调用我的 Web 服务时出现 SSL 协议错误

【问题标题】:SSL Protocol Error while calling my web service调用我的 Web 服务时出现 SSL 协议错误
【发布时间】:2019-06-20 23:39:11
【问题描述】:

我有一个 Spring REST Web 服务,它在内部调用第三方供应商提供的 SOAP Web 服务。 SOAP Web 服务客户端是使用 CXF 生成的。自从升级到我的组织提供的更新版本的 JDK 后,我看到了以下奇怪的行为

1) 如果我通过 Web 服务器调用我的 REST 服务,在第一次成功的 SOAP 调用之后,应用程序停止响应。 Web 服务器开始出现 Bad Gateway 错误。

a) 此时,如果我调用应用服务器,则它不会响应。 Chrome 显示 SSL 协议错误,但访问日志中没有条目或 chrome 开发者工具中没有任何响应。

2) 如果我直接在应用服务器上调用我的 REST 服务,即使调用了“n”次,该服务也会按预期工作。

根据我单位提供的变更日志,变更是从JDK版本jdk1.8.0_161_iaik5.5_ecc4.02到jdk1.8.0_161_iaik5.5_ecc4.02_1。

任何指针都会有所帮助。谢谢你。如果我应该在问题中添加任何其他详细信息,请告诉我。

编辑—— 添加了一些额外的日志记录,在日志中显示了一个 decode_error

[2019-01-31T13:55:17.136-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=36 _ThreadName=http-thread-pool::http-listener-2(4) ] [timeMillis:1548960917136] [levelValue:800] [[ http-thread-pool::http-listener-2(4),写入:TLSv1.2 握手,长度 = 3989]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5) ] [timeMillis:1548960917138] [levelValue:800] [[ http-thread-pool::http-listener-2(5),阅读:TLSv1.2 警报,长度 = 2]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5) ] [timeMillis:1548960917138] [levelValue:800] [[ http-thread-pool::http-listener-2(5)]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5) ] [timeMillis:1548960917138] [levelValue:800] [[ , RECV TLSv1.2 警报:]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5) ] [timeMillis:1548960917138] [levelValue:800] [[ 致命的,]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5) ] [timeMillis:1548960917138] [levelValue:800] [[ decode_error]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5) ] [timeMillis:1548960917138] [levelValue:800] [[ http-thread-pool::http-listener-2(5),致命:引擎已经关闭。重新抛出 javax.net.ssl.SSLException:收到致命警报:decode_error]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5) ] [timeMillis:1548960917138] [levelValue:800] [[ http-thread-pool::http-listener-2(5),致命:引擎已经关闭。重新抛出 javax.net.ssl.SSLException:收到致命警报:decode_error]]

【问题讨论】:

    标签: java apache payara java-security


    【解决方案1】:

    请检查第三方支持的 TLS 版本。我在连接苹果云 URL 时遇到了 Received fatal alert: decode_error。我可以通过将协议显式设置为 TLS 1.2 来修复它。

    我在How to fix 'SSLHandshakeException: Received fatal alert: decode_error'?提供了一个样本

    【讨论】:

      【解决方案2】:

      请尝试下面的代码 -

      public class NetClientPost {

public static String getMapData(String latlong) {
    String response = null;
    try {

        disableCertificateValidation();

        URL urlForGetRequest = new URL(
                "http://localhost:8080/server api url");
        String readLine = null;
        HttpURLConnection conection = (HttpURLConnection) urlForGetRequest.openConnection();
        conection.setRequestMethod("GET");
        // conection.setRequestProperty("userId", "a1bcdef"); // set userId its a sample
        // here
        int responseCode1 = conection.getResponseCode();
        if (responseCode1 == HttpURLConnection.HTTP_OK) {
            BufferedReader in1 = new BufferedReader(new InputStreamReader(conection.getInputStream()));
            StringBuffer response1 = new StringBuffer();
            while ((readLine = in1.readLine()) != null) {
                response1.append(readLine);
            }
            in1.close();
            // print result
            response = response1.toString();
            System.out.println("JSON String Result " + response1.toString());
            // GetAndPost.POSTRequest(response.toString());
        } else {
            System.out.println("GET NOT WORKED");
        }
    } catch (Exception e) {
        e.printStackTrace();
        // TODO: handle exception
    }
    return response;

}

public static void disableCertificateValidation() {
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }

        public void checkServerTrusted(X509Certificate[] certs, String authType) {
        }
    } };

    // Ignore differences between given hostname and certificate hostname
    HostnameVerifier hv = new HostnameVerifier() {
        public boolean verify(String hostname, SSLSession session) {
            return true;
        }
    };

    // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

      }

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 2013-04-14
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2022-01-22
        • 1970-01-01
        • 1970-01-01
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode