我正在编写POP3服务器来提供通知,这些通知不是电子邮件,而是数据库中的内容。我可以使用它,但是当我尝试从服务器套接字切换到SSLServerSocket时,出现错误“ javax.net.ssl.SSLException:连接已关闭:javax.net.ssl.SSLHandshakeException:没有通用的密码套件” 。客户端(Thunderbird)作为受支持的密码套件发送的内容与服务器支持的内容之间似乎存在重叠。这是代码:
private static boolean startServerSocket() throws GeneralSecurityException
{
try
{
KeyStore ks = KeyStore.getInstance("JKS");
InputStream ksIs = new FileInputStream("<JAVA_HOME>\\jdk\\jre\\lib\\security\\cacerts");
try
{
ks.load(ksIs, "changeit".toCharArray()); // 2nd parameter is password
}
finally
{
if (ksIs != null)
{
ksIs.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, "keypassword".toCharArray());
// used in sc.init
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
SSLContext sc = SSLContext.getInstance("TLSv1.2"); // there are more tls
sc.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom());
SSLServerSocketFactory socketFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
serverSocket = (SSLServerSocket) socketFactory.createServerSocket(portNumber);
((SSLServerSocket)serverSocket).setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"});
String[] supportedProtos = serverSocket.getEnabledProtocols();
if (supportedProtos != null)
{
for (String proto: supportedProtos)
{
System.out.println("Supported Protocol: " + proto);
}
}
String[] enabledCiphersSuites = serverSocket.getEnabledCipherSuites();
if (enabledCiphersSuites != null)
{
for (String enabledCiphersSuite: enabledCiphersSuites)
{
System.out.println("Enabled CipherSuite: " + enabledCiphersSuite);
}
}
String[] supportedCipherSuites = serverSocket.getSupportedCipherSuites();
if (supportedCipherSuites != null)
{
for (String supportedCiphersSuite: supportedCipherSuites)
{
System.out.println("Supported CipherSuite: " + supportedCiphersSuite);
}
}
System.out.println("Awaiting Connection...");
return true;
}
catch (IOException e)
{
e.printStackTrace(System.err); //this is where the error comes from
System.err.println("ERROR - Could not listen on port " + portNumber);
return false;
}
}
这是将套接字写入之前的调试输出(包括来自Java选项-Djavax.net.debug = all的语句:
trigger seeding of SecureRandom
done seeding SecureRandom
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: <JAVA_HOME>\jdk\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0xc3517
Valid from Sun Jun 20 22:00:00 MDT 1999 until Sun Jun 21 22:00:00 MDT 2020
adding as trusted cert:
Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
Valid from Tue Nov 07 12:31:18 MST 2006 until Mon Dec 31 12:40:55
.... many more of these
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Supported Protocol: SSLv3
Supported Protocol: TLSv1
Supported Protocol: TLSv1.1
Supported Protocol: TLSv1.2
Enabled CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_RSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_RSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Supported CipherSuite: TLS_DH_anon_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_DH_anon_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_DH_anon_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Supported CipherSuite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Supported CipherSuite: SSL_RSA_WITH_RC4_128_SHA
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Supported CipherSuite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Supported CipherSuite: SSL_RSA_WITH_RC4_128_MD5
Supported CipherSuite: TLS_ECDH_anon_WITH_RC4_128_SHA
Supported CipherSuite: SSL_DH_anon_WITH_RC4_128_MD5
Supported CipherSuite: SSL_RSA_WITH_DES_CBC_SHA
Supported CipherSuite: SSL_DHE_RSA_WITH_DES_CBC_SHA
Supported CipherSuite: SSL_DHE_DSS_WITH_DES_CBC_SHA
Supported CipherSuite: SSL_DH_anon_WITH_DES_CBC_SHA
Supported CipherSuite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
Supported CipherSuite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Supported CipherSuite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
Supported CipherSuite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Supported CipherSuite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
Supported CipherSuite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
Supported CipherSuite: TLS_RSA_WITH_NULL_SHA256
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_NULL_SHA
Supported CipherSuite: TLS_ECDHE_RSA_WITH_NULL_SHA
Supported CipherSuite: SSL_RSA_WITH_NULL_SHA
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_NULL_SHA
Supported CipherSuite: TLS_ECDH_RSA_WITH_NULL_SHA
Supported CipherSuite: TLS_ECDH_anon_WITH_NULL_SHA
Supported CipherSuite: SSL_RSA_WITH_NULL_MD5
Supported CipherSuite: TLS_KRB5_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_KRB5_WITH_3DES_EDE_CBC_MD5
Supported CipherSuite: TLS_KRB5_WITH_RC4_128_SHA
Supported CipherSuite: TLS_KRB5_WITH_RC4_128_MD5
Supported CipherSuite: TLS_KRB5_WITH_DES_CBC_SHA
Supported CipherSuite: TLS_KRB5_WITH_DES_CBC_MD5
Supported CipherSuite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
Supported CipherSuite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
Supported CipherSuite: TLS_KRB5_EXPORT_WITH_RC4_40_SHA
Supported CipherSuite: TLS_KRB5_EXPORT_WITH_RC4_40_MD5
Awaiting Connection...
