出现这个
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common 可能是证书路径,或者证书有问题 我再重构系统的时候碰到了这个问题ws的时候没问题,wss的时候证书验证不通过。 但是老版本的可以正常跑,搞了一两天发现是加载证书的时候路径有问题 %% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL] nioEventLoopGroup-9-1, fatal error: 40: no cipher suites in common javax.net.ssl.SSLHandshakeException: no cipher suites in common %% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL] nioEventLoopGroup-9-1, SEND TLSv1.2 ALERT: fatal, description = handshake_failure nioEventLoopGroup-9-1, WRITE: TLSv1.2 Alert, length = 2 nioEventLoopGroup-9-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common [Raw write]: length = 7 SSL_NULL_WITH_NULL_NULL 这个主要是匹配加密算法的 复制代码
运行参数可以打印网络连接的过程和数据
-Djavax.net.debug=all 复制代码
ssl的流程还是复杂的,可以简单的看下里面的主要信息
服务端日志
如果打印的日志如果没有下面这个,可能是证书加载的路径有问题 *** ServerHello, TLSv1.2 复制代码
客户端的协议
*** ClientHello, TLSv1.2 复制代码
网络异常,图片无法展示
|
证书生成工具 mkcert
mkcert -p12-file keystore.p12 -pkcs12 -client 192.168.0.103 127.0.0.1 localhost 复制代码
或者 keytool
注意指定这里的RSA算法 keytool -genkey -keysize 2048 -validity 365 -keyalg RSA -keypass changeit -storepass changeit -keystore wss.jks 复制代码
查看web请求的协议
网络异常,图片无法展示
|
wss的证书加载
SSLContext sslContext = SslUtil.createSSLContext("PKCS12", ResourceUtils.getFile("classpath:keystore.p12").getPath(), "changeit"); // SSLEngine engine = sslContext.createSSLEngine(); SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setNeedClientAuth(false); sslEngine.setUseClientMode(false); logger.info(sslContext.getProtocol()); logger.info("支持的协议: " + Arrays.asList(sslEngine.getSupportedProtocols())); logger.info("启用的协议: " + Arrays.asList(sslEngine.getEnabledProtocols())); logger.info("支持的加密套件: " + Arrays.asList(sslEngine.getSupportedCipherSuites())); logger.info("启用的加密套件: " + Arrays.asList(sslEngine.getEnabledCipherSuites())); pipeline.addFirst(new SslHandler(sslEngine)); 复制代码
public class SslUtil { private static volatile SSLContext sslContext = null; public static SSLContext createSSLContext(String type ,String path ,String password) throws Exception { if(null == sslContext){ synchronized (SslUtil.class) { if(null == sslContext){ // 支持JKS、PKCS12 KeyStore ks = KeyStore.getInstance(type); // 证书存放地址 InputStream ksInputStream = new FileInputStream(path); //InputStream ksInputStream = SslUtil.class.getClass().getClassLoader().getResourceAsStream("keystore.p12"); ks.load(ksInputStream, password.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password.toCharArray()); sslContext = SSLContext.getInstance("TLSv1.2"); sslContext.init(kmf.getKeyManagers(), null, null); } } } return sslContext; } }
