问题
a followup to these answers: Received fatal alert: handshake_failure through SSLHandshakeException
all the possibilities are ok in my example but i still get the handshake error: http://tibi.nl/obaangifte/result.txt
i have the keystore:
keyStore is : /home/tibi/Desktop/kdebnav/pki/DigiK-keesdeboekhoudercert.p12
keyStore type is : pkcs12
keyStore provider is :
i have the trust store:
trustStore is: /tmp/jssecacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 10:36:00 CEST 2006 until Sat Oct 25 10:36:00 CEST 2036
adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Sat Jun 26 00:23:48 CEST 1999 until Wed Jun 26 00:23:48 CEST 2019
the client hello:
*** ClientHello, TLSv1
RandomCookie: GMT: 1375350579 bytes = { 158, 54, 71, 67, 110, 43, 27, 91, 239, 94, 125, 7, 57, 87, 239, 42, 229, 28, 231, 131, 77, 134, 191, 23, 136, 77, 178, 184 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: preprod.procesinfrastructuur.nl]
***
the serverhelllo:
*** ServerHello, TLSv1
RandomCookie: GMT: 1375350579 bytes = { 74, 45, 118, 102, 8, 188, 62, 178, 165, 60, 109, 211, 180, 218, 61, 151, 149, 180, 241, 248, 193, 55, 206, 2, 176, 164, 102, 2 }
Session ID: {91, 14, 36, 17, 25, 98, 4, 166, 25, 189, 88, 198, 140, 42, 21, 28, 155, 28, 54, 229, 138, 182, 118, 251, 243, 155, 202, 174, 31, 88, 32, 100}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
the sertificate chain:
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=preprod.procesinfrastructuur.nl, SERIALNUMBER=00000004003214345001, OU=Servicemanagement, O=Logius, C=NL
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 18249182214419149210063076677589967813521146456403067623241816547978446511399574886828888739243940980495266965216864064570261538559132011314039583241068526655245382555049492483634968086295975872660042957472377652917868841866865009766550390575630057931526833629624799005363185066714687725808603312876141189878703177615795166666809366300424397887245080792319353731309639868256303608109437887773404443272502678345801322558356251590562835521063923573340889085686147043181386842850641561139359477151836102358978531405403748147972314023141208157877532420828093574976212569437996452915321503760621176076037459291924005464851
public exponent: 65537
Validity: [From: Sun Sep 04 02:00:00 CEST 2011,
To: Thu Sep 04 01:59:59 CEST 2014]
Issuer: CN=Getronics CSP Organisatie CA - G2, O=Getronics Nederland BV, C=NL
SerialNumber: [ 7a96b035 922c7702 dc3382c1 d2138775]
and the found trusted certificate:
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=preprod.procesinfrastructuur.nl, SERIALNUMBER=00000004003214345001, OU=Servicemanagement, O=Logius, C=NL
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 18249182214419149210
but still the error.... here is the start where it goes wrong:
*** Finished
verify_data: { 59, 116, 38, 62, 216, 102, 26, 110, 22, 125, 51, 1 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 3B 74 26 3E D8 66 1A 6E 16 7D 33 01 ....;t&>.f.n..3.
Padded plaintext before ENCRYPTION: len = 48
0000: 14 00 00 0C 3B 74 26 3E D8 66 1A 6E 16 7D 33 01 ....;t&>.f.n..3.
0010: 8A 2A 7E 60 F1 86 96 DE EA 49 27 77 62 02 1D 94 .*.`.....I'wb...
0020: C5 7C C3 99 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ................
main, WRITE: TLSv1 Handshake, length = 48
[Raw write]: length = 53
0000: 16 03 01 00 30 DF 9C 60 94 78 FB C9 E4 B7 F9 91 ....0..`.x......
0010: 22 C0 FB 52 A9 0D 69 AB A5 9E F7 E0 9F DA AF 1F "..R..i.........
0020: B8 D7 22 D7 29 20 12 9C EF 23 16 41 D9 80 B8 F7 ..".) ...#.A....
0030: DA 78 BB E7 E9 .x...
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
回答1:
the service seemd to have a wrong wsdl. after an improved wsdl was provided i could proceed.
so take care the wsdl is good!
来源:https://stackoverflow.com/questions/21704989/sslhandshakeexception-received-fatal-alert-handshake-failure-followup