java - javax.net.ssl.SSLHandshakeException:远程主机终止握手
问题描述
我已经使用以下命令在 java 信任库(cacerts)中安装了证书:
keytool -import -file "C:\Users\kdursoji\Downloads\ZscalerRootCertificate-154478.crt" -keystore "C:\Program Files\Java\jre-9.0.4\lib\security\cacerts" -alias ZcalerCert
keytool -import -file "C:\Users\kdursoji\Downloads\ZscalerRootCertificate-154478.crt" -keystore "C:\Program Files\Java\jdk-9.0.4\lib\security\cacerts" -alias ZcalerCert 后来我尝试使用 apache http api 访问以下 url
https://www.jllsgp.com/OMSIII/default_SSL.asp
并获得以下异常:
System property jdk.tls.client.cipherSuites is set to 'null'
System property jdk.tls.server.cipherSuites is set to 'null'
Ignoring disabled cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
Ignoring disabled cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_RC4_40_SHA
Ignoring disabled cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: TLS_KRB5_WITH_RC4_128_SHA
Ignoring disabled cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_RC4_40_MD5
Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: TLS_KRB5_WITH_RC4_128_MD5
Ignoring disabled cipher suite: SSL_RSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_RC4_128_MD5
Inaccessible trust store: C:\Program Files\Java\jre-9.0.4\lib\security\jssecacerts
trustStore is: C:\Program Files\Java\jre-9.0.4\lib\security\cacerts
trustStore type is: pkcs12
trustStore provider is:
the last modified time is: Thu Aug 01 21:03:36 IST 2019
Reload the trust store
Reload trust certs
Reloaded 105 trust certs
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0xc3517
Valid from Mon Jun 21 09:30:00 IST 1999 until Mon Jun 22 09:30:00 IST 2020
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
Algorithm: EC; Serial number: 0xa68b79290000000050d091f9
Valid from Tue Dec 18 20:55:36 IST 2012 until Fri Dec 18 21:25:36 IST 2037
adding as trusted cert:
Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
Valid from Wed Nov 08 01:01:18 IST 2006 until Tue Jan 01 01:10:55 IST 2030
adding as trusted cert:
Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 09:50:49 IST 2003 until Sat Sep 30 09:50:49 IST 2023
adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Fri Nov 10 05:30:00 IST 2006 until Mon Nov 10 05:30:00 IST 2031
adding as trusted cert:
Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528
Valid from Fri Jan 13 00:29:32 IST 2012 until Mon Jan 13 00:29:32 IST 2042
adding as trusted cert:
Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c
Valid from Thu Aug 01 17:30:00 IST 2013 until Fri Jan 15 17:30:00 IST 2038
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
Valid from Mon Nov 27 05:30:00 IST 2006 until Thu Jul 17 05:29:59 IST 2036
adding as trusted cert:
Subject: EMAILADDRESS=support@zscaler.com, CN=Zscaler Root CA, OU=Zscaler Inc., O=Zscaler Inc., L=San Jose, ST=California, C=US
Issuer: EMAILADDRESS=support@zscaler.com, CN=Zscaler Root CA, OU=Zscaler Inc., O=Zscaler Inc., L=San Jose, ST=California, C=US
Algorithm: RSA; Serial number: 0xdbbe982d89b77b93
Valid from Fri Dec 19 05:57:55 IST 2014 until Tue May 06 05:57:55 IST 2042
adding as trusted cert:
Subject: EMAILADDRESS=support@zscaler.com, CN=Zscaler Root CA, OU=Zscaler Inc., O=Zscaler Inc., L=San Jose, ST=California, C=US
Issuer: EMAILADDRESS=support@zscaler.com, CN=Zscaler Root CA, OU=Zscaler Inc., O=Zscaler Inc., L=San Jose, ST=California, C=US
Algorithm: RSA; Serial number: 0xdbbe982d89b77b93
Valid from Fri Dec 19 05:57:55 IST 2014 until Tue May 06 05:57:55 IST 2042
adding as trusted cert:
Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: EC; Serial number: 0x55556bcf25ea43535c3a40fd5ab4572
Valid from Thu Aug 01 17:30:00 IST 2013 until Fri Jan 15 17:30:00 IST 2038
adding as trusted cert:
Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
Valid from Fri Jul 09 22:58:50 IST 1999 until Tue Jul 09 23:06:58 IST 2019
adding as trusted cert:
Subject: CN=Class 2 Primary CA, O=Certplus, C=FR
Issuer: CN=Class 2 Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423
Valid from Wed Jul 07 22:35:00 IST 1999 until Sun Jul 07 05:29:59 IST 2019
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 09:30:00 IST 2002 until Sat May 21 09:30:00 IST 2022
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 14:06:00 IST 2006 until Sat Oct 25 14:06:00 IST 2036
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
Algorithm: EC; Serial number: 0x605949e0262ebb55f90a778a71f94ad86c
Valid from Tue Nov 13 05:30:00 IST 2012 until Tue Jan 19 08:44:07 IST 2038
