概述

當(dāng)使用httpclinet發(fā)起https請(qǐng)求時(shí)報(bào)如下錯(cuò)誤： javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failureat com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1657)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:261)at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:118)at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:357)at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:218)at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:194)at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:85)at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)

未解決參照url

訪問https，拋出的異常javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
使用HttpClient發(fā)送HTTPS請(qǐng)求以及配置Tomcat支持SSL

分析過程

背景交待

由于證書是字自簽自發(fā)，并且加固過，相信很多人會(huì)問為什么加固， 因?yàn)槟闳绻患庸痰脑抙ttps將在ff中無法訪問，錯(cuò)誤如下：

解決方案參照Tomcat6+JDK6如何加固，解決Logjam attack

解決過程分析

不加固是否可以直接訪問

經(jīng)測(cè)試 不加固的情況訪問沒有問題

加固后不能訪問原因分析

因?yàn)榧庸讨饕侵付藀rotocols和ciphers，所以請(qǐng)求時(shí)是否也可以指定protocols和ciphers，查閱官方文檔發(fā)現(xiàn)如下信息

通過在httpclient請(qǐng)求之前設(shè)置protocols和ciphers，代碼如下:

System.setProperty("https.protocols", "與server.xml中的protocols一致");System.setProperty("https.cipherSuites", "與server.xml中的ciphers一致");

重新發(fā)起請(qǐng)求，發(fā)現(xiàn)還是報(bào)錯(cuò)

分析設(shè)置是否生效

通過debug httpclinet下HttpClientBuilder類的源代碼發(fā)現(xiàn)如下

則將代碼增加如下粗體：
HttpClients.custom().useSystemProperties().setDefaultRequestConfig(defaultRequestConfig).setSslcontext(sslcontext).build();
重新發(fā)起請(qǐng)求，發(fā)現(xiàn)還是報(bào)錯(cuò)

查詢本地支持的協(xié)議及算法

代碼如下：

public class HttpsTest {public static void main(String[] args) {SSLContext sc;try {sc = SSLContext.getInstance("TLS");// 實(shí)現(xiàn)一個(gè)X509TrustManager接口，用于繞過驗(yàn)證，不用修改里面的方法X509TrustManager trustManager = new X509TrustManager() {@Overridepublic void checkClientTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,String paramString) throws CertificateException {}@Overridepublic void checkServerTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,String paramString) throws CertificateException {}@Overridepublic java.security.cert.X509Certificate[] getAcceptedIssuers() {return null;}};sc.init(null, new TrustManager[] { trustManager }, null);System.out.println("缺省安全套接字使用的協(xié)議: " + sc.getProtocol()); // 獲取SSLContext實(shí)例相關(guān)的SSLEngine SSLEngine en = sc.createSSLEngine(); System.out .println("支持的協(xié)議: " + Arrays.asList(en.getSupportedProtocols())); System.out.println("啟用的協(xié)議: " + Arrays.asList(en.getEnabledProtocols())); System.out.println("支持的加密套件: " + Arrays.asList(en.getSupportedCipherSuites())); System.out.println("啟用的加密套件: " + Arrays.asList(en.getEnabledCipherSuites())); } catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace();}} } 然后在httpclient請(qǐng)求之前設(shè)置protocols和ciphers， System.setProperty("https.protocols", "其值為服務(wù)器和本地相同的");System.setProperty("https.cipherSuites", "其值為服務(wù)器和本地相同的");

重新發(fā)起請(qǐng)求，請(qǐng)求成功。

版本說明

httpclinet：4.3.1
jdk：1.6
tomcat：6

httpclient發(fā)起請(qǐng)求代碼

訪問 https://gitee.com/die/help_common.git中的httpclinet進(jìn)行下載

參考文章

HttpClient如何指定CipherSuites

轉(zhuǎn)載于:https://blog.51cto.com/2074199/2088928

總結(jié)

以上是生活随笔為你收集整理的记录一次解决httpcline请求https报handshake_failure错误的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。