2
我使用的是Java服务器来验证苹果缴费收据与他们validation server。大约50%的请求失败,出现“SocketException:connection reset”,有效收据(稍后再次尝试成功)。重置连接(Java 8)
我没有遇到与部署在Java 7的另一台服务器这种行为,但启动时部署到Java 8
我看到默认的TLS协议在Java中8改为从使用TLSv1来的TLSv1遇到此。 2,所以我试图将默认协议更改为使用Java 7的默认协议,但没有看到任何改进。这是JVM属性我用:
-Djdk.tls.client.protocols="TLSv1,TLSv1.2,TLSv1.1"
任何想法,为什么我得到错误“SocketException:连接重置”大约一半的时间?
谢谢!
[更新]
我设法调试和SSL日志失败的请求:SSL连接被成功抢通和验证发生
DEBUG [2017-03-02 00:35:37,586] org.apache.http.impl.conn.PoolingClientConnectionManager: Connection request: [route: {s}->https://buy.itunes.apple.com:443][total kept alive: 1; route allocated: 1 of 50; total allocated: 1 of 2000]
DEBUG [2017-03-02 00:35:37,586] org.apache.http.impl.conn.PoolingClientConnectionManager: Connection leased: [id: 4][route: {s}->https://buy.itunes.apple.com:443][total kept alive: 0; route allocated: 1 of 50; total allocated: 1 of 2000]
DEBUG [2017-03-02 00:35:37,586] org.apache.http.impl.client.DefaultHttpClient: Stale connection check
dw-66 - POST /v1/reqrep, setSoTimeout(1) called
dw-66 - POST /v1/reqrep, handling exception: java.net.SocketTimeoutException: Read timed out
dw-66 - POST /v1/reqrep, setSoTimeout(15000) called
dw-66 - POST /v1/reqrep, setSoTimeout(15000) called
DEBUG [2017-03-02 00:35:37,590] org.apache.http.client.protocol.RequestAddCookies: CookieSpec selected: ignoreCookies
DEBUG [2017-03-02 00:35:37,590] org.apache.http.client.protocol.RequestAuthCache: Auth cache not set in the context
DEBUG [2017-03-02 00:35:37,590] org.apache.http.client.protocol.RequestTargetAuthentication: Target auth state: UNCHALLENGED
DEBUG [2017-03-02 00:35:37,590] org.apache.http.client.protocol.RequestProxyAuthentication: Proxy auth state: UNCHALLENGED
DEBUG [2017-03-02 00:35:37,590] org.apache.http.impl.client.DefaultHttpClient: Attempt 1 to execute request
DEBUG [2017-03-02 00:35:37,590] org.apache.http.impl.conn.DefaultClientConnection: Sending request: POST /verifyReceipt HTTP/1.1
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "POST /verifyReceipt HTTP/1.1[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "Content-Length: 6839[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "Host: buy.itunes.apple.com[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "Connection: Keep-Alive[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.headers: >> POST /verifyReceipt HTTP/1.1
DEBUG [2017-03-02 00:35:37,590] org.apache.http.headers: >> Content-Type: application/x-www-form-urlencoded
DEBUG [2017-03-02 00:35:37,590] org.apache.http.headers: >> Content-Length: 6839
DEBUG [2017-03-02 00:35:37,591] org.apache.http.headers: >> Host: buy.itunes.apple.com
DEBUG [2017-03-02 00:35:37,591] org.apache.http.headers: >> Connection: Keep-Alive
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Application Data, length = 179
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Application Data, length = 6863
dw-66 - POST /v1/reqrep, handling exception: java.net.SocketException: Connection reset
%% Invalidated: [Session-505, TLS_RSA_WITH_AES_128_GCM_SHA256]
dw-66 - POST /v1/reqrep, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Alert, length = 26
dw-66 - POST /v1/reqrep, Exception sending alert: java.net.SocketException: Broken pipe
dw-66 - POST /v1/reqrep, called closeSocket()
dw-66 - POST /v1/reqrep, called close()
dw-66 - POST /v1/reqrep, called closeInternal(true)
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.conn.DefaultClientConnection: Connection 0.0.0.0:59028<->17.173.66.179:443 closed
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.client.DefaultHttpClient: Closing the connection.
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.conn.DefaultClientConnection: Connection 0.0.0.0:59028<->17.173.66.179:443 closed
ERROR [2017-03-02 00:35:37,600] com.spaceape.http.client.HttpClient$$anon$1: http retry for it. executionCount=1
! java.net.SocketException: Connection reset
<ommitted stack trace>
INFO [2017-03-02 00:35:37,601] org.apache.http.impl.client.DefaultHttpClient: I/O exception (java.net.SocketException) caught when processing request to {s}->https://buy.itunes.apple.com:443: Connection reset
DEBUG [2017-03-02 00:35:37,603] org.apache.http.impl.client.DefaultHttpClient: Connection reset
! java.net.SocketException: Connection reset
<ommitted stack trace>
INFO [2017-03-02 00:35:37,604] org.apache.http.impl.client.DefaultHttpClient: Retrying request to {s}->https://buy.itunes.apple.com:443
DEBUG [2017-03-02 00:35:37,604] org.apache.http.impl.client.DefaultHttpClient: Reopening the direct connection.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
DEBUG [2017-03-02 00:35:37,609] org.apache.http.impl.conn.DefaultClientConnectionOperator: Connecting to buy.itunes.apple.com:443
dw-66 - POST /v1/reqrep, setSoTimeout(15000) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
...
之后。 日志上面对连接被重置的特定位是:
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Application Data, length = 179
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Application Data, length = 6863
dw-66 - POST /v1/reqrep, handling exception: java.net.SocketException: Connection reset
%% Invalidated: [Session-505, TLS_RSA_WITH_AES_128_GCM_SHA256]
dw-66 - POST /v1/reqrep, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Alert, length = 26
dw-66 - POST /v1/reqrep, Exception sending alert: java.net.SocketException: Broken pipe
dw-66 - POST /v1/reqrep, called closeSocket()
dw-66 - POST /v1/reqrep, called close()
dw-66 - POST /v1/reqrep, called closeInternal(true)
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.conn.DefaultClientConnection: Connection 0.0.0.0:59028<->17.173.66.179:443 closed
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.client.DefaultHttpClient: Closing the connection.
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.conn.DefaultClientConnection: Connection 0.0.0.0:59028<->17.173.66.179:443 closed
任何帮助将不胜感激!