keyStore is : C:\Program Files\Java\jdk-9.0.4\lib\security\cacerts
keyStore type is : pkcs12
keyStore provider is :
init keystore
init keymanager of type SunX509
trigger seeding of SecureRandom
done seeding SecureRandom
Errorjava.security.KeyManagementException: Default SSLContext is initialized automatically
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=host_name (0), value=www.jllsgp.com) was replaced with (type=host_name (0), value=www.jllsgp.com)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
update handshake state: client_hello[1]
upcoming handshake states: server_hello[2]
*** ClientHello, TLSv1.2
RandomCookie: random_bytes = {6F 62 1B 73 37 B7 F1 93 CB 43 36 98 6A CC A9 27 5D 22 F2 AC 06 A0 2E C9 5D 29 20 77 5D 34 64 24}
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension supported_groups, group names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=www.jllsgp.com]
Extension status_request_v2
CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest
ResponderIds: <EMPTY>
Extensions: <EMPTY>
CertStatusReqItemV2: ocsp, OCSPStatusRequest
ResponderIds: <EMPTY>
Extensions: <EMPTY>
Extension status_request: ocsp, OCSPStatusRequest
ResponderIds: <EMPTY>
Extensions: <EMPTY>
***
main, WRITE: TLSv1.2 Handshake, length = 269
[Raw write]: length = 274
0000: 16 03 03 01 0D 01 00 01 09 03 03 6F 62 1B 73 37 ...........ob.s7
0010: B7 F1 93 CB 43 36 98 6A CC A9 27 5D 22 F2 AC 06 ....C6.j..']"...
0020: A0 2E C9 5D 29 20 77 5D 34 64 24 00 00 64 C0 2C ...]) w]4d$..d.,
0030: C0 2B C0 30 00 9D C0 2E C0 32 00 9F 00 A3 C0 2F .+.0.....2...../
0040: 00 9C C0 2D C0 31 00 9E 00 A2 C0 24 C0 28 00 3D ...-.1.....$.(.=
0050: C0 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 .&.*.k.j.....5..
0060: C0 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 ...9.8.#.'.<.%.)
0070: 00 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 .g.@...../.....3
0080: 00 32 C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 .2..............
0090: 00 FF 01 00 00 7C 00 0A 00 20 00 1E 00 17 00 18 ......... ......
00A0: 00 19 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 16 ................
00B0: 01 00 01 01 01 02 01 03 01 04 00 0B 00 02 01 00 ................
00C0: 00 0D 00 16 00 14 06 03 06 01 05 03 05 01 04 03 ................
00D0: 04 01 04 02 02 03 02 01 02 02 00 17 00 00 00 00 ................
00E0: 00 13 00 11 00 00 0E 77 77 77 2E 6A 6C 6C 73 67 .......www.jllsg
00F0: 70 2E 63 6F 6D 00 11 00 10 00 0E 02 00 04 00 00 p.com...........
0100: 00 00 01 00 04 00 00 00 00 00 05 00 05 01 00 00 ................
0110: 00 00 ..
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
main, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 28 ......(
main, called closeSocket()
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.base/java.net.HttpURLConnection.getResponseCode(Unknown Source)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at com.cscinfo.nemo.http.TestHttps.main(TestHttps.java:57)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(Unknown Source)
... 12 more
使用的代码是:
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.ssl.SSLContexts;
public class TestHttps {
public static void main(String args[]) throws Exception {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
} };
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContexts.createSystemDefault();
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
System.out.println("Error" + e);
}
// Now you can access an https URL without having the certificate in the
// truststore
try {
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
return true;
}
};
URL url = new URL("https://www.jllsgp.com/OMSIII/default_SSL.asp");
URLConnection conn = url.openConnection();
HttpsURLConnection urlConn = (HttpsURLConnection) conn;
urlConn.setHostnameVerifier(hv);
// conn.setDoOutput(true);
System.out.println(urlConn.getResponseCode());
} catch (MalformedURLException e) {
System.out.println("Error in SLL Connetion" + e);
}
}
}
I am expecting a 200 response code while hitting.But getting the above exception.So could you please any body can help me in this one ?*
解决方案
推荐阅读
- c# - 如何在 C# 中访问竹变量
- python - 在 Pandas 中连接 CSV 文件时,chr 中的日期格式
- python - 文本预处理 Python
- haskell - 如何从函数返回列表?
- spring - 什么时候可以禁用 csrf 保护
- vue.js - vue 在 v-for 中进行双重迭代
- python - Python pandas custom unmelt - 从重复的行创建列
- python-3.x - 我可以避免 Pycharm Docstrings 中的变量类型字段吗?
- java - java - 如何使用java中的索引删除()ArrayList()中的字符串元素序列?
- python - 检测时间序列中的突然变化