如何解决作为 jar 运行但不在 ide 中运行时出现 SSL 握手问题
我有一个 Java 16 程序尝试连接到电子邮件服务器。通过 Eclipse IDE 运行时它工作正常。这是成功的连接请求和响应的调试日志(对不起,它太长了 - 我不确定哪些位是最相关的,所以我输入了很多):
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.444 BST|SSLContextImpl.java:993|keyStore is :
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.444 BST|SSLContextImpl.java:994|keyStore type is : pkcs12
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.444 BST|SSLContextImpl.java:996|keyStore provider is :
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.444 BST|SSLContextImpl.java:1031|init keystore
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.444 BST|SSLContextImpl.java:1054|init keymanager of type SunX509
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.445 BST|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.446 BST|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.459 BST|SSLConfiguration.java:458|System property jdk.tls.client.SignatureSchemes is set to 'null'
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.498 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS12
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.498 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS12
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.499 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_CHACHA20_poly1305_SHA256 for TLS12
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.523 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.523 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.524 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.524 BST|SignatureScheme.java:403|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|INFO|14|AWT-EventQueue-0|2021-07-02 12:18:41.525 BST|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.525 BST|SSLExtensions.java:260|Ignore,context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.525 BST|SessionTicketExtension.java:408|Stateless resumption supported
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.526 BST|SSLExtensions.java:260|Ignore,context unavailable extension: cookie
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.553 BST|SSLExtensions.java:260|Ignore,context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.553 BST|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.553 BST|SSLExtensions.java:260|Ignore,context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.556 BST|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2","random" : "BC A3 A0 8E BC F8 48 BC BF C2 7A D2 2F 8E E4 C4 DC 4C FD B5 3F 3B 40 28 7B B3 31 4D C7 BB 8A 02","session id" : "09 49 2A 76 C5 48 AC FA 60 C1 D9 3F C8 BB C3 84 AD C1 6E EA 0A B9 AC C9 B2 E7 81 BF CD 7E C3 A8","cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302),TLS_AES_128_GCM_SHA256(0x1301),TLS_CHACHA20_poly1305_SHA256(0x1303),TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C),TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B),TLS_ECDHE_ECDSA_WITH_CHACHA20_poly1305_SHA256(0xCCA9),TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030),TLS_ECDHE_RSA_WITH_CHACHA20_poly1305_SHA256(0xCCA8),TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F),TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F),TLS_DHE_RSA_WITH_CHACHA20_poly1305_SHA256(0xCCAA),TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3),TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E),TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2),TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024),TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028),TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B),TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A),TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067),TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040),TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E),TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032),TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D),TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031),TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026),TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A),TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A),TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014),TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009),TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013),TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039),TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038),TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033),TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032),TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005),TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F),TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004),TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E),TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D),TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C),TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D),TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C),TLS_RSA_WITH_AES_256_CBC_SHA(0x0035),TLS_RSA_WITH_AES_128_CBC_SHA(0x002F),TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]","compression methods" : "00","extensions" : [
"server_name (0)": {
type=host_name (0),value=smtp.gmail.com
},"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},"supported_groups (10)": {
"versions": [x25519,secp256r1,secp384r1,secp521r1,x448,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192]
},"ec_point_formats (11)": {
"formats": [uncompressed]
},"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384,ecdsa_secp521r1_sha512,ed25519,ed448,rsa_pss_rSAE_sha256,rsa_pss_rSAE_sha384,rsa_pss_rSAE_sha512,rsa_pss_pss_sha256,rsa_pss_pss_sha384,rsa_pss_pss_sha512,rsa_pkcs1_sha256,rsa_pkcs1_sha384,rsa_pkcs1_sha512,dsa_sha256,ecdsa_sha1,rsa_pkcs1_sha1,dsa_sha1]
},"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256,"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},"extended_master_secret (23)": {
<empty>
},"session_ticket (35)": {
<empty>
},"supported_versions (43)": {
"versions": [TLSv1.3,TLSv1.2]
},"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: 7A 3C 93 18 7C ED 2A FC 90 37 1A 2A D0 0A 6F 8A z<....*..7.*..o.
//...
}
},{
"named group": secp256r1
"key_exchange": {
0000: 04 B6 13 13 2C 7D 07 94 24 66 36 80 CD 94 6E 38 ....,...$f6...n8
//...
}
},]
}
]
}
)
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.557 BST|SSLSocketoutputRecord.java:258|WRITE: TLS13 handshake,length = 470
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.558 BST|SSLSocketoutputRecord.java:272|Raw write (
0000: 16 03 03 01 D6 01 00 01 D2 03 03 BC A3 A0 8E BC ................
0010: F8 48 BC BF C2 7A D2 2F 8E E4 C4 DC 4C FD B5 3F .H...z./....L..?
//...
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.585 BST|SSLSocketInputRecord.java:488|Raw read (
0000: 16 03 03 00 7A ....z
)
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.585 BST|SSLSocketInputRecord.java:214|READ: TLSv1.2 handshake,length = 122
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.585 BST|SSLSocketInputRecord.java:488|Raw read (
0000: 02 00 00 76 03 03 BD D0 35 48 00 D7 90 4F 79 14 ...v....5H...Oy.
