本文介绍了javax.net.ssl.SSLProtocolException:握手消息序列冲突,2的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试通过XMPP协议建立TLS安全的(具有客户端身份验证)连接.我使用的是标准端口,而不是专用的SSL端口(显然已弃用). startTLS进程永远不会完成握手.

I am trying to establish a TLS secured (with client authentication) connection over the XMPP protocol. I am using the standard port rather than dedicated SSL port, which apparently is deprecated. The startTLS process never completes the handshake.

我收到: javax.net.ssl.SSLProtocolException:握手消息序列冲突,2

调试摘录显示我的客户端收到来自服务器的意外消息.从服务器发送了CertificateRequest,但是CA列表为空.

Excerpts from debug show that my client receives an unexpected message from server. The CertificateRequest is sent from server but CA list is empty.

是否有很多事情会导致这种握手冲突(2)?是什么原因导致服务器不发送在其信任库中配置的可接受的权限?

Are there very many things that can cause this handshake violoation (2)? What might cause the server not to send the acceptable authorities which are configured in its truststore?

感谢您的见解.

已更新:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@ PROTOTYPE: TLS client authentication XMPP connection. @@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
USER: 111111
OS:   Windows 7
Java: C:\Program Files (x86)\Java\jdk1.8.0_45\jre
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Loading trusted authorities from trust store...
adding as trusted cert:
...(trimmed)

Loading credentials from key store...
***
found key for : Signing Certificate - John K. Doe
chain [0] = [
...(trimmed)
***
Initializing SSL context for TLS...
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@ PROTOTYPE: Built XMPP connection configuration. @@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Connection instantiated.
10:17:24 AM SENT (0): <stream:stream xmlns='jabber:client' to='steerage.org' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
10:17:24 AM RECV (0): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="steerage.org" id="e7e393bd" xml:lang="en" version="1.0"><stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>EXTERNAL</mechanism></mechanisms></stream:features>
10:17:24 AM SENT (0): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls>
10:17:24 AM RECV (0): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1433793908 bytes = { 4, 180, 17, 97, 147, 6, 68, 124, 234, 40, 155, 145, 132, 27, 164, 29, 175, 239, 139, 23, 14, 133, 162, 215, 44, 220, 241, 2 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [type=host_name (0), value=steerage.org]
***
Smack Packet Reader (0), WRITE: TLSv1.2 Handshake, length = 239
Smack Packet Reader (0), READ: TLSv1.2 Handshake, length = 3708
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1433793908 bytes = { 238, 60, 108, 5, 104, 190, 219, 147, 215, 187, 195, 89, 114, 224, 165, 213, 141, 48, 112, 176, 129, 42, 78, 190, 196, 119, 143, 101 }
Session ID:  {85, 118, 245, 116, 90, 98, 141, 24, 47, 246, 162, 187, 92, 255, 11, 153, 45, 237, 178, 52, 9, 196, 116, 50, 61, 190, 48, 63, 26, 70, 155, 58}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=steerage....(trimmed)

***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=TKT Root CA 2, ...(trimmed)

*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
  public x coord: 16285061615265061295479758192758299168932729034919494399422438099012833644130
  public y coord: 91712186275093768179410924600166089746856150468196826634149937267800342978949
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<Empty>
*** ServerHelloDone
matching alias: john.k.doe.1258700011
matching alias: Card Authentication Certificate
matching alias: Authentication Certificate - John K. Doe
matching alias: Encryption Certificate - John K. Doe (Archived) - 12/4/2013
matching alias: [email protected]
matching alias: Signing Certificate - John K. Doe
matching alias: Encryption Certificate - John K. Doe
org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 5000ms (~5s). Used filter: No filter used or filter was 'null'.
    at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackException.java:106)
    at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackException.java:85)
    at org.jivesoftware.smack.SynchronizationPoint.checkForResponse(SynchronizationPoint.java:192)
    at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWait(SynchronizationPoint.java:114)
    at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWaitOrThrow(SynchronizationPoint.java:97)
    at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection.java:837)
    at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.java:360)
    at pke4chat.TestProtoType.main(TestProtoType.java:87)
10:17:29 AM SENT (0): <presence id='c06He-3' type='unavailable'><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.igniterealtime.org/projects/smack' ver='NfJ3flI83zSdUDzCEICtbypursw='/></presence>
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=John K. Doe, ...(trimmed)

