xchng;

        String ret = "";
        ret += exchange.getRequestMethod() + " " + exchange.getRequestURI() + " " + exchange.getProtocol() + "\n";

        Headers headers = exchange.getRequestHeaders();
        if (!headers.isEmpty()) {
          ret += "\n";
          for (String key : headers.keySet()) {
            ret += key + ": ";
            boolean semiColon = false;
            for (String value : headers.get(key)) {
              if (semiColon) {
                ret += "; ";
              }

              ret += value;
              semiColon = true;
            }

            ret += "\n";
          }
        }

        if (headers.get("Content-Length") != null) {
          InputStream in = exchange.getRequestBody();
          ret += "\n";
          int i;
          while ((i = in.read()) != -1) {
            ret += String.valueOf((char) i);
          }
        }

        headers = exchange.getResponseHeaders();
        headers.set("Content-Type", "text/plain");

        exchange.sendResponseHeaders(200, ret.length());

        OutputStream out = exchange.getResponseBody();
        out.write(ret.getBytes());

        exchange.close();
      }
    });

    server.setHttpsConfigurator(new HttpsConfigurator(context) {
      public void configure(HttpsParameters params) {

      }
    });

    server.setExecutor(new Executor() {
      public void execute(Runnable command) {
        new Thread(command).start();
      }
    });

    server.start();

    /*
     * In a real app:
     *
     * public class ServerShutdownHook extends Thread {
     *   HttpServer server;
     *   int        seconds;
     *
     *   public ServerShutdownHook(HttpServer server, int seconds) {
     *     this.server  = server;
     *     this.seconds = seconds;
     *   }
     *
     *   public void run() {
     *     System.out.println("Server shutting down.  Waiting " + this.seconds + " seconds for exchanges to complete.");
     *     server.stop(this.seconds);
     *   }
     * }
     *
     * Runtime.getRuntime().addShutdownHook(new ServerShutdownHook(server, 3));
     */
    Runtime.getRuntime().addShutdownHook(new Thread() {
      public void run() {
        System.out.println("Server shutting down.  Waiting 3 seconds for exchanges to complete.");
        server.stop(3);
      }
    });
  }
}

I tested this on my Ubuntu box and it works for the following browsers:

  • Chrome
  • Firefox
  • Opera
  • Mobile Safari (iPhone4)
  • Safari
  • IE


回答2:

I suspect there is a firewall in the way that dropped the connection for some reason, or an inbound or outbound proxy. You may need to sniff the network packet exchange.



回答3:

In my case there was a big hassle with supported ciphers and at the end it turned out that the order of them is important (the most desired by server on the very bottom - then the less wished above and so on...). You can figure out what is the wish list by checking https://www.ssllabs.com/ssltest Also you might have to patch your jdk with JCE (http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html) Although jdk 8 should have the latest ciphers included and enabled accourding to the documentation (https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider)

private static final String TLS_PROTOCOL_1_2 = "TLSv1.2";
    private static final String TLS_PROTOCOL_1_1 = "TLSv1.1";
    private static final String TLS_PROTOCOL_3 = "SSLv3";
    private static final String TLS_RSA_WITH_AES_256_CBC_SHA ="TLS_RSA_WITH_AES_256_CBC_SHA";
    private static final String TLS_RSA_WITH_AES_256_CBC_SHA256 ="TLS_RSA_WITH_AES_256_CBC_SHA256";
    private static final String TLS_RSA_WITH_AES_256_GCM_SHA384 = "TLS_RSA_WITH_AES_256_GCM_SHA384";
    private static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
    private static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
    private static final String AUTHORIZATION = "Basic Zmlkb3I6d2lyIWJhbmsk";

    @Override
    public HttpURLConnection openSecureConnection(String path) throws IOException, KeyManagementException, NoSuchAlgorithmException {
        URL url = new URL(baseUrl+path);
        SSLContext sslContext = SSLContext.getInstance(TLS_PROTOCOL_1_2);

        TrustManager[] trustAllCerts = new TrustManager[] {
                new X509TrustManager() {
                    public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
                    }
                    public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
                    }
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                }
        };

        sslContext.init(null, trustAllCerts, new  java.security.SecureRandom());
        final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
        HttpsURLConnection con = (HttpsURLConnection) url.openConnection();

        con.setSSLSocketFactory(sslSocketFactory);
        con.setDoOutput(true);
        con.setConnectTimeout(getTimeout());
        con.setReadTimeout(getTimeout());
        //set server-prefered cipher suits
        SSLServerSocket soc = (SSLServerSocket)sslContext.getServerSocketFactory().createServerSocket();
        soc.setEnabledProtocols(new String[]{TLS_PROTOCOL_3, TLS_PROTOCOL_1_2, TLS_PROTOCOL_1_1});
        soc.setEnabledCipherSuites(new String[] {
                TLS_RSA_WITH_AES_256_CBC_SHA,
                TLS_RSA_WITH_AES_256_CBC_SHA256,
                TLS_RSA_WITH_AES_256_GCM_SHA384,
                TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
        });

        return con;
    }

For jdk 1.7 is it important to add VM option "-Dhttps.protocols=TLSv1.1,TLSv1.2"



标签: java google-chrome ssl
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~