Problemi di connessione tramite HTTPS/SSL tramite il proprio client Java

Question

Sto provando a stabilire una connessione a trackobot.com per ricevere alcuni dati JSON. Il server consente solo le connessioni tramite HTTPS/SSL. Ecco il codice:

java.lang.System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2"); 
URL url = new URL("https://trackobot.com/profile/history.json?username=USER&token=TOCKEN");  
InputStream is = url.openStream(); 
JsonParser parser = Json.createParser(is); 

openSteam getta javax.net.ssl.SSLHandshakeException: Ricevuto avviso fatale: handshake_failure

ho letto attraverso diversi i commenti su problemi simili, ma nessuno dei suggerimenti ha aiutato. Il certificato appropriato è nel mio truststore. Quando provo a connettermi, ad esempio, su google.com non ci sono errori. Quindi, il problema sembra essere nelle specifiche di handshake del server a cui sto cercando di connettermi.

ho eseguito il mio codice utilizzando -Djavax.net.debug = ssl tornare questo:

keyStore is : 
keyStore type is : jks 
keyStore provider is : 
init keystore 
init keymanager of type SunX509 
trustStore is: /Library/Java/JavaVirtualMachines/jdk1.8.0_25.jdk/Contents/Home/jre/lib/security/cacerts 
trustStore type is : jks 
trustStore provider is : 
init truststore 

[Here I removed hundreds of „adding as trusted cert“:… lines] 

trigger seeding of SecureRandom 
done seeding SecureRandom 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
main, setSoTimeout(0) called 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 
%% No cached client session 
*** ClientHello, TLSv1.2 
RandomCookie: GMT: 1433943269 bytes = { 109, 198, 189, 148, 62, 6, 19, 126, 179, 214, 250, 99, 207, 117, 162, 47, 62, 176, 222, 247, 98, 29, 155, 63, 255, 100, 171, 187 } 
Session ID: {} 
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 
Compression Methods: { 0 } 
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 
Extension server_name, server_name: [type=host_name (0), value=trackobot.com] 
*** 
main, WRITE: TLSv1.2 Handshake, length = 229 
main, READ: TLSv1.2 Alert, length = 2 
main, RECV TLSv1.2 ALERT: fatal, handshake_failure 
main, called closeSocket() 
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) 
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1991) 
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1104) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355) 
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1511) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1439) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) 
    at java.net.URL.openStream(URL.java:1038) 
    at trackbot.readHistory(trackbot.java:37) 
    at hsanalytics.main(hsanalytics.java:6) 
Ende 

Inoltre, io uso OpenSSL e uno script perl (analyze-ssl.pl) per controllare il server.

Per OpenSSL s_client -connect trackobot.com:443 ho ottenuto:

CONNECTED(00000003) 
depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority 
verify error:num=19:self signed certificate in certificate chain 
verify return:0 
--- 
Certificate chain 
0 s:/C=CH/CN=www.trackobot.com/emailAddress=df1c792ce8e2fc342c0c63c2fab9c6fe-1805689@contact.gandi.net 
    i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA 
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA 
    i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority 
2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority 
    i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority 
--- 
Server certificate 
-----BEGIN CERTIFICATE----- 
MIIGaTCCBVGgAwIBAgIHBaEI9iSK1jANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE 
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBE 
aWdpdGFsIENlcnRpZm 
[...] 
bnCZTkntRP7wPfw6DpPdJzt8BD0Rpp0B8fVUkqkUujP 
FEgspzHXqvAp3gzDuNVlElZ4pxSC/06x9xlPua4KnnKIPMVK0DjyXKdPgUaw6YH9 
I3SprrGd/B5AoxdPYDM1qRGC+hto3YDnAb29CRFx13mfiEF9En6YrmlZMwJ/dMjo 
RcvkqpjoxTLODmX9gWgdJ27Ublq/4f/Q9nlVfx4v00eYyqyMYY6IMlOUWEBvWoAv 
zorzLLY9PmepXJtkCw== 
-----END CERTIFICATE----- 
subject=/C=CH/CN=www.trackobot.com/emailAddress=df1c792ce8e2fc342c0c63c2fab9c6fe-1805689@contact.gandi.net 