0010: C0 7A 59 54 48 03 BD 19 3D A3 39 15 7E 21 FE 89 .zYTH...=.9..!..
//...
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.586 BST|SSLSocketInputRecord.java:247|READ: TLSv1.2 handshake,length = 122
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.587 BST|ServerHello.java:891|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2","random" : "BD D0 35 48 00 D7 90 4F 79 14 C0 7A 59 54 48 03 BD 19 3D A3 39 15 7E 21 FE 89 8B 09 BC 8F 3D 69","cipher suite" : "TLS_AES_256_GCM_SHA384(0x1302)","extensions" : [
"key_share (51)": {
"server_share": {
"named group": x25519
"key_exchange": {
0000: 35 B1 83 E8 C8 2C 54 62 73 44 4D 50 5A 78 A4 52 5....,TbsDMPZx.R
0010: 9F B5 47 B6 C3 86 F8 16 59 1B FA E3 84 BD B7 6E ..G.....Y......n
}
},},"supported_versions (43)": {
"selected version": [TLSv1.3]
}
]
}
)
当我将它打包为 uberjar 并尝试运行它时,我收到了握手错误。这是调试日志中的连接请求:
javax.net.ssl|WARNING|14|AWT-EventQueue-0|2021-07-02 12:13:29.721 BST|SignatureScheme.java:296|Signature algorithm,Ed25519,is not supported by the underlying providers
javax.net.ssl|WARNING|14|AWT-EventQueue-0|2021-07-02 12:13:29.721 BST|SignatureScheme.java:296|Signature algorithm,Ed448,is not supported by the underlying providers
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.738 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS12
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.739 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS12
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.739 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_CHACHA20_poly1305_SHA256 for TLS12
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.768 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_secp256r1_sha256
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.769 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_secp384r1_sha384
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.770 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_secp521r1_sha512
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.770 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.771 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.772 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.773 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_sha1
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.773 BST|SignatureScheme.java:403|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|INFO|14|AWT-EventQueue-0|2021-07-02 12:13:29.774 BST|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.774 BST|SSLExtensions.java:260|Ignore,context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.775 BST|SessionTicketExtension.java:408|Stateless resumption supported
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.776 BST|SSLExtensions.java:260|Ignore,context unavailable extension: cookie
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.809 BST|SSLExtensions.java:260|Ignore,context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.809 BST|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.810 BST|SSLExtensions.java:260|Ignore,context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.814 BST|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2","random" : "F2 B4 0D 78 73 2A 77 3D 96 F2 D4 E1 AD 46 FD 0C 74 E1 9B 28 64 9F 00 B1 68 D2 F5 2E 61 7E 2C B6","session id" : "FE AE 2B 03 8E 57 2B D1 7C 2D 91 07 E3 FE D8 32 09 79 6F 1C 3F F0 9C 58 95 F5 6A D0 72 02 68 B5","supported_groups (10)": {
"versions": [ffdhe2048,"signature_algorithms (13)": {
"signature schemes": [rsa_pss_rSAE_sha256,rsa_sha224,dsa_sha224,"signature_algorithms_cert (50)": {
"signature schemes": [rsa_pss_rSAE_sha256,"key_share (51)": {
"client_shares": [
{
"named group": ffdhe2048
"key_exchange": {
0000: E3 A6 7D AD 4D 3D A0 B6 4E 6F B1 13 9A 68 CC B5 ....M=..No...h..
//...
}
},]
}
]
}
)
这是错误响应:
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.841 BST|SSLSocketInputRecord.java:247|READ: TLSv1.2 alert,length = 2
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.843 BST|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal","description": "handshake_failure"
}
)
javax.net.ssl|ERROR|14|AWT-EventQueue-0|2021-07-02 12:13:29.844 BST|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
我不确定如何读取日志(对 SSL 没有太多经验)但我可以看到,当它在 IDE 中工作时,从服务器返回的“命名组”是 x25519。但是当我将它作为 uberjar 运行时,支持的组列表中似乎缺少这个。如果我以一种方式返回日志,则会看到此错误:
javax.net.ssl|WARNING|14|AWT-EventQueue-0|2021-07-02 12:13:29.715 BST|NamedGroup.java:297|No AlgorithmParameters for x25519 (
"throwable" : {
java.security.NoSuchAlgorithmException: Algorithm x25519 not available
at java.base/javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:192)
at java.base/sun.security.ssl.NamedGroup.<init>(NamedGroup.java:286)
at java.base/sun.security.ssl.NamedGroup.<clinit>(NamedGroup.java:184)
at java.base/sun.security.ssl.SignatureScheme.<clinit>(SignatureScheme.java:51)
at java.base/sun.security.ssl.SSLSessionImpl.<clinit>(SSLSessionImpl.java:817)
这是我的问题吗?如果是这样,我该如何包含它?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
