PHP客户端和Java服务器之间的SSL套接字连接

【问题标题】:SSL socket connection between PHP client and Java serverPHP客户端和Java服务器之间的SSL套接字连接
【发布时间】:2014-02-14 18:32:48
【问题描述】:

我正在尝试在 PHP 客户端和 Java 服务器之间建立 SSL 连接。我对 SSL 知之甚少,对此我感到很困惑。

连接不需要被信任或验证,它只需要加密数据以确保传输安全。

PHP 客户端能够连接(确认连接)到 Java 服务器,但是在两者之间握手时,我在 Java 中收到以下错误:

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: no cipher suites in common
    at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1458)
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:92)
    at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
    at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
    at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
    at java.io.InputStreamReader.read(InputStreamReader.java:184)
    at java.io.BufferedReader.fill(BufferedReader.java:154)
    at java.io.BufferedReader.readLine(BufferedReader.java:317)
    at java.io.BufferedReader.readLine(BufferedReader.java:382)
    at com.test.ConnectionHandler.getRequest(ConnectionHandler.java:23)
    at com.test.Interaction.run(Interaction.java:35)
    at java.lang.Thread.run(Thread.java:722)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266)
    at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:892)
    at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:620)
    at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:998)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:685)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:111)
    at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
    at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
    at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
    at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
    at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
    at java.io.BufferedWriter.flush(BufferedWriter.java:254)
    at java.io.PrintWriter.newLine(PrintWriter.java:482)
    at java.io.PrintWriter.println(PrintWriter.java:629)
    at java.io.PrintWriter.println(PrintWriter.java:740)
    at com.test.ConnectionHandler.println(ConnectionHandler.java:28)
    at com.test.Interaction.run(Interaction.java:29)
    ... 1 more

以及 PHP 中的这些错误:

Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:14077410:SSL routines:func(119):reason(1040) in /var/www/html/inc/node.class.php on line 48

Warning: fsockopen(): Failed to enable crypto in /var/www/html/inc/node.class.php on line 48

Warning: fsockopen(): unable to connect to ssl://127.0.0.1:30627 (Unknown error) in /var/www/html/inc/node.class.php on line 48

这是我处理套接字设置的 Java 代码:

SSLServerSocketFactory socketfactory;
SSLServerSocket ssock;

SSLContext sslContext = SSLContext.getInstance( "SSL" );

KeyStore ks = KeyStore.getInstance("JKS");
InputStream ksIs = ClassLoader.class.getResourceAsStream("resources/keystore.jks");
try {
    ks.load(ksIs, "password".toCharArray());
} catch (CertificateException e) {
    e.printStackTrace();
} finally {
    if (ksIs != null) {
        ksIs.close();
    }
}

KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, "password".toCharArray());

sslContext.init( kmf.getKeyManagers(), null, null );
socketfactory = sslContext.getServerSocketFactory();

socketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();

ssock = (SSLServerSocket) socketfactory.createServerSocket(myPort);

for(String item : ssock.getEnabledCipherSuites()) {
    System.out.println(item);
}

while(true) {
    SSLSocket sock = (SSLSocket) ssock.accept();

    new Interaction(sock);
}

这是我处理与 Java 服务器的连接的 PHP 代码: (从第 48 行开始)

$this->stream = fsockopen("ssl://127.0.0.1", 30627, $errno, $errstr);
if(!$this->stream) {
  return array(
    'errornum' => $errno,
    'errorstr' => $errstr,
  );
} else {
  return true;
}

有人可以帮助解释我做错了什么或提供解决方案吗?

--编辑

我尝试使用 Java 客户端进行连接以查看问题所在。但我仍然收到同样的错误,这显示在 Java 客户端上:

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHands
hakeException: Received fatal alert: handshake_failure
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.jav
a:1293)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.j
ava:1305)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.ja
va:43)
        at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:202)
        at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:272)
        at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:276)
        at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122)
        at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212)
        at java.io.BufferedWriter.flush(BufferedWriter.java:236)
        at Main.main(Main.java:55)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_
failure
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.ja
va:1720)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.j
ava:954)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS
LSocketImpl.java:1138)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketIm
pl.java:753)
        at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:
75)
        at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
        at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
        at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
        at java.io.InputStreamReader.read(InputStreamReader.java:167)
        at java.io.BufferedReader.fill(BufferedReader.java:136)
        at java.io.BufferedReader.readLine(BufferedReader.java:299)
        at java.io.BufferedReader.readLine(BufferedReader.java:362)
        at Main$Output.run(Main.java:77)
        at java.lang.Thread.run(Thread.java:662)

【问题讨论】:

  • 您的密钥库中是否有合适的证书及其私钥? “没有共同的密码套件...”tends to be caused by a misconfigured keystore。您至少可以连接浏览器吗?此外,在 Java 端使用信任管理器毫无意义(使用它们通常是个坏主意)。 (我不确定证书验证在 PHP 端是否足够,使用 ssl://,但这可能更难修复。)
  • 我使用命令keytool -genkey -alias MyKey -keyalg RSA -keystore keystore.jks -keysize 2048 来生成我的密钥库。我已将 Java 服务器修改为现在不使用信任库,但使用 PHP 客户端时仍会出现相同的错误。我从我的密钥库中导出了公钥并将其作为受信任的根 CA 安装在 Windows 中,并尝试使用简单的 Java 客户端进行连接,但同样的错误再次发生。

标签: java php sockets ssl encryption


【解决方案1】:

我发现问题在于加载密钥库。我将其作为资源检索的方式不起作用。

我让密钥库正确加载,然后一切正常。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2021-02-07
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2012-07-24
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode