JDK11でのTLS1.3でのハンドシェイクの失敗
カルステン
JDK11でのTLS1.3の使用は、原則として機能します。ただし、2つの同時スレッドで接続が確立されるとすぐに、最初のハンドシェイクは両方で失敗します。
これは明らかに既知の問題であり、おそらく次の場所で修正されています。
この単純なJavaクラスを考えると
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class Main {
public static void main(String[] args) throws Exception {
Thread t1 = new Thread(Main::createAndUseSslSocket);
Thread t2 = new Thread(Main::createAndUseSslSocket);
t1.start();
t2.start();
do {
Thread.sleep(100);
} while (t1.isAlive() || t2.isAlive());
}
private static void createAndUseSslSocket() {
try (SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket("www.verisign.com", 443)) {
socket.startHandshake();
} catch (Exception e) {
System.err.println(e.getClass().getName() + " " + e.getMessage());
}
}
}
次のコマンドを実行する(私のWindows 10マシンで)
OpenJDKを使用します11.0.9.11-hotspot。これはおそらく修正されています。
"C:\Program Files\AdoptOpenJDK\jdk-11.0.9.11-hotspot/bin/javac" Main.java
"C:\Program Files\AdoptOpenJDK\jdk-11.0.9.11-hotspot/bin/java" -Djdk.tls.client.protocols="TLSv1.3" Main
または、OpenJDK 15.0.1.9-hotspot(今日の時点でAdoptOpenJDK.netで利用可能な「最新の」オプション)でさえ:
"C:\Program Files\AdoptOpenJDK\jdk-15.0.1.9-hotspot/bin/javac" Main.java
"C:\Program Files\AdoptOpenJDK\jdk-15.0.1.9-hotspot/bin/java" -Djdk.tls.client.protocols="TLSv1.3" Main
どちらも同じ出力を生成します
javax.net.ssl.SSLHandshakeException Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException Received fatal alert: handshake_failure
これは公式に修正されていますが、動作させることができないようです。
何が起きてる?
回避策はありますが、長期的には受け入れられません。
次のJVMプロパティを使用してTLS1.3を無効にします。
-Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
*編集:含めると出力が終了します-Djavax.net.debug=all(すべてを含めると、StackOverflowには140k文字が多すぎます。
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:993|keyStore is :
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:994|keyStore type is : pkcs12
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:996|keyStore provider is :
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:1031|init keystore
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:1054|init keymanager of type SunX509
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:44.850 CET|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.850 CET|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:44.862 CET|SSLConfiguration.java:458|System property jdk.tls.client.SignatureSchemes is set to 'null'
javax.net.ssl|WARNING|0F|Thread-1|2020-10-30 15:16:44.863 CET|SignatureScheme.java:282|Signature algorithm, ed25519, not supported by JSSE
javax.net.ssl|WARNING|0F|Thread-1|2020-10-30 15:16:44.863 CET|SignatureScheme.java:282|Signature algorithm, ed448, not supported by JSSE
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha256
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha256
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha1
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: rsa_md5
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha1
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: rsa_md5
javax.net.ssl|INFO|0E|Thread-0|2020-10-30 15:16:45.194 CET|AlpnExtension.java:165|No available application protocols
javax.net.ssl|INFO|0F|Thread-1|2020-10-30 15:16:45.194 CET|AlpnExtension.java:165|No available application protocols
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.194 CET|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.194 CET|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.195 CET|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.195 CET|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "D0 1B 63 ED D3 4E 05 5E 98 E1 6B 9D F8 32 81 14 43 D3 45 F7 0D D3 D6 20 98 35 DF 67 85 C9 A9 65",
"session id" : "44 52 47 AB 32 A6 FC C1 CA 78 A7 DE 32 AC F8 95 6C DF 68 07 0C C5 35 D4 44 ED 29 7A 2F C9 BE 1E",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=www.verisign.com
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: 4C 31 CF 53 D6 2D 6D 30 19 D3 7E 4E CD B6 6A E2 L1.S.-m0...N..j.
0010: 3A 49 0F C4 14 C2 53 FD 53 89 0D 7D 8F 4C AE 46 :I....S.S....L.F
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "3C 06 CA 04 F8 0F E4 E6 94 93 1F 48 A4 C0 84 27 76 7E D6 22 BB 62 B2 C6 CF FA A4 61 BE 02 04 E2",
"session id" : "C1 C4 8D 99 B0 57 69 D7 63 DC 78 26 7B 15 0B B1 F5 2E B9 50 52 22 F0 32 FB 63 C4 AA E4 FC E6 72",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=www.verisign.com
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: DF DF 74 F2 A7 A9 B5 EB 74 E4 26 DE F6 2B 82 27 ..t.....t.&..+.'