***
*** ECDHClientKeyExchange
ECDH Public value:  { 4, 183, 254, 13, 26, 104, 205, 105, 32, 193, 10, 62, 33, 82, 142, 4, 183, 231, 178, 204, 126, 170, 178, 111, 33, 155, 241, 187, 146, 182, 254, 138, 117, 145, 170, 80, 32, 176, 179, 113, 157, 193, 210, 75, 2, 195, 132, 111, 210, 183, 73, 98, 15, 201, 170, 127, 36, 15, 233, 126, 38, 225, 193, 6, 71 }
Smack Packet Reader (0), WRITE: TLSv1.2 Handshake, length = 5387
SESSION KEYGEN:
PreMaster Secret:
0000: D3 5B D2 C9 4A AD 9A E6   F4 DE 3C 3C 0B D5 A2 C2  .[..J.....<<....
0010: CA A3 BA BE 2A 50 BA 27   3F 1E D1 34 94 CD 84 A4  ....*P.'?..4....
CONNECTION KEYGEN:
Client Nonce:
0000: 55 76 F5 74 04 B4 11 61   93 06 44 7C EA 28 9B 91  Uv.t...a..D..(..
0010: 84 1B A4 1D AF EF 8B 17   0E 85 A2 D7 2C DC F1 02  ............,...
Server Nonce:
0000: 55 76 F5 74 EE 3C 6C 05   68 BE DB 93 D7 BB C3 59  Uv.t.<l.h......Y
0010: 72 E0 A5 D5 8D 30 70 B0   81 2A 4E BE C4 77 8F 65  r....0p..*N..w.e
Master Secret:
0000: 61 9B 54 1F AB B0 F6 B1   D4 3C F9 79 0E D8 E1 AD  a.T......<.y....
0010: 29 3C E1 55 8D EF 2E 8D   13 3B 94 BB 32 5F C8 7F  )<.U.....;..2_..
0020: 13 A8 48 B6 C5 0F 50 A4   B5 41 82 C6 A3 F0 41 95  ..H...P..A....A.
Client MAC write Secret:
0000: 42 1B F0 67 9E 1D 81 44   3A 76 8D D1 AD 4D 48 A4  B..g...D:v...MH.
0010: B6 27 70 12 08 FB CF 5D   39 7F 51 05 6D 08 61 F7  .'p....]9.Q.m.a.
Server MAC write Secret:
0000: DD 40 97 24 B0 96 00 A6   CD 49 02 7A 60 75 32 A2  .@.$.....I.z`u2.
0010: 80 41 FD 38 48 06 67 A7   51 E4 44 8E 72 AB 75 C4  .A.8H.g.Q.D.r.u.
Client write key:
0000: DE 5A B7 2D 9D 0F 2F C3   C9 82 D9 EA 88 0D 14 A3  .Z.-../.........
Server write key:
0000: A1 66 08 7C AB 23 56 B9   8F 09 2B 78 67 19 1F BF  .f...#V...+xg...
... no IV derived for this protocol
Jun 09, 2015 10:17:34 AM org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketWriter shutdown
WARNING: shutdownDone was not marked as successful by the writer thread
org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 5000ms (~5s). Used filter: No filter used or filter was 'null'.
    at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackException.java:106)
    at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackException.java:85)
    at org.jivesoftware.smack.SynchronizationPoint.checkForResponse(SynchronizationPoint.java:192)
    at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWait(SynchronizationPoint.java:114)
    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketWriter.shutdown(XMPPTCPConnection.java:1265)
    at org.jivesoftware.smack.tcp.XMPPTCPConnection.shutdown(XMPPTCPConnection.java:494)
    at org.jivesoftware.smack.tcp.XMPPTCPConnection.shutdown(XMPPTCPConnection.java:476)
    at org.jivesoftware.smack.AbstractXMPPConnection.disconnect(AbstractXMPPConnection.java:666)
    at org.jivesoftware.smack.AbstractXMPPConnection.disconnect(AbstractXMPPConnection.java:646)
    at pke4chat.TestProtoType.main(TestProtoType.java:105)

main, called close()
main, called closeInternal(true)
*** CertificateVerify
Signature Algorithm SHA512withRSA
Smack Packet Reader (0), WRITE: TLSv1.2 Handshake, length = 264
Smack Packet Reader (0), WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 49, 187, 92, 176, 21, 132, 60, 183, 10, 47, 235, 93 }
***
Smack Packet Reader (0), WRITE: TLSv1.2 Handshake, length = 80
main, SEND TLSv1.2 ALERT:  warning, description = close_notify
main, WRITE: TLSv1.2 Alert, length = 64
main, called closeSocket(true)
Smack Packet Writer (0), handling exception: java.net.SocketException: Socket closed
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
Smack Packet Writer (0), called closeSocket()
Smack Packet Reader (0), handling exception: java.net.SocketException: Socket closed

推荐答案

以我的经验,当客户端证书过期时会发生此异常.您可以通过

In my experience this exception happens when a client certificate has expired. You can verify your JKS client certificate by

keytool -list -keystore client.keystore.jks  -v

并检查有效期从...到...

and check the the Valid from ... to ...

这篇关于javax.net.ssl.SSLProtocolException:握手消息序列冲突,2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-09 12:41