javax.net.ssl.SSLHandshakeException：没有共同的密码套件 没有共同的密码套件

Question

我正在尝试在客户端和服务器之间建立 SSL 连接。但是，每当我尝试从客户端连接时，我的服务器上都会出现 javax.net.ssl.SSLHandshakeException: no cipher suites in common no cipher suites in common 错误。我已经生成了一个带有签名证书的密钥库，并且我在我的客户端和服务器上都引用了该密钥库。在对这个问题进行了大量研究之后，我已经厌倦了，而且这个网站上的相关帖子没有帮助。

这是我的服务器代码

公共类 ServerApplicationSSL {

public static void main(String[] args) {
    boolean debug = true;

    System.out.println("Waiting For Connection");

    int intSSLport = 4444;

    {
        Security.addProvider(new Provider());
        //Security.addProvider(new BouncyCastleProvider());

        //System.setProperty("javax.net.ssl.keyStore","C:\\SSLCERT\\NEWAEDCKSSKYE");
        //System.setProperty("javax.net.ssl.keyStorePassword", "skyebank");
    }
    if (debug) {
        System.setProperty("javax.net.debug", "all");
    }
    FileWriter file = null;
    try {
        file = new FileWriter("C:\\SSLCERT\\Javalog.txt");

    } catch (Exception ee) {
        //message = ee.getMessage();

    }

    try {

        KeyStore keystore = KeyStore.getInstance("JKS");
        keystore.load(new FileInputStream("C:\\SSLCERT\\NEWAEDCKSSKYE"), "skyebank".toCharArray());
        file.write("Incoming Connection\r\n");

        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
                .getDefaultAlgorithm());
        kmf.init(keystore, "skyebank".toCharArray());

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(keystore);
        TrustManager[] trustManagers = tmf.getTrustManagers();

        SSLContext context = SSLContext.getInstance("TLS");
        context.init(kmf.getKeyManagers(), trustManagers, null);

        SSLServerSocketFactory sslServerSocketfactory = (SSLServerSocketFactory) context.getServerSocketFactory();
        SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketfactory.createServerSocket(intSSLport);

        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
        SSLServerSocket server_socket = (SSLServerSocket) sslServerSocket;
        server_socket.setNeedClientAuth(true);

        sslSocket.startHandshake();

        System.out.println("Connection Accepted");
        file.write("Connection Accepted\r\n");

        while (true) {
            PrintWriter out = new PrintWriter(sslSocket.getOutputStream(), true);
            //BufferedReader in = new BufferedReader(new InputStreamReader(sslSocket.getInputStream()));
            String inputLine;

            //while ((inputLine = in.readLine()) != null) {
            out.println("Hello Client....Welcome");
            System.out.println("Hello Client....Welcome");
            //}

            out.close();
            //in.close();
            sslSocket.close();
            sslServerSocket.close();
            file.flush();
            file.close();
        }

    } catch (Exception exp) {
        try {
            System.out.println(exp.getMessage() + "\r\n");
            System.out.println(exp.getStackTrace() + "\r\n");
            file.write(exp.getMessage() + "\r\n");
            file.flush();
            file.close();
        } catch (Exception eee) {
            //message = eee.getMessage();
        }

    }

}

}

这是我的客户代码

public String MakeSSlCall(String meternum) {
    String message = "";
    FileWriter file = null;
    try {
        file = new FileWriter("C:\\SSLCERT\\ClientJavalog.txt");

    } catch (Exception ee) {
        message = ee.getMessage();
    }
    try {
        file.write("KeyStore Generated\r\n");
        KeyStore keystore = KeyStore.getInstance("JKS");
        keystore.load(new FileInputStream("C:\\SSLCERT\\NEWAEDCKSSKYE"), "skyebank".toCharArray());
        file.write("KeyStore Generated\r\n");
        Enumeration enumeration = keystore.aliases();
        while (enumeration.hasMoreElements()) {
            String alias = (String) enumeration.nextElement();
            file.write("alias name: " + alias + "\r\n");
            keystore.getCertificate(alias);
            file.write(keystore.getCertificate(alias).toString() + "\r\n");
        }
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
                .getDefaultAlgorithm());
        kmf.init(keystore, "skyebank".toCharArray());
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(keystore);
        file.write("KeyStore Stored\r\n");
        SSLContext context = SSLContext.getInstance("SSL");
        TrustManager[] trustManagers = tmf.getTrustManagers();
        KeyManager[] AllKeysMan = kmf.getKeyManagers();