0010: C1 4E D8 16 91 CA CB F6 0B 91 EE C9 69 C6 4F 03 .N..........i.O.
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:258|WRITE: TLS13 handshake, length = 266
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:258|WRITE: TLS13 handshake, length = 266
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:272|Raw write (
0000: 16 03 03 01 0A 01 00 01 06 03 03 3C 06 CA 04 F8 ...........<....
0010: 0F E4 E6 94 93 1F 48 A4 C0 84 27 76 7E D6 22 BB ......H...'v..".
0020: 62 B2 C6 CF FA A4 61 BE 02 04 E2 20 C1 C4 8D 99 b.....a.... ....
0030: B0 57 69 D7 63 DC 78 26 7B 15 0B B1 F5 2E B9 50 .Wi.c.x&.......P
0040: 52 22 F0 32 FB 63 C4 AA E4 FC E6 72 00 06 13 02 R".2.c.....r....
0050: 13 01 13 03 01 00 00 B7 00 00 00 15 00 13 00 00 ................
0060: 10 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F .www.verisign.co
0070: 6D 00 05 00 05 01 00 00 00 00 00 0A 00 16 00 14 m...............
0080: 00 1D 00 17 00 18 00 19 00 1E 01 00 01 01 01 02 ................
0090: 01 03 01 04 00 0D 00 1E 00 1C 04 03 05 03 06 03 ................
00A0: 08 04 08 05 08 06 08 09 08 0A 08 0B 04 01 05 01 ................
00B0: 06 01 02 03 02 01 00 32 00 1E 00 1C 04 03 05 03 .......2........
00C0: 06 03 08 04 08 05 08 06 08 09 08 0A 08 0B 04 01 ................
00D0: 05 01 06 01 02 03 02 01 00 2B 00 03 02 03 04 00 .........+......
00E0: 2D 00 02 01 01 00 33 00 26 00 24 00 1D 00 20 DF -.....3.&.$... .
00F0: DF 74 F2 A7 A9 B5 EB 74 E4 26 DE F6 2B 82 27 C1 .t.....t.&..+.'.
0100: 4E D8 16 91 CA CB F6 0B 91 EE C9 69 C6 4F 03 N..........i.O.
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:272|Raw write (
0000: 16 03 03 01 0A 01 00 01 06 03 03 D0 1B 63 ED D3 .............c..
0010: 4E 05 5E 98 E1 6B 9D F8 32 81 14 43 D3 45 F7 0D N.^..k..2..C.E..
0020: D3 D6 20 98 35 DF 67 85 C9 A9 65 20 44 52 47 AB .. .5.g...e DRG.
0030: 32 A6 FC C1 CA 78 A7 DE 32 AC F8 95 6C DF 68 07 2....x..2...l.h.
0040: 0C C5 35 D4 44 ED 29 7A 2F C9 BE 1E 00 06 13 02 ..5.D.)z/.......
0050: 13 01 13 03 01 00 00 B7 00 00 00 15 00 13 00 00 ................
0060: 10 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F .www.verisign.co
0070: 6D 00 05 00 05 01 00 00 00 00 00 0A 00 16 00 14 m...............
0080: 00 1D 00 17 00 18 00 19 00 1E 01 00 01 01 01 02 ................
0090: 01 03 01 04 00 0D 00 1E 00 1C 04 03 05 03 06 03 ................
00A0: 08 04 08 05 08 06 08 09 08 0A 08 0B 04 01 05 01 ................
00B0: 06 01 02 03 02 01 00 32 00 1E 00 1C 04 03 05 03 .......2........
00C0: 06 03 08 04 08 05 08 06 08 09 08 0A 08 0B 04 01 ................
00D0: 05 01 06 01 02 03 02 01 00 2B 00 03 02 03 04 00 .........+......
00E0: 2D 00 02 01 01 00 33 00 26 00 24 00 1D 00 20 4C -.....3.&.$... L
00F0: 31 CF 53 D6 2D 6D 30 19 D3 7E 4E CD B6 6A E2 3A 1.S.-m0...N..j.:
0100: 49 0F C4 14 C2 53 FD 53 89 0D 7D 8F 4C AE 46 I....S.S....L.F
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
0000: 15 03 03 00 02 .....
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:214|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
0000: 02 28 .(
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:247|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
0000: 15 03 03 00 02 .....
