SSLException during handshake while resuming cached session [duplicate]

只谈情不闲聊 提交于 2019-12-13 14:15:37

问题


Possible Duplicate:
SSL handshake alert: unrecognized_name error since upgrade to Java 1.7.0

My J2SE app uses HttpsUrlConnection to access a secure location. It used to work just fine until I updated my JRE to 1.7. Now I get the "Remote host closed connection during handshake" SSLException. After running the app using -Djavax.net.debug=ssl:handshake, both under JRE 1.6 and JRE 1.7, my impression is that under 1.7 the cached client session fails to resume.

UPDATE: I have come to understand that under JRE 1.6 my client app uses SSLv2Hello encapsulation. However it does not do that under JRE 1.7, which is most probably what causes the exception. My question is now this: how do I enable SSLv2Hello encapsulation for clients running on JRE 1.7?

UPDATE #2: SSLv2Hello accomplished on JRE 7 via System.setProperty("https.protocols", "TLSv1,SSLv2Hello"). However this didn't make the handshake exception go away. Turns out that the true reason for the exception is the cipher suite. On JRE 6 the server picks SSL_RSA_WITH_RC4_128_MD5 out of the client's options, while on JRE 7 it always goes with TLS_DHE_RSA_WITH_AES_128_CBC_SHA. For some reason the server can't resume cached sessions using TLS_DHE_RSA_WITH_AES_128_CBC_SHA. Problem patched using System.setProperty("https.cipherSuites", suggestedCipherSuites) where suggestedCipherSuites always starts with SSL_RSA_WITH_RC4_128_MD5. Any downsides with this approach?

UPDATE #3: The SNI extension of the client is what bothers the server. See "Server Name Indication (SNI) for JSSE client" at http://docs.oracle.com/javase/7/docs/technotes/guides/security/enhancements7.html


回答1:


In the end it turns out that the problem was related to the SNI extension in the JSSE client 1.7. The solution is to disable sending SNI records, before any access to an https location:

System.setProperty ("jsse.enableSNIExtension", "false");

Many thanks to eckes for his solution (see SSL handshake alert: unrecognized_name error since upgrade to Java 1.7.0).



来源:https://stackoverflow.com/questions/10188568/sslexception-during-handshake-while-resuming-cached-session

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!