javax.net.ssl.SSLHandshakeException:在applet中握手期间远程主机关闭连接
在我的Web应用程序中,我使用的是一个名为jar的applet,这个applet在jre 1.6和1.7之前工作正常。 但是在安全弹出和applet的阻塞错误后,我们不得不购买了一个java代码签名证书。
我已经成功签署了这个applet jar,这个applet在HTTP协议上没有任何问题。 如果我在HTTPS上打开此applet,它会开始提供SSLHandshakeException的exception。 我已经尝试了所有可能的解决方案来运行它但它失败了。
*Java Plug-in 11.25.2.18 Using JRE version 1.8.0_25-b18 Java HotSpot(TM) Client VM User home directory = C:\Users\home ---------------------------------------------------- c: clear console window f: finalize objects on finalization queue g: garbage collect h: display this help message l: dump classloader list m: print memory usage o: trigger logging q: hide console r: reload policy configuration s: dump system and deployment properties t: dump thread list v: dump thread stack x: clear classloader cache 0-5: set trace level to ---------------------------------------------------- basic: Added progress listener: sun.plugin.util.ProgressMonitorAdapter@1d2bd52 security: Expected Main URL: https://www.example.com/test.jar basic: Plugin2ClassLoader.addURL parent called for https://www.example.com/test.jar security: Accessing keys and certificate in Mozilla user profile: null security: JSS is not configured network: Cache entry not found [url: https://www.example.com/test.jar, version: null] network: Connecting https://www.example.com/test.jar with proxy=DIRECT network: Cache entry not found [url: file:/C:/Program%20Files/Java/jre1.8.0_25/lib/ext/sunec.jar, version: null] network: Cache entry not found [url: file:/C:/Program%20Files/Java/jre1.8.0_25/lib/ext/sunjce_provider.jar, version: null] network: Connecting http://www.example.com:443/ with proxy=DIRECT javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source) at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source) at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source) at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source) at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source) at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source) at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source) at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source) at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$800(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.io.EOFException: SSL peer shut down incorrectly at sun.security.ssl.InputRecord.read(Unknown Source) ... 42 more network: Cache entry not found [url: https://www.example.com/test.jar, version: null] network: Connecting https://www.example.com/test.jar with proxy=DIRECT network: Connecting http://www.example.com:443/ with proxy=DIRECT javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source) at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source) at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source) at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source) at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source) at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source) at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source) at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source) at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$800(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.io.EOFException: SSL peer shut down incorrectly at sun.security.ssl.InputRecord.read(Unknown Source) ... 40 more network: Cache entry not found [url: https://www.example.com/Apps.class, version: null] network: Connecting https://www.example.com/Apps.class with proxy=DIRECT network: Connecting http://www.example.com:443/ with proxy=DIRECT network: Cache entry not found [url: https://www.example.com/Apps/class.class, version: null] network: Connecting https://www.example.com/Apps/class.class with proxy=DIRECT network: Connecting http://www.example.com:443/ with proxy=DIRECT java.lang.ClassNotFoundException: Apps.class at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) basic: load: class Apps.class not found. java.lang.ClassNotFoundException: Apps.class at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Ignored exception: java.lang.ClassNotFoundException: Apps.class basic: Dialog type is not candidate for embedding security: Reset deny session certificate store basic: Removed progress listener: sun.plugin.util.ProgressMonitorAdapter@1d2bd52 security: Reset deny session certificate store* 在applet中,我使用简单的applet
import java.applet.*; import java.awt.*; public class Apps extends Applet{ public void paint(Graphics g){ g.drawString("Welcome in Java Applet.",40,20); } }
我们遇到了同样的问题。 我相信这是Java为SSL实现TLS 1.2的方式中的一个错误。
根据他们的文档https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls ,他们声称通过启用TLS 1.2,它向后兼容旧版本。
然而,这种情况并非如此。 禁用TLS 1.2时,我们不再获得“握手期间远程主机关闭连接”错误。
可以从Java控制面板中的“高级设置”关闭TLS 1.2支持。
完成后,applet将起作用。
在我们的例子中,我们得到了相同的例外。 但对于java1.6和1.7我们的环境如下:
- jbossAS5.1带有已部署的Web应用程序和该Web应用程序中的一个applet
- apache web server2.2.1需要客户端证书(自签名)
- 在客户端mozilla和资源管理器与导入的客户端证书,jre与导入的客户端证书
在jre控制面板中,我们禁用了SSL2客户端hello格式,并且还禁用了SSL3和TLS1.2我们只启用了TLS1.0和TLS1.1,从那时起一切正常。