javax.net.ssl.SSLException: Received fatal alert:

2019-01-05 04:25发布

站内问答 / Java
1085 8 4

Has anyone encountered this error before? I'm new to SSL, is there anything obviously wrong with my ClientHello that I'm missing? That exception is thrown with no ServerHello response. Any advice is appreciated.

*** ClientHello, TLSv1
RandomCookie:  GMT: 1351745496 bytes = { 154, 151, 225, 128, 127, 137, 198, 245, 160, 35, 124, 13, 135, 120, 33, 240, 82, 223, 56, 25, 207, 231, 231, 124, 103, 205, 66, 218 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
***
[write] MD5 and SHA1 hashes:  len = 75
0000: 01 00 00 47 03 01 51 92   00 D8 9A 97 E1 80 7F 89  ...G..Q.........
0010: C6 F5 A0 23 7C 0D 87 78   21 F0 52 DF 38 19 CF E7  ...#...x!.R.8...
0020: E7 7C 67 CD 42 DA 00 00   20 00 04 00 05 00 2F 00  ..g.B... ...../.
0030: 33 00 32 00 0A 00 16 00   13 00 09 00 15 00 12 00  3.2.............
0040: 03 00 08 00 14 00 11 00   FF 01 00                 ...........
xxx, WRITE: TLSv1 Handshake, length = 75
[write] MD5 and SHA1 hashes:  len = 101
0000: 01 03 01 00 3C 00 00 00   20 00 00 04 01 00 80 00  ....<... .......
0010: 00 05 00 00 2F 00 00 33   00 00 32 00 00 0A 07 00  ..../..3..2.....
0020: C0 00 00 16 00 00 13 00   00 09 06 00 40 00 00 15  ............@...
0030: 00 00 12 00 00 03 02 00   80 00 00 08 00 00 14 00  ................
0040: 00 11 00 00 FF 51 92 00   D8 9A 97 E1 80 7F 89 C6  .....Q..........
0050: F5 A0 23 7C 0D 87 78 21   F0 52 DF 38 19 CF E7 E7  ..#...x!.R.8....
0060: 7C 67 CD 42 DA                                     .g.B.
xxx, WRITE: SSLv2 client hello message, length = 101
[Raw write]: length = 103
0000: 80 65 01 03 01 00 3C 00   00 00 20 00 00 04 01 00  .e....<... .....
0010: 80 00 00 05 00 00 2F 00   00 33 00 00 32 00 00 0A  ....../..3..2...
0020: 07 00 C0 00 00 16 00 00   13 00 00 09 06 00 40 00  ..............@.
0030: 00 15 00 00 12 00 00 03   02 00 80 00 00 08 00 00  ................
0040: 14 00 00 11 00 00 FF 51   92 00 D8 9A 97 E1 80 7F  .......Q........
0050: 89 C6 F5 A0 23 7C 0D 87   78 21 F0 52 DF 38 19 CF  ....#...x!.R.8..
0060: E7 E7 7C 67 CD 42 DA                               ...g.B.
[Raw read]: length = 5
0000: 15 03 01 00 02                                     .....
[Raw read]: length = 2
0000: 02 46                                              .F

{http://xml.apache.org/axis/}stackTrace:

javax.net.ssl.SSLException: Received fatal alert: protocol_version
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1806)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:986)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at

...

标签: java ssl jsse
举报
8条回答
叛逆
2楼-- · 2019-01-05 04:27

This is due to the fact that you send a TLSv1 handshake, but then you send a message using SSLv2 protocol;

xxx, WRITE: TLSv1 Handshake, length = 75
xxx, WRITE: SSLv2 client hello message, length = 101

This means that the server expects the TLSv1 protocol to be used and will not accept the connection. Try specifying which protocol to use, or post some relevant code so we can have a look

查看更多
0人赞 添加讨论(0) 举报
三岁会撩人
3楼-- · 2019-01-05 04:28

@marioosh added some extra information regarding cipher suite encryption .

A cipher suite is a collection of symmetric and asymmetric encryption algorithms used by hosts to establish a secure communication in Transport Layer Security (TLS) / Secure Sockets Layer (SSL) network protocol.
Ciphers are algorithms, more specifically they’re a set of steps for both performing encryption as well as the corresponding decryption.

A cipher suite specifies one algorithm for each of the following tasks:

  • Key exchange
  • Bulk encryption
  • Message authentication

SocketFactory « Default handshaking protocols « To avoid SSLException use https.protocols system property.
This contains a comma-separated list of protocol suite names specifying which protocol suites to enable on this HttpsURLConnection. See the SSLSocket.setEnabledProtocols(String[]) method.

System.setProperty("https.protocols", "SSLv3");
// (OR)
System.setProperty("https.protocols", "TLSv1");

JAVA8 « TLS 1.1 and TLS 1.2 Enabled by Default: The SunJSSE provider enables the protocols TLS 1.1 and TLS 1.2 on the client by default.

System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");

Example for Java8 Network File:

public class SecureSocket {
    static {
        // System.setProperty("javax.net.debug", "all");
        System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");
    }
    public static void main(String[] args) {
        String GhitHubSSLFile = "https://raw.githubusercontent.com/Yash-777/SeleniumWebDrivers/master/pom.xml";
        try {
            String str = readCloudFileAsString(GhitHubSSLFile);
                    // new String(Files.readAllBytes(Paths.get( "D:/Sample.file" )));

            System.out.println("Cloud File Data : "+ str);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    public static String readCloudFileAsString( String urlStr ) throws java.io.IOException {
        if( urlStr != null && urlStr != "" ) {
            java.io.InputStream s = null;
            String content = null;
            try {
                URL url = new URL( urlStr );
                s = (java.io.InputStream) url.getContent();
                content = IOUtils.toString(s, "UTF-8");
            } finally {
                if (s != null) s.close(); 
            }
            return content.toString();
        }
        return null;
    }
}
JDK 8 Security You can customize some aspects of JSSE by setting system properties, By Specifying the below property you can check the encryption data from the file. 
System.setProperty("javax.net.debug", "all");

Exception

javax.net.ssl.SSLException: Received fatal alert: protocol_version

If handshaking fails for any reason, the SSLSocket is closed, and no further communications can be done.

