Environment
Client JDK 1.6
Server JDK1.7 Tomcat7
when I use client of jdk6 to handshake with server of jdk7 ,it throw Received fatal alert: handshake_failure
after a hole day working ,I finally fix the problem。
SSL Protocol and CipherSuites or even tomcat version would take effect to the handshake procedure 。
take the flowing steps may help you to find and fix your problem
1.open ssl debug log
add JAVA_OPTS="-Djavax.net.debug=all" to the tomcat/bin/catalina.sh file to show detail logs
2.set cipher suit in tomcat such as
<Connector port="9446" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="500" SSLEnabled="true" scheme="https" secure="true"
truststoreFile="server.jks" truststorePass="11111111"
keystoreFile="server.jks" keystorePass="11111111"
clientAuth="true" URIEncoding="UTF-8"
ciphers="SSL_RSA_WITH_RC4_128_SHA"
add System.setProperty("https.cipherSuites","SSL_RSA_WITH_RC4_128_SHA"); in your client code
3 set JAVA_HOME value in setclasspath.sh file to use specific JDK
change tomcat7 to tomcat 8.5.32。
do not set SSLProtocol to SSLv3,just use the defalut TLSV1 protocol。
It works fine after I take the steps above .
While I'm using a Client to connect to the Server through SSL Socket in the same environment,strange thing happens,It works well,
make it clear that tomcat configuration take effects,I check the tomcat documentation,find the reason。you should be very careful if you are using a high version of tomcat with default ciphers configuration while your client are using environment of low jdk version。
while you are uing tomcat7 you should add sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello" in the configuration if you are using client of jdk version 1.6 .
网友评论