javax.net.ssl.SSLHandshakeException: 没有可用的身份验证方案
javax.net.ssl.SSLHandshakeException: No available authentication scheme
A google 揭示了 jdk11.0.2 中的一个错误,但我升级到 jdk11.0.3,这对我来说仍然存在。重现步骤
git clone https://github.com/deanhiller/webpieces.git- 将行
"org.gradle.java.home=/Library/Java/JavaVirtualMachines/jdk-11.0.3.jdk/Contents/Home" 添加到 ~/.gradle/gradle.properties 以将 jdk 设置为 11.0.3
- 运行
./gradlew :core:core-asyncserver:test 来自 webpieces 目录
测试用例挂起并在日志中显示
Caused by: javax.net.ssl.SSLHandshakeException: No available authentication scheme
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:945)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:934)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1224)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1160)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:849)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:810)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1052)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:999)
at org.webpieces.ssl.impl.AsyncSSLEngine2Impl.createRunnable(AsyncSSLEngine2Impl.java:94)
... 12 common frames omitted
我应该提交另一个 JDK 错误,或者有人有任何想法吗?
JDK resolved/related 错误:https://bugs.openjdk.java.net/browse/JDK-8211426
请注意,由于某些原因,这修复了它:
System.setProperty("jdk.tls.server.protocols", "TLSv1.2");
嗯,有人知道如何生成适用于 TLSv1.2 和 TLSv1.3 的自签名证书吗?
假设这是相关的问题,而不是 TLS 1.3 的另一个问题。
您的证书使用的是 DSA 算法,该算法不久前已被弃用,取而代之的是 RSA,并且在 TLS1.3 中完全不受支持。确保改为创建 RSA 证书。
似乎 java keytool 的不太旧的版本可能默认创建了 DSA 证书……一个不幸的默认。您可以使用此命令来验证证书类型。
openssl x509 -in certificate.crt -text
Certificate:
...
Signature Algorithm: dsa_with_SHA256
...
Subject Public Key Info:
Public Key Algorithm: dsaEncryption
A google 揭示了 jdk11.0.2 中的一个错误,但我升级到 jdk11.0.3,这对我来说仍然存在。重现步骤
git clone https://github.com/deanhiller/webpieces.git- 将行
"org.gradle.java.home=/Library/Java/JavaVirtualMachines/jdk-11.0.3.jdk/Contents/Home"添加到~/.gradle/gradle.properties以将 jdk 设置为 11.0.3 - 运行
./gradlew :core:core-asyncserver:test来自 webpieces 目录
测试用例挂起并在日志中显示
Caused by: javax.net.ssl.SSLHandshakeException: No available authentication scheme
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:945)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:934)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1224)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1160)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:849)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:810)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1052)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:999)
at org.webpieces.ssl.impl.AsyncSSLEngine2Impl.createRunnable(AsyncSSLEngine2Impl.java:94)
... 12 common frames omitted
我应该提交另一个 JDK 错误,或者有人有任何想法吗?
JDK resolved/related 错误:https://bugs.openjdk.java.net/browse/JDK-8211426
请注意,由于某些原因,这修复了它:
System.setProperty("jdk.tls.server.protocols", "TLSv1.2");
嗯,有人知道如何生成适用于 TLSv1.2 和 TLSv1.3 的自签名证书吗?
假设这是相关的问题,而不是 TLS 1.3 的另一个问题。
您的证书使用的是 DSA 算法,该算法不久前已被弃用,取而代之的是 RSA,并且在 TLS1.3 中完全不受支持。确保改为创建 RSA 证书。
似乎 java keytool 的不太旧的版本可能默认创建了 DSA 证书……一个不幸的默认。您可以使用此命令来验证证书类型。
openssl x509 -in certificate.crt -text
Certificate:
...
Signature Algorithm: dsa_with_SHA256
...
Subject Public Key Info:
Public Key Algorithm: dsaEncryption