JDK11でのTLS1.3でのハンドシェイクの失敗

カルステン

JDK11でのTLS1.3の使用は、原則として機能します。ただし、2つの同時スレッドで接続が確立されるとすぐに、最初のハンドシェイクは両方で失敗します。

これは明らかに既知の問題であり、おそらく次の場所で修正されています。

この単純なJavaクラスを考えると

import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

public class Main {

    public static void main(String[] args) throws Exception {
        Thread t1 = new Thread(Main::createAndUseSslSocket);
        Thread t2 = new Thread(Main::createAndUseSslSocket);
        t1.start();
        t2.start();
        do {
            Thread.sleep(100);
        } while (t1.isAlive() || t2.isAlive());
    }

    private static void createAndUseSslSocket() {
        try (SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket("www.verisign.com", 443)) {
            socket.startHandshake();
        } catch (Exception e) {
            System.err.println(e.getClass().getName() + " " + e.getMessage());
        }
    }
}

次のコマンドを実行する(私のWindows 10マシンで)

OpenJDKを使用します11.0.9.11-hotspot。これはおそらく修正されています。

"C:\Program Files\AdoptOpenJDK\jdk-11.0.9.11-hotspot/bin/javac" Main.java
"C:\Program Files\AdoptOpenJDK\jdk-11.0.9.11-hotspot/bin/java" -Djdk.tls.client.protocols="TLSv1.3" Main

または、OpenJDK 15.0.1.9-hotspot今日の時点でAdoptOpenJDK.netで利用可能な「最新の」オプションさえ

"C:\Program Files\AdoptOpenJDK\jdk-15.0.1.9-hotspot/bin/javac" Main.java
"C:\Program Files\AdoptOpenJDK\jdk-15.0.1.9-hotspot/bin/java" -Djdk.tls.client.protocols="TLSv1.3" Main

どちらも同じ出力を生成します

javax.net.ssl.SSLHandshakeException Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException Received fatal alert: handshake_failure

これは公式に修正されていますが、動作させることができないようです。
何が起きてる?

回避策はありますが、長期的には受け入れられません。

次のJVMプロパティを使用してTLS1.3を無効にします。 -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"


