我有一个Tomcat 7服务器,它运行一些servlet,我需要通过另一个Tomcat 7服务器通过post访问。
出于安全原因,该连接是 SSL 连接,我使用此代码进行连接:
/* Load the keyStore that includes self-signed cert as a "trusted" entry. */
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream("myjks.jks"), "123456".toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext ctx = SSLContext.getInstance("TLSv1");
ctx.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory sslFactory = ctx.getSocketFactory();
HttpClientBuilder builder = HttpClientBuilder.create();
SSLConnectionSocketFactory sslConnectionFactory =
new SSLConnectionSocketFactory(ctx,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
builder.setSSLSocketFactory(sslConnectionFactory);
Registry<ConnectionSocketFactory> registry =
RegistryBuilder.<ConnectionSocketFactory>create()
.register("https", sslConnectionFactory)
.build();
HttpClientConnectionManager ccm = new BasicHttpClientConnectionManager(registry);
builder.setConnectionManager(ccm);
CloseableHttpClient client = builder.build();
HttpPost post = new HttpPost("https://myurl.com:9999/post");
/* post has parameters - omitted */
HttpResponse response = client.execute(post);
HttpEntity entity = response.getEntity();
String responseString = EntityUtils.toString(entity, "UTF-8");
int httpCode = response.getStatusLine().getStatusCode();
System.out.println(responseString);
System.out.println(httpCode);
有问题:每次我尝试连接时,我都会得到
收到致命警报:handshake_failure
现在,奇怪的是,通过普通的java应用程序运行的完全相同的代码只是工作和输出
<response data>
200
服务器上的代码在带有Java 6的Apache Tomcat 7.0.42上运行,Java应用程序在Java 6上运行。
以下是 Tomcat-SSL 服务器连接器的配置方式:
<Connector port="${tomcat.ssl.port}" protocol="HTTP/1.1"
enableLookups="false"
SSLEnabled="true" scheme="https" sslProtocol="TLS" secure="true" clientAuth="false"
keystoreFile="${catalina.base}/conf/certstore/server.jks"
keystorePass="123456"
truststoreFile="${catalina.base}/conf/certstore/ca.jks"
truststorePass="123456"
URIEncoding="UTF-8"
ciphers="SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
/>
以下是支持的密码:
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
到雄猫的连接会出现这些问题?我应该怎么做才能使这段代码正常工作?
可能是因为Tomcat使用的JVM与您用于手动执行此命令的JVM不同。较新的Java版本对SSL连接更加严格。某些协议在可能引发此错误的较新版本中是不允许的。