我们正在尝试通过HTTPS使用Apache Camel连接到基于.NET的Web服务。这些调用在Windows下可以正常运行，但是在SSL握手阶段，基于Linux的计算机可以通过远程Web服务重置连接。在Linux下从cURL或Postman调用URL没问题，因此问题似乎与JVM有关。我们已经在启用了SSL跟踪日志记录的情况下对此进行了测试，并且两台机器似乎都协商完全相同的密码套件，因此我们对于为何重置连接一无所知。我们无法访问远程Web服务的日志记录，因此我实际上不确定如何继续调试此问题...我已经截断了这两个平台的SSL跟踪日志记录，并将其包括在下面。有没有我们想念的东西，或者如果没有远程日志记录，我们还能做些什么来调试此问题？Linux SSL跟踪日志记录：Allow unsafe renegotiation: falseAllow legacy hello messages: trueIs initial handshake: trueIs secure renegotiation: falseIgnoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1%% No cached client session*** ClientHello, TLSv1.2RandomCookie: GMT: 1509952410 bytes = ...truncated...Session ID: {}Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]Compression Methods: { 0 }Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}Extension ec_point_formats, formats: [uncompressed]Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSAExtension server_name, server_name: [type=host_name (0), value=...truncated...]***http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 230http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 91*** ServerHello, TLSv1.2RandomCookie: GMT: 720603056 bytes = ...truncated...Session ID: ...truncated...Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384Compression Method: 0Extension renegotiation_info, renegotiated_connection: <empty>Extension server_name, server_name:Extension ec_point_formats, formats: [uncompressed]***%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 3959*** Certificate chainchain [0] = [[ Version: V3 Subject: ...truncated... Signature Algorithm: SHA256withRSA, OID = ...truncated... Key: Sun RSA public key, 2048 bits modulus: ...truncated... public exponent: ...truncated... Validity: [...truncated...] Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE SerialNumber: [ ...truncated...]Certificate Extensions: 10[1]: ObjectId: ...truncated... Criticality=falseExtension unknown: DER encoded OCTET string =...truncated...[2]: ObjectId: ...truncated... Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://secure.globalsign.com/cacert/gsextendvalsha2g3r3.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g3r3]][3]: ObjectId: ...truncated... Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [...truncated...]][4]: ObjectId: ...truncated... Criticality=falseBasicConstraints:[ CA:false PathLen: undefined][5]: ObjectId: ...truncated... Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g3r3.crl]]][6]: ObjectId: ...truncated... Criticality=falseCertificatePolicies [ [CertificatePolicyId: [...truncated...][PolicyQualifierInfo: [ qualifierID: ...truncated... qualifier: ...truncated...]] ] [CertificatePolicyId: [...truncated...][] ]][7]: ObjectId: ...truncated... Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][8]: ObjectId: ...truncated... Criticality=trueKeyUsage [ DigitalSignature Key_Encipherment][9]: ObjectId: ...truncated... Criticality=falseSubjectAlternativeName [ DNSName: ...truncated... DNSName: ...truncated... DNSName: ...truncated...][10]: ObjectId: ...truncated... Criticality=falseSubjectKeyIdentifier [KeyIdentifier [...truncated...]]] Algorithm: [SHA256withRSA] Signature:...truncated...]chain [1] = [[ Version: V3 Subject: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE Signature Algorithm: SHA256withRSA, OID = ...truncated... Key: Sun RSA public key, 2048 bits modulus: ...truncated... public exponent: ...truncated... Validity: [...truncated...] Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 SerialNumber: [ ...truncated...]Certificate Extensions: 7[1]: ObjectId: ...truncated... Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp2.globalsign.com/rootr3]][2]: ObjectId: ...truncated... Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [...truncated...]][3]: ObjectId: ...truncated... Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: ...truncated... Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.globalsign.com/root-r3.crl]]][5]: ObjectId: ...truncated... Criticality=falseCertificatePolicies [ [CertificatePolicyId: [...truncated...][PolicyQualifierInfo: [ qualifierID: ...truncated... qualifier: ...truncated...]] ]][6]: ObjectId: ...truncated... Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][7]: ObjectId: ...truncated... Criticality=falseSubjectKeyIdentifier [KeyIdentifier [...truncated...]]] Algorithm: [SHA256withRSA] Signature:...truncated...]chain [2] = [[ Version: V3 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Signature Algorithm: SHA256withRSA, OID = ...truncated... Key: Sun RSA public key, 2048 bits modulus: ...truncated... public exponent: ...truncated... Validity: [...truncated...] Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 SerialNumber: [ ...truncated...]Certificate Extensions: 3[1]: ObjectId: ...truncated... Criticality=trueBasicConstraints:[...truncated...][2]: ObjectId: ...truncated... Criticality=trueKeyUsage [...truncated...][3]: ObjectId: ...truncated... Criticality=falseSubjectKeyIdentifier [KeyIdentifier [...truncated...]]] Algorithm: [SHA256withRSA] Signature: ...truncated...]