*編集:含めると出力が終了します-Djavax.net.debug=all(すべてを含めると、StackOverflowには140k文字が多すぎます。

javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:993|keyStore is :
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:994|keyStore type is : pkcs12
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:996|keyStore provider is :
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:1031|init keystore
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:1054|init keymanager of type SunX509
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:44.793 CET|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:44.850 CET|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:44.850 CET|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:44.862 CET|SSLConfiguration.java:458|System property jdk.tls.client.SignatureSchemes is set to 'null'
javax.net.ssl|WARNING|0F|Thread-1|2020-10-30 15:16:44.863 CET|SignatureScheme.java:282|Signature algorithm, ed25519, not supported by JSSE
javax.net.ssl|WARNING|0F|Thread-1|2020-10-30 15:16:44.863 CET|SignatureScheme.java:282|Signature algorithm, ed448, not supported by JSSE
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha256
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha256
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.189 CET|SignatureScheme.java:394|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha1
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: rsa_md5
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: dsa_sha1
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.194 CET|SignatureScheme.java:418|Ignore inactive signature scheme: rsa_md5
javax.net.ssl|INFO|0E|Thread-0|2020-10-30 15:16:45.194 CET|AlpnExtension.java:165|No available application protocols
javax.net.ssl|INFO|0F|Thread-1|2020-10-30 15:16:45.194 CET|AlpnExtension.java:165|No available application protocols
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.194 CET|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.194 CET|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.195 CET|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.195 CET|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.210 CET|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "D0 1B 63 ED D3 4E 05 5E 98 E1 6B 9D F8 32 81 14 43 D3 45 F7 0D D3 D6 20 98 35 DF 67 85 C9 A9 65",
  "session id"          : "44 52 47 AB 32 A6 FC C1 CA 78 A7 DE 32 AC F8 95 6C DF 68 07 0C C5 35 D4 44 ED 29 7A 2F C9 BE 1E",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=www.verisign.com
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": x25519
          "key_exchange": {
            0000: 4C 31 CF 53 D6 2D 6D 30   19 D3 7E 4E CD B6 6A E2  L1.S.-m0...N..j.
            0010: 3A 49 0F C4 14 C2 53 FD   53 89 0D 7D 8F 4C AE 46  :I....S.S....L.F
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.210 CET|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "3C 06 CA 04 F8 0F E4 E6 94 93 1F 48 A4 C0 84 27 76 7E D6 22 BB 62 B2 C6 CF FA A4 61 BE 02 04 E2",
  "session id"          : "C1 C4 8D 99 B0 57 69 D7 63 DC 78 26 7B 15 0B B1 F5 2E B9 50 52 22 F0 32 FB 63 C4 AA E4 FC E6 72",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=www.verisign.com
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": x25519
          "key_exchange": {
            0000: DF DF 74 F2 A7 A9 B5 EB   74 E4 26 DE F6 2B 82 27  ..t.....t.&..+.'
            0010: C1 4E D8 16 91 CA CB F6   0B 91 EE C9 69 C6 4F 03  .N..........i.O.
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:258|WRITE: TLS13 handshake, length = 266
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:258|WRITE: TLS13 handshake, length = 266
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:272|Raw write (
  0000: 16 03 03 01 0A 01 00 01   06 03 03 3C 06 CA 04 F8  ...........<....
  0010: 0F E4 E6 94 93 1F 48 A4   C0 84 27 76 7E D6 22 BB  ......H...'v..".
  0020: 62 B2 C6 CF FA A4 61 BE   02 04 E2 20 C1 C4 8D 99  b.....a.... ....
  0030: B0 57 69 D7 63 DC 78 26   7B 15 0B B1 F5 2E B9 50  .Wi.c.x&.......P
  0040: 52 22 F0 32 FB 63 C4 AA   E4 FC E6 72 00 06 13 02  R".2.c.....r....
  0050: 13 01 13 03 01 00 00 B7   00 00 00 15 00 13 00 00  ................
  0060: 10 77 77 77 2E 76 65 72   69 73 69 67 6E 2E 63 6F  .www.verisign.co
  0070: 6D 00 05 00 05 01 00 00   00 00 00 0A 00 16 00 14  m...............
  0080: 00 1D 00 17 00 18 00 19   00 1E 01 00 01 01 01 02  ................
  0090: 01 03 01 04 00 0D 00 1E   00 1C 04 03 05 03 06 03  ................
  00A0: 08 04 08 05 08 06 08 09   08 0A 08 0B 04 01 05 01  ................
  00B0: 06 01 02 03 02 01 00 32   00 1E 00 1C 04 03 05 03  .......2........
  00C0: 06 03 08 04 08 05 08 06   08 09 08 0A 08 0B 04 01  ................
  00D0: 05 01 06 01 02 03 02 01   00 2B 00 03 02 03 04 00  .........+......
  00E0: 2D 00 02 01 01 00 33 00   26 00 24 00 1D 00 20 DF  -.....3.&.$... .
  00F0: DF 74 F2 A7 A9 B5 EB 74   E4 26 DE F6 2B 82 27 C1  .t.....t.&..+.'.
  0100: 4E D8 16 91 CA CB F6 0B   91 EE C9 69 C6 4F 03     N..........i.O.
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.213 CET|SSLSocketOutputRecord.java:272|Raw write (
  0000: 16 03 03 01 0A 01 00 01   06 03 03 D0 1B 63 ED D3  .............c..
  0010: 4E 05 5E 98 E1 6B 9D F8   32 81 14 43 D3 45 F7 0D  N.^..k..2..C.E..
  0020: D3 D6 20 98 35 DF 67 85   C9 A9 65 20 44 52 47 AB  .. .5.g...e DRG.
  0030: 32 A6 FC C1 CA 78 A7 DE   32 AC F8 95 6C DF 68 07  2....x..2...l.h.
  0040: 0C C5 35 D4 44 ED 29 7A   2F C9 BE 1E 00 06 13 02  ..5.D.)z/.......
  0050: 13 01 13 03 01 00 00 B7   00 00 00 15 00 13 00 00  ................
  0060: 10 77 77 77 2E 76 65 72   69 73 69 67 6E 2E 63 6F  .www.verisign.co
  0070: 6D 00 05 00 05 01 00 00   00 00 00 0A 00 16 00 14  m...............
  0080: 00 1D 00 17 00 18 00 19   00 1E 01 00 01 01 01 02  ................
  0090: 01 03 01 04 00 0D 00 1E   00 1C 04 03 05 03 06 03  ................
  00A0: 08 04 08 05 08 06 08 09   08 0A 08 0B 04 01 05 01  ................
  00B0: 06 01 02 03 02 01 00 32   00 1E 00 1C 04 03 05 03  .......2........
  00C0: 06 03 08 04 08 05 08 06   08 09 08 0A 08 0B 04 01  ................
  00D0: 05 01 06 01 02 03 02 01   00 2B 00 03 02 03 04 00  .........+......
  00E0: 2D 00 02 01 01 00 33 00   26 00 24 00 1D 00 20 4C  -.....3.&.$... L
  00F0: 31 CF 53 D6 2D 6D 30 19   D3 7E 4E CD B6 6A E2 3A  1.S.-m0...N..j.:
  0100: 49 0F C4 14 C2 53 FD 53   89 0D 7D 8F 4C AE 46     I....S.S....L.F
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
  0000: 15 03 03 00 02                                     .....
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:214|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
  0000: 02 28                                              .(
)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:247|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|Alert.java:238|Received alert message (
"Alert": {
  "level"      : "fatal",
  "description": "handshake_failure"
}
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
  0000: 15 03 03 00 02                                     .....
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:214|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:488|Raw read (
  0000: 02 28                                              .(
)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketInputRecord.java:247|READ: TLSv1.2 alert, length = 2
javax.net.ssl|ERROR|0E|Thread-0|2020-10-30 15:16:45.372 CET|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
        at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:202)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1488)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1394)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412)
        at Main.createAndUseSslSocket(Main.java:23)
        at java.base/java.lang.Thread.run(Thread.java:832)}