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:214|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
0000: 02 28 .(
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:247|READ: TLSv1.2 alert, length = 2
javax.net.ssl|ERROR|0E|Thread-0|2020-10-30 15:16:45.372 CET|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:202)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1488)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1394)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412)
at Main.createAndUseSslSocket(Main.java:23)
at java.base/java.lang.Thread.run(Thread.java:832)}
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSessionImpl.java:1224|Invalidated session: Session(1604067404870|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|ERROR|0F|Thread-1|2020-10-30 15:16:45.372 CET|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:202)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1488)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1394)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412)
at Main.createAndUseSslSocket(Main.java:23)
at java.base/java.lang.Thread.run(Thread.java:832)}
)
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSessionImpl.java:1224|Invalidated session: Session(1604067404870|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1727|close the underlying socket
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1727|close the underlying socket
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1746|close the SSL connection (initiative)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1746|close the SSL connection (initiative)
rkosegi
それはあなたのせいではありません(JDK11でもありません)。
私は質問中の私のコメントであまりにも早く話しました、私が供給し-Djdk.tls.client.protocols="TLSv1.3"た場合、ローカルではあなたと同じように失敗します。
デバッグ出力を見ると、ハンドシェイクを拒否したのはサーバーです。
javax.net.ssl|DEBUG|0D|Thread-1|2020-10-30 15:30:52.829 CET|SSLSocketInputRecord.java:477|Raw read (
0000: 02 28 .(
)
使用opensslして強制TLS1.3すると、同じエラーで失敗します。
openssl s_client -connect www.verisign.com:443 -tls1_3
CONNECTED(00000003)
139777244485440:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
alert number 40これは28、Javaからのデバッグ出力に見られる16進数に対応することに注意してください。
つまりwww.verisign.com、TLS1.3で問題を抱えているのは誰ですか
あなたが例えばしようとすると www.google.comそれはうまく機能します
更新
SSL Labsのwww.verisign.com使用に対してオンラインテストを実行したところ、次のことが確認されました。
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
編集
関連記事
Related 関連記事
- 1
サーバハロー前にハンドシェイクの失敗
- 2
TLSv1ハンドシェイクの失敗
- 3
tls:streadway / amqpでRabbitMQのtlsを有効にするとハンドシェイクが失敗する
- 4
Open LibertyでのmpRestClient証明書認証ハンドシェイクの失敗
- 5
NGINXキャッシングプロキシがSSL23_GET_SERVER_HELLO:sslv3アラートハンドシェイクの失敗で失敗する
- 6
SSLルーチンで失敗するPayPalIPN確認応答:SSL3_READ_BYTES:sslv3アラートハンドシェイクの失敗
- 7
TLS接続ハンドシェイクの失敗
- 8
WebsocketSSLハンドシェイクの失敗
- 9
WebRTC DTLS-SRTPOpenSSLサーバーのハンドシェイクの失敗
- 10
wgetsslアラートハンドシェイクの失敗
- 11
Spring RestTemplate:SSLハンドシェイクの失敗
- 12
Androidで一貫性のないSSLv3ハンドシェイクの失敗
- 13
「sslv3アラートハンドシェイクの失敗:SSLアラート番号40」でSSLハンドシェイクが失敗する
- 14
「sslv3アラートハンドシェイクの失敗:SSLアラート番号40」でSSLハンドシェイクが失敗する
- 15
TLS1.2クライアントとTLS1.3サーバーでのハンドシェイクの失敗
- 16
SSL致命的エラー-ハンドシェイクの失敗(40)
- 17
XamarinでSSLハンドシェイクが失敗する
- 18
ClientHello後のSSLハンドシェイクの失敗
- 19
OpenSSLエラー-ハンドシェイクの失敗
- 20
Logstash使用時のSSLハンドシェイクの失敗
- 21
SSLを使用したRMI:ハンドシェイクの失敗
- 22
OpenSSL :: SSL :: SSLError HomebrewOpenSSLでのハンドシェイクの失敗
- 23
Rails omniauth facebookSSLハンドシェイクの失敗
- 24
DocuSignサンドボックス接続でsslv3アラートハンドシェイクの失敗が発生しています
- 25
WeblogicSSLハンドシェイクの失敗
- 26
MosquittoOpenSSLハンドシェイクの失敗。
- 27
アスタリスクsslv3アラートハンドシェイクの失敗
- 28
TLSv1接続がハンドシェイクの失敗で失敗しました
- 29
Javaバージョン「1.7.0_79」でのSSLハンドシェイクの失敗
コメントを追加