SSLHandshakeException 没有共同的密码套件 - linux 仅使用wiremock

Question

我有一个使用wiremock 作为模拟服务器的集成测试。

我的服务器设置如下：

@ClassRule
public static WireMockClassRule wireMockRule = new WireMockClassRule(wireMockConfig()
        .port(9998)
        .httpsPort(7777)
        .needClientAuth(true)
        .trustStorePath(WireMockConfiguration.getTruststorePath())
        .trustStorePassword("changeit")
        .keystorePath(WireMockConfiguration.getTruststorePath())
        .keystorePassword("changeit")
);

// we only use a single instance of the server across all tests in the class
@Rule
public WireMockClassRule instanceRule = wireMockRule;

WireMockConfiguration 在哪里：

public static String getTruststorePath() {
    return resolveFile("server.truststore");
}

public static String getKeystorePath() {
    return resolveFile("server.jks");
}

private static String resolveFile(final String file) {
    final URL resource = WireMockConfiguration.class.getClassLoader().getResource(file);
    if (resource == null) {
        throw new IllegalStateException("Could not resolve property");
    }
    return resource.getFile();
}

这在我的本地 Windows 机器上运行良好，但是当我在 CentOS 上的 jenkins 服务器上运行它时，我得到了异常：

javax.net.ssl.SSLHandshakeException: no cipher suites in common
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
    at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1035)
    at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:738)
    at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
    at com.github.tomakehurst.wiremock.jetty6.DelayableSslSocketConnector$1.run(DelayableSslSocketConnector.java:52)
    at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

我生成的密钥库和信任库如下：

keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore server.jks
keytool -genkey -alias client-alias -keyalg RSA -keypass changeit -storepass changeit -keystore client.jks
keytool -export -alias client-alias -storepass changeit -file client.cer -keystore client.jks
keytool -import -v -trustcacerts -alias client-alias -file client.cer -keystore server.truststore -keypass changeit -storepass changeit

Answer 1

问题实际上出在规则配置中

    .trustStorePath(WireMockConfiguration.getTruststorePath())
    .trustStorePassword("changeit")
    .keystorePath(WireMockConfiguration.getTruststorePath())

我将信任库设置为同时用作信任库和密钥库。