)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|Alert.java:238|Received alert message (
"Alert": {
  "level"      : "fatal",
  "description": "handshake_failure"
}
)
javax.net.ssl|ALL|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSessionImpl.java:1224|Invalidated session:  Session(1604067404870|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|ERROR|0F|Thread-1|2020-10-30 15:16:45.372 CET|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
        at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:202)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1488)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1394)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412)
        at Main.createAndUseSslSocket(Main.java:23)
        at java.base/java.lang.Thread.run(Thread.java:832)}

)
javax.net.ssl|ALL|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSessionImpl.java:1224|Invalidated session:  Session(1604067404870|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1727|close the underlying socket
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1727|close the underlying socket
javax.net.ssl|DEBUG|0E|Thread-0|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1746|close the SSL connection (initiative)
javax.net.ssl|DEBUG|0F|Thread-1|2020-10-30 15:16:45.372 CET|SSLSocketImpl.java:1746|close the SSL connection (initiative)
rkosegi

それはあなたのせいではありません(JDK11でもありません)。

私は質問中の私のコメントであまりにも早く話しました、私が供給し-Djdk.tls.client.protocols="TLSv1.3"場合、ローカルではあなたと同じように失敗します。

デバッグ出力を見ると、ハンドシェイクを拒否したのはサーバーです。

javax.net.ssl|DEBUG|0D|Thread-1|2020-10-30 15:30:52.829 CET|SSLSocketInputRecord.java:477|Raw read (
  0000: 02 28                                              .(
)

使用opensslして強制TLS1.3すると、同じエラーで失敗します。

openssl s_client -connect www.verisign.com:443 -tls1_3
CONNECTED(00000003)
139777244485440:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40

alert number 40これは28、Javaからのデバッグ出力に見られる16進数に対応すること注意してください

つまりwww.verisign.com、TLS1.3で問題を抱えているのは誰ですか

あなたが例えばしようとすると www.google.comそれはうまく機能します

更新

SSL Labsのwww.verisign.com使用に対してオンラインテストを実行したところ、次のことが確認されました。

プロトコルの詳細

この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。

侵害の場合は、連絡してください[email protected]

編集
0

コメントを追加

0

関連記事

Related 関連記事

ホットタグ

アーカイブ