        file.write("Key Manager Length is " + AllKeysMan.length + "\r\n");

        for (int i = 0; i < AllKeysMan.length; i++) {
            file.write("Key Manager At This Point is " + AllKeysMan[i] + "\r\n");
        }
        context.init(kmf.getKeyManagers(), trustManagers, null);
        SSLSocketFactory f = context.getSocketFactory();
        file.write("About to Connect to Ontech\r\n");
        SSLSocket c = (SSLSocket) f.createSocket("192.168.1.16", 4444);
        file.write("Connection Established to 196.14.30.33 Port: 8462\r\n");
        file.write("About to Start Handshake\r\n");
        c.startHandshake();
        file.write("Handshake Established\r\n");
        file.flush();
        file.close();
        return "Connection Established";
    } catch (Exception e) {
        try {
            file.write("An Error Occured\r\n");
            file.write(e.getMessage() + "\r\n");
            file.flush();
            file.close();
        } catch (Exception eee) {
            message = eee.getMessage();
        }
        return "Connection Failed";
    }
}
}

谁能告诉我做错了什么？

Answer 1

为此，您必须使用 SSLContext。查看我在下面的一个应用程序中实现的示例代码。客户端上下文意味着您成为客户端并调用一些后端。服务器上下文意味着您接受客户端请求。

public class SSLUtil {
    private static String KEY_STORE_TYPE = "JKS";
    private static String TRUST_STORE_TYPE = "JKS";
    private static String KEY_MANAGER_TYPE = "SunX509";
    private static String TRUST_MANAGER_TYPE = "SunX509";
    private static String PROTOCOL = "TLS";

    private static SSLContext serverSSLCtx = null;
    private static SSLContext clientSSLCtx = null;

    public static SSLContext createServerSSLContext(final String keyStoreLocation,
                                                    final String keyStorePwd)
                                                                             throws KeyStoreException,
                                                                             NoSuchAlgorithmException,
                                                                             CertificateException,
                                                                             FileNotFoundException,
                                                                             IOException,
                                                                             UnrecoverableKeyException,
                                                                             KeyManagementException {
        if (serverSSLCtx == null) {
            KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
            keyStore.load(new FileInputStream(keyStoreLocation), keyStorePwd.toCharArray());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE);
            keyManagerFactory.init(keyStore, keyStorePwd.toCharArray());
            serverSSLCtx = SSLContext.getInstance(PROTOCOL);
            serverSSLCtx.init(keyManagerFactory.getKeyManagers(), null, null);
        }

        return serverSSLCtx;
    }

    public static SSLContext createClientSSLContext(final String trustStoreLocation,
                                                    final String trustStorePwd)
                                                                               throws KeyStoreException,
                                                                               NoSuchAlgorithmException,
                                                                               CertificateException,
                                                                               FileNotFoundException,
                                                                               IOException,
                                                                               KeyManagementException {
        if (clientSSLCtx == null) {
            KeyStore trustStore = KeyStore.getInstance(TRUST_STORE_TYPE);
            trustStore.load(new FileInputStream(trustStoreLocation), trustStorePwd.toCharArray());
            TrustManagerFactory trustManagerFactory =
                                                      TrustManagerFactory.getInstance(TRUST_MANAGER_TYPE);
            trustManagerFactory.init(trustStore);
            clientSSLCtx = SSLContext.getInstance(PROTOCOL);
            clientSSLCtx.init(null, trustManagerFactory.getTrustManagers(), null);
        }

        return clientSSLCtx;

    }

}

最后确保您将受信任的服务器证书导入到客户端密钥库。从字面上看，服务器和客户端应该有不同的密钥库。客户端使用的密钥库称为客户端信任库，因为我们在这里信任服务器证书。 This article 可能会有所帮助。