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
读/写套接字时,这里是输出,包括异常:
Ignoring disabled protocol: SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
[Raw read]: length = 5
SYSTEM ERROR -- Possible Timeout Due To InactivityWed Mar 28 15:05:39 MDT 2018 - Stack Trace Shown Below.
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1541)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:95)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:161)
at java.io.BufferedReader.readLine(BufferedReader.java:324)
at java.io.BufferedReader.readLine(BufferedReader.java:389)
at POP3ServerThread.run(POP3ServerThread.java:71)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1036)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:739)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
at java.io.BufferedWriter.flush(BufferedWriter.java:254)
at java.io.PrintWriter.newLine(PrintWriter.java:482)
at java.io.PrintWriter.println(PrintWriter.java:629)
at java.io.PrintWriter.println(PrintWriter.java:740)
at POP3ServerThread.run(POP3ServerThread.java:61)
... 1 more
0000: 16 03 01 00 95 .....
[Raw read]: length = 149
0000: 01 00 00 91 03 03 02 81 F0 55 87 5E DE 80 70 74 .........U.^..pt
0010: 1B 96 D9 70 01 F5 D0 CF 36 CF B5 34 8B A7 B8 8F ...p....6..4....
0020: D3 7D F1 01 B8 CC 00 00 1E C0 2B C0 2F CC A9 CC ..........+./...
0030: A8 C0 2C C0 30 C0 0A C0 09 C0 13 C0 14 00 33 00 ..,.0.........3.
0040: 39 00 2F 00 35 00 0A 01 00 00 4A 00 17 00 00 FF 9./.5.....J.....
0050: 01 00 01 00 00 0A 00 0A 00 08 00 1D 00 17 00 18 ................
0060: 00 19 00 0B 00 02 01 00 00 23 00 00 00 05 00 05 .........#......
0070: 01 00 00 00 00 FF 03 00 00 00 0D 00 18 00 16 04 ................
0080: 03 05 03 06 03 08 04 08 05 08 06 04 01 05 01 06 ................
0090: 01 02 03 02 01 .....
Thread-0, READ: TLSv1 Handshake, length = 149
*** ClientHello, TLSv1.2
RandomCookie: GMT: 25227349 bytes = { 135, 94, 222, 128, 112, 116, 27, 150, 217, 112, 1, 245, 208, 207, 54, 207, 181, 52, 139, 167, 184, 143, 211, 125, 241, 1, 184, 204 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension type_23, data:
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_65283, data:
Extension signature_algorithms, signature_algorithms: SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, Unknown (hash:0x8, signature:0x4), Unknown (hash:0x8, signature:0x5), Unknown (hash:0x8, signature:0x6), SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA1withECDSA, SHA1withRSA
***
[read] MD5 and SHA1 hashes: len = 149
0000: 01 00 00 91 03 03 02 81 F0 55 87 5E DE 80 70 74 .........U.^..pt
0010: 1B 96 D9 70 01 F5 D0 CF 36 CF B5 34 8B A7 B8 8F ...p....6..4....
0020: D3 7D F1 01 B8 CC 00 00 1E C0 2B C0 2F CC A9 CC ..........+./...
0030: A8 C0 2C C0 30 C0 0A C0 09 C0 13 C0 14 00 33 00 ..,.0.........3.
0040: 39 00 2F 00 35 00 0A 01 00 00 4A 00 17 00 00 FF 9./.5.....J.....
0050: 01 00 01 00 00 0A 00 0A 00 08 00 1D 00 17 00 18 ................
0060: 00 19 00 0B 00 02 01 00 00 23 00 00 00 05 00 05 .........#......
0070: 01 00 00 00 00 FF 03 00 00 00 0D 00 18 00 16 04 ................
0080: 03 05 03 06 03 08 04 08 05 08 06 04 01 05 01 06 ................
0090: 01 02 03 02 01 .....
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
%% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL]
Thread-0, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
Thread-0, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 28 ......(
Thread-0, called closeSocket()
Thread-0, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
Thread-0, called close()
Thread-0, called closeInternal(true)
Thread-0, called close()
Thread-0, called closeInternal(true)
我在StackOverflow上发现了类似的问题,并尝试了解决方案,但始终遇到相同的异常。提前致谢。
最佳答案
这意味着在服务器和客户端上启用的密码套件之间的交集为空(在此处似乎不是这种情况),或者服务器没有私钥,而是这样做。
在那种情况下,服务器无法使用任何身份验证密码套件,并且默认情况下(正确)禁用匿名密码套件,因此没有可用的启用密码套件。
注意:请勿使用该TrustManager
。这是完全不安全的,除非您要请求或要求客户端身份验证,否则它不会被使用。您甚至不需要加载JRE的cacerts
文件,因为这已经是默认设置了。
关于java - 为SSLServerSocket设置安全性会导致密码套件错误,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/49544399/