异常SSLException：收到致命警报：illegal_parameter后的Java 1.7升级

的Tomcat 7的升级从Tomcat 5在连接到LDAP提供了错误：关于Java 1.5异常SSLException：收到致命警报：illegal_parameter后的Java 1.7升级

任何人有

main, READ: TLSv1 Alert, length = 2 
main, RECV TLSv1 ALERT: fatal, illegal_parameter 
main, called closeSocket() 
main, handling exception: javax.net.ssl.SSLException: Received fatal alert: illegal_parameter

相同的代码工作正常使用Tomcat 5解？

Java 5的SSL请求/响应

init context 
trigger seeding of SecureRandom 
done seeding SecureRandom 
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl 
%% No cached client session 

*** ClientHello, TLSv1 

RandomCookie: GMT: 1363826094 bytes = { 214, 89, 42, 109, 152, 165, 62, 69, 126, 239, 105, 77, 178, 234, 219, 136, 35, 159, 179, 159, 108, 193, 12, 172, 7, 185, 191, 75 } 

Session ID: {} 

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] 

Compression Methods: { 0 } 

*** 

[write] MD5 and SHA1 hashes: len = 79 

0000: 01 00 00 4B 03 01 51 4A 56 AE D6 59 2A 6D 98 A5 ...K..QJV..Y*m.. 
0010: 3E 45 7E EF 69 4D B2 EA DB 88 23 9F B3 9F 6C C1 >E..iM....#...l. 
0020: 0C AC 07 B9 BF 4B 00 00 24 00 04 00 05 00 2F 00 .....K..$...../. 
0030: 35 00 33 00 39 00 32 00 38 00 0A 00 16 00 13 00 5.3.9.2.8....... 
0040: 09 00 15 00 12 00 03 00 08 00 14 00 11 01 00  ............... 

main, WRITE: TLSv1 Handshake, length = 79 

[write] MD5 and SHA1 hashes: len = 107 

0000: 01 03 01 00 42 00 00 00 20 00 00 04 01 00 80 00 ....B... ....... 
0010: 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 00 00 ..../..5..3..9.. 
0020: 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 00 13 2..8............ 
0030: 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 [email protected] 
0040: 00 80 00 00 08 00 00 14 00 00 11 51 4A 56 AE D6 ...........QJV.. 
0050: 59 2A 6D 98 A5 3E 45 7E EF 69 4D B2 EA DB 88 23 Y*m..>E..iM....# 
0060: 9F B3 9F 6C C1 0C AC 07 B9 BF 4B     ...l......K 

main, WRITE: SSLv2 client hello message, length = 107 

[Raw write]: length = 109 

0000: 80 6B 01 03 01 00 42 00 00 00 20 00 00 04 01 00 .k....B... ..... 
0010: 80 00 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 ....../..5..3..9 
0020: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 ..2..8.......... 
0030: 00 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 [email protected] 
0040: 03 02 00 80 00 00 08 00 00 14 00 00 11 51 4A 56 .............QJV 
0050: AE D6 59 2A 6D 98 A5 3E 45 7E EF 69 4D B2 EA DB ..Y*m..>E..iM... 
0060: 88 23 9F B3 9F 6C C1 0C AC 07 B9 BF 4B   .#...l......K 

[Raw read]: length = 5 

0000: 16 03 01 00 2A          ....* 

[Raw read]: length = 42 

0000: 02 00 00 26 03 01 51 4A 56 AE 69 C1 21 C1 51 EF ...&..QJV.i.!.Q. 
0010: 7B 2E 1D 34 1A 72 40 A7 BD FE B6 DF 6D B8 41 A1 [email protected] 
0020: 18 ED C9 AC 15 EE 00 00 04 00     .......... 

main, READ: TLSv1 Handshake, length = 42 

*** ServerHello, TLSv1 

RandomCookie: GMT: 1363826094 bytes = { 105, 193, 33, 193, 81, 239, 123, 46, 29, 52, 26, 114, 64, 167, 189, 254, 182, 223, 109, 184, 65, 161, 24, 237, 201, 172, 21, 238 } 

Session ID: {} 

Cipher Suite: SSL_RSA_WITH_RC4_128_MD5 

Compression Method: 0 
</pre> 
****Java 7 Requset/Response**** 
<pre> 
trigger seeding of SecureRandom 

done seeding SecureRandom 

SocketFactory Class sun.security.ssl.SSLSocketFactoryImpl 

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 

Connection: creating socket with a timeout using supplied socket factory 

Allow unsafe renegotiation: false 

Allow legacy hello messages: true 

Is initial handshake: true 

Is secure renegotiation: false 

Catalina-startStop-1, setSoTimeout(5000) called 

%% No cached client session 

*** ClientHello, TLSv1 

RandomCookie: GMT: 1364411375 bytes = { 252, 62, 19, 89, 117, 105, 113, 92, 8, 241, 158, 190, 129, 34, 137, 245, 24, 92, 177, 17, 164, 204, 114, 199, 68, 55, 199, 3 } 

Session ID: {} 

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_ 
RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WI 
TH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL 
_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 

Compression Methods: { 0 } 

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, 
secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect5 
71r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 

Extension ec_point_formats, formats: [uncompressed] 

Catalina-startStop-1, WRITE: TLSv1 Handshake, length = 149 

Catalina-startStop-1, READ: TLSv1 Alert, length = 2 

Catalina-startStop-1, RECV TLSv1 ALERT: fatal, illegal_parameter 

Catalina-startStop-1, called closeSocket() 

javax.net.ssl.SSLException: Received fatal alert: illegal_parameter 
     at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

来源

2013-03-21 user2193288

这个输出是否已经来自'-Djavax.net.debug = all'？请参阅[调试SSL/TLS连接]（http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html） – Manuel 2013-03-21 08:35:46

是的，这是输出来自-Djavax.net.debug =所有，一旦客户端sell hellomessage，在serverhello期间，我们得到这个异常 – user2193288 2013-03-25 19:55:07

我认为你需要提供更多的细节，例如**成功**握手和**失败**的客户端/服务器输出。 – Manuel 2013-03-26 06:18:09

解决这一问题的是：

禁用黄道曲线与命令：-Dcom.sun.net.ssl.enableECC=false
禁用服务器扩展名：-Djsse.enableSNIExtension=false
安装了无限制的策略jar文件。

这个解决的问题，我能够运行应用程序。

来源

2013-03-28 17:18:23 user2193288

+1很大的帮助... – 2014-02-11 09:58:00

'-Dcom.sun.net.ssl.enableECC = false'解决了我的问题 – MrSmith42 2014-02-19 12:03:32

异常SSLException：收到致命警报：illegal_parameter后的Java 1.7升级

回答

相关问题