javax.net.ssl.SSLException: Received fatal alert: protocol_version

问题:

Has anyone encountered this error before? I'm new to SSL, is there anything obviously wrong with my ClientHello that I'm missing? That exception is thrown with no ServerHello response. Any advice is appreciated.

*** ClientHello, TLSv1 RandomCookie:  GMT: 1351745496 bytes = { 154, 151, 225, 128, 127, 137, 198, 245, 160, 35, 124, 13, 135, 120, 33, 240, 82, 223, 56, 25, 207, 231, 231, 124, 103, 205, 66, 218 } Session ID:  {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods:  { 0 } *** [write] MD5 and SHA1 hashes:  len = 75 0000: 01 00 00 47 03 01 51 92   00 D8 9A 97 E1 80 7F 89  ...G..Q......... 0010: C6 F5 A0 23 7C 0D 87 78   21 F0 52 DF 38 19 CF E7  ...#...x!.R.8... 0020: E7 7C 67 CD 42 DA 00 00   20 00 04 00 05 00 2F 00  ..g.B... ...../. 0030: 33 00 32 00 0A 00 16 00   13 00 09 00 15 00 12 00  3.2............. 0040: 03 00 08 00 14 00 11 00   FF 01 00                 ........... xxx, WRITE: TLSv1 Handshake, length = 75 [write] MD5 and SHA1 hashes:  len = 101 0000: 01 03 01 00 3C 00 00 00   20 00 00 04 01 00 80 00  ....<... .......="" ....="" c0="" ............="" ................="" ff="" d8="" e1="" c6="" .....q..........="" f5="" a0="" f0="" df="" cf="" e7="" ..="" cd="" da="" .g.b.="" xxx="" write:="" sslv2="" client="" hello="" message="" length="101" write="" .e....="" .....="" ......="" ..............="" .......q........="" ...g.b.="" read="" .f="">

{http://xml.apache.org/axis/}stackTrace:

javax.net.ssl.SSLException: Received fatal alert: protocol_version at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1806) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:986) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181) at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186) at  

...

回答1:

On Java 1.8 default TLS protocol is v1.2. On Java 1.6 and 1.7 default is obsoleted TLS1.0. I get this error on Java 1.8, because url use old TLS1.0 (like Your - You see ClientHello, TLSv1). To resolve this error You need to use override defaults for Java 1.8.

System.setProperty("https.protocols", "TLSv1"); 

More info on the Oracle blog.

回答2:

This seems like a protocol version mismatch, this exception normally happens when there is a mismatch between SSL protocol version used by the client and the server. your clients should use a proctocol version supported by the server.

回答3:

This is due to the fact that you send a TLSv1 handshake, but then you send a message using SSLv2 protocol;

xxx, WRITE: TLSv1 Handshake, length = 75 xxx, WRITE: SSLv2 client hello message, length = 101 

This means that the server expects the TLSv1 protocol to be used and will not accept the connection. Try specifying which protocol to use, or post some relevant code so we can have a look

回答4:

marioosh's answer seems to on the right track. It didn't work for me. So I found:

Problems connecting via HTTPS/SSL through own Java client

which uses:

java.lang.System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2"); 

Which seems to be necessary with Java 7 and a TLSv1.2 site.

I checked the site with:

openssl s_client -connect www.st.nmfs.noaa.gov:443 

using

openssl version OpenSSL 1.0.2l  25 May 2017 

and got the result:

... SSL-Session:    Protocol  : TLSv1.2    Cipher    : ECDHE-RSA-AES256-GCM-SHA384 ... 

Please note that and older openssl version on my mac did not work and I had to use the macports one.

文章来源: javax.net.ssl.SSLException: Received fatal alert: protocol_version