***Found trusted certificate:[[ Version: V3 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Signature Algorithm: SHA256withRSA, OID = ...truncated Key: Sun RSA public key, 2048 bits modulus: ...truncated... public exponent: ...truncated... Validity: [...truncated...] Issuer: ...truncated... SerialNumber: [ ...truncated...]Certificate Extensions: 3[1]: ObjectId: ...truncated... Criticality=trueBasicConstraints:[ CA:true PathLen:...truncated...][2]: ObjectId: ...truncated... Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][3]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [...truncated...]]] Algorithm: [SHA256withRSA] Signature:...truncated...]http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 333*** ECDH ServerKeyExchangeSignature Algorithm SHA256withRSAServer key: Sun EC public key, 256 bits public x coord: ...truncated... public y coord: ...truncated... parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 4*** ServerHelloDone*** ECDHClientKeyExchangeECDH Public value: ...truncated...http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 70SESSION KEYGEN:PreMaster Secret:...truncated...CONNECTION KEYGEN:Client Nonce:...truncated...Server Nonce:...truncated...Master Secret:...truncated...... no MAC keys used for this cipherClient write key:...truncated...Server write key:...truncatedClient write IV:...truncated...Server write IV:...truncated....http-nio-8080-exec-7, WRITE: TLSv1.2 Change Cipher Spec, length = 1*** Finished...truncated...***http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 40http-nio-8080-exec-7, READ: TLSv1.2 Change Cipher Spec, length = 1http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 40*** Finished...truncated...***%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]http-nio-8080-exec-7, WRITE: TLSv1.2 Application Data, length = 2370http-nio-8080-exec-7, handling exception: java.net.SocketException: Connection reset%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]http-nio-8080-exec-7, SEND TLSv1.2 ALERT: fatal, description = unexpected_messagehttp-nio-8080-exec-7, WRITE: TLSv1.2 Alert, length = 26http-nio-8080-exec-7, Exception sending alert: java.net.SocketException: Broken pipe (Write failed)http-nio-8080-exec-7, called closeSocket()http-nio-8080-exec-7, called close()http-nio-8080-exec-7, called closeInternal(true)Windows SSL跟踪日志记录：Allow unsafe renegotiation: falseAllow legacy hello messages: trueIs initial handshake: trueIs secure renegotiation: falseIgnoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1%% No cached client session*** ClientHello, TLSv1.2RandomCookie: GMT: 1509957147 bytes = ...truncated...Session ID: {}Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]Compression Methods: { 0 }Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}Extension ec_point_formats, formats: [uncompressed]Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSAExtension server_name, server_name: [type=host_name (0), value=...truncated...]***http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 258http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 91*** ServerHello, TLSv1.2RandomCookie: GMT: -607016418 bytes = ...truncated...Session ID: ...truncated...Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384Compression Method: 0Extension renegotiation_info, renegotiated_connection: <empty>Extension server_name, server_name:Extension ec_point_formats, formats: [uncompressed]***%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 3959*** Certificate chainchain [0] = [[ Version: V3 Subject: ...truncated... Signature Algorithm: SHA256withRSA, OID = ...truncated... Key: Sun RSA public key, 2048 bits modulus: ...truncated... public exponent: ...truncated... Validity: [...truncated...] Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE SerialNumber: [ ...truncated...]Certificate Extensions: 10[1]: ObjectId: ...truncated... Criticality=falseExtension unknown: DER encoded OCTET string =...truncated...[2]: ObjectId: ...truncated... Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://secure.globalsign.com/cacert/gsextendvalsha2g3r3.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g3r3]][3]: ObjectId: ...truncated... Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [...truncated...]][4]: ObjectId: ...truncated... Criticality=falseBasicConstraints:[ CA:false PathLen: undefined][5]: ObjectId: ...truncated... Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g3r3.crl]]][6]: ObjectId: ...truncated... Criticality=falseCertificatePolicies [ [CertificatePolicyId: [...truncated...][PolicyQualifierInfo: [ qualifierID: ...truncated... qualifier: ...truncated...]] ] [CertificatePolicyId: [...truncated...][] ]][7]: ObjectId: ...truncated... Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][8]: ObjectId: ...truncated... Criticality=trueKeyUsage [ DigitalSignature Key_Encipherment][9]: ObjectId: ...truncated... Criticality=falseSubjectAlternativeName [ DNSName: ...truncated... DNSName: ...truncated... DNSName: ...truncated...][10]: ObjectId: ...truncated... Criticality=falseSubjectKeyIdentifier [KeyIdentifier [...truncated...]]] Algorithm: [SHA256withRSA] Signature:...truncated...]chain [1] = [[ Version: V3 Subject: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE Signature Algorithm: SHA256withRSA, OID = ...truncated... Key: Sun RSA public key, 2048 bits modulus: ...truncated... public exponent: ...truncated... Validity: [...truncated...] Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 SerialNumber: [ ...truncated...]Certificate Extensions: 7[1]: ObjectId: ...truncated... Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp2.globalsign.com/rootr3]][2]: ObjectId: ...truncated... Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [...truncated...]][3]: ObjectId: ...truncated... Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: ...truncated... Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.globalsign.com/root-r3.crl]]][5]: ObjectId: ...truncated... Criticality=falseCertificatePolicies [ [CertificatePolicyId: [...truncated...][PolicyQualifierInfo: [ qualifierID: ...truncated... qualifier: ...truncated...]] ]][6]: ObjectId: ...truncated... Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][7]: ObjectId: ...truncated... Criticality=falseSubjectKeyIdentifier [KeyIdentifier [...truncated...]]] Algorithm: [SHA256withRSA] Signature:...truncated...]chain [2] = [[ Version: V3 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Signature Algorithm: SHA256withRSA, OID = ...truncated... Key: Sun RSA public key, 2048 bits modulus: ...truncated... public exponent: ...truncated... Validity: [...truncated...] Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 SerialNumber: [ ...truncated...]Certificate Extensions: 3[1]: ObjectId: ...truncated... Criticality=trueBasicConstraints:[...truncated...][2]: ObjectId: ...truncated... Criticality=trueKeyUsage [...truncated...][3]: ObjectId: ...truncated... Criticality=falseSubjectKeyIdentifier [KeyIdentifier [...truncated...]]] Algorithm: [SHA256withRSA] Signature: ...truncated...]***Found trusted certificate:[[ Version: V3 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Signature Algorithm: SHA256withRSA, OID = ...truncated Key: Sun RSA public key, 2048 bits modulus: ...truncated... public exponent: ...truncated... Validity: [...truncated...] Issuer: ...truncated... SerialNumber: [ ...truncated...]Certificate Extensions: 3[1]: ObjectId: ...truncated... Criticality=trueBasicConstraints:[ CA:true PathLen:...truncated...][2]: ObjectId: ...truncated... Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][3]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [...truncated...]]] Algorithm: [SHA256withRSA] Signature:...truncated...]http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 333*** ECDH ServerKeyExchangeSignature Algorithm SHA256withRSAServer key: Sun EC public key, 256 bits public x coord: ...truncated... public y coord: ...truncated... parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 4*** ServerHelloDone*** ECDHClientKeyExchangeECDH Public value: { 4, 144, 81, 42, 27, 249, 12, 198, 167, 196, 189, 75, 11, 160, 39, 39, 10, 147, 244, 224, 161, 27, 200, 75, 153, 157, 161, 124, 97, 202, 134, 160, 96, 188, 86, 81, 42, 150, 115, 66, 254, 51, 50, 149, 2, 63, 191, 181, 70, 178, 233, 233, 207, 214, 235, 200, 52, 51, 47, 139, 211, 246, 147, 2, 250 }http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 70SESSION KEYGEN:PreMaster Secret:...truncated...CONNECTION KEYGEN:Client Nonce:...truncated...Server Nonce:...truncated...Master Secret:...truncated...0020: 5B 12 25 BC 53 8B 7C B8 D3 35 60 56 EE D8 8C E4 [.%.S....5`V....... no MAC keys used for this cipherClient write key:...truncated...Server write key:...truncated...Client write IV:...truncated...Server write IV:...truncated...http-nio-8080-exec-10, WRITE: TLSv1.2 Change Cipher Spec, length = 1*** Finishedverify_data: ...truncated...***http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 40http-nio-8080-exec-10, READ: TLSv1.2 Change Cipher Spec, length = 1http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 40*** Finishedverify_data: ...truncated...***%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]http-nio-8080-exec-10, WRITE: TLSv1.2 Application Data, length = 2348http-nio-8080-exec-10, READ: TLSv1.2 Application Data, length = 1123 最佳答案 我们实际上是在远程日志记录的帮助下发现了问题：在Linux机器上，所请求的URL包含端口号（即https://remote:443），而在Windows机器上，所定义的URL没有端口（即）。从Linux配置中删除端口后，一切运行正常。AFAIK端口号不应该是证书验证的一部分，但是远程Web服务似乎仍然包含它。无论如何，我们的问题就解决了。