Observer LOG Sample for the above example:

*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1505482843 bytes = { 12, 11, 111, 99, 8, 177, 101, 27, 84, 176, 147, 215, 116, 208, 31, 178, 141, 170, 29, 118, 29, 192, 61, 191, 53, 201, 127, 100 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [host_name: raw.githubusercontent.com]
***
[write] MD5 and SHA1 hashes:  len = 213
0000: 01 00 00 D1 03 03 5A BC   D8 5B 0C 0B 6F 63 08 B1  ......Z..[..oc..
0010: 65 1B 54 B0 93 D7 74 D0   1F B2 8D AA 1D 76 1D C0  e.T...t......v..
0020: 3D BF 35 C9 7F 64 00 00   2A C0 09 C0 13 00 2F C0  =.5..d..*...../.
0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........
0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................
0050: 04 00 FF 01 00 00 7E 00   0A 00 34 00 32 00 17 00  ..........4.2...
0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................
0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................
0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................
0090: 0B 00 02 01 00 00 0D 00   1A 00 18 06 03 06 01 05  ................
00A0: 03 05 01 04 03 04 01 03   03 03 01 02 03 02 01 02  ................
00B0: 02 01 01 00 00 00 1E 00   1C 00 00 19 72 61 77 2E  ............raw.
00C0: 67 69 74 68 75 62 75 73   65 72 63 6F 6E 74 65 6E  githubuserconten
00D0: 74 2E 63 6F 6D                                     t.com
main, WRITE: TLSv1.2 Handshake, length = 213
[Raw write]: length = 218
0000: 16 03 03 00 D5 01 00 00   D1 03 03 5A BC D8 5B 0C  ...........Z..[.
0010: 0B 6F 63 08 B1 65 1B 54   B0 93 D7 74 D0 1F B2 8D  .oc..e.T...t....
0020: AA 1D 76 1D C0 3D BF 35   C9 7F 64 00 00 2A C0 09  ..v..=.5..d..*..
0030: C0 13 00 2F C0 04 C0 0E   00 33 00 32 C0 08 C0 12  .../.....3.2....
0040: 00 0A C0 03 C0 0D 00 16   00 13 C0 07 C0 11 00 05  ................
0050: C0 02 C0 0C 00 04 00 FF   01 00 00 7E 00 0A 00 34  ...............4
0060: 00 32 00 17 00 01 00 03   00 13 00 15 00 06 00 07  .2..............
0070: 00 09 00 0A 00 18 00 0B   00 0C 00 19 00 0D 00 0E  ................
0080: 00 0F 00 10 00 11 00 02   00 12 00 04 00 05 00 14  ................
0090: 00 08 00 16 00 0B 00 02   01 00 00 0D 00 1A 00 18  ................
00A0: 06 03 06 01 05 03 05 01   04 03 04 01 03 03 03 01  ................
00B0: 02 03 02 01 02 02 01 01   00 00 00 1E 00 1C 00 00  ................
00C0: 19 72 61 77 2E 67 69 74   68 75 62 75 73 65 72 63  .raw.githubuserc
00D0: 6F 6E 74 65 6E 74 2E 63   6F 6D                    ontent.com
[Raw read]: length = 5
0000: 16 03 03 00 5D                                     ....]

Cryptography and Secure Communication with whatsapp

whatsapp

@See

查看更多
0人赞 添加讨论(0) 举报
在下西门庆
4楼-- · 2019-01-05 04:32

On Java 1.8 default TLS protocol is v1.2. On Java 1.6 and 1.7 default is obsoleted TLS1.0. I get this error on Java 1.8, because url use old TLS1.0 (like Your - You see ClientHello, TLSv1). To resolve this error You need to use override defaults for Java 1.8.

System.setProperty("https.protocols", "TLSv1");

More info on the Oracle blog.

查看更多
0人赞 添加讨论(0) 举报
疯言疯语
5楼-- · 2019-01-05 04:35

I ran into this issue while trying to install a PySpark package. I got around the issue by changing the TLS version with an environment variable:

echo 'export JAVA_TOOL_OPTIONS="-Dhttps.protocols=TLSv1.2"' >> ~/.bashrc
source ~/.bashrc
查看更多
0人赞 添加讨论(0) 举报
神经病院院长
6楼-- · 2019-01-05 04:37

This seems like a protocol version mismatch, this exception normally happens when there is a mismatch between SSL protocol version used by the client and the server. your clients should use a proctocol version supported by the server.

查看更多
0人赞 添加讨论(0) 举报
Luminary・发光体
7楼-- · 2019-01-05 04:40

marioosh's answer seems to on the right track. It didn't work for me. So I found:

Problems connecting via HTTPS/SSL through own Java client

which uses:

java.lang.System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");

Which seems to be necessary with Java 7 and a TLSv1.2 site.

I checked the site with:

openssl s_client -connect www.st.nmfs.noaa.gov:443

using

openssl version
OpenSSL 1.0.2l  25 May 2017

and got the result:

...
SSL-Session:
   Protocol  : TLSv1.2
   Cipher    : ECDHE-RSA-AES256-GCM-SHA384
...

Please note that and older openssl version on my mac did not work and I had to use the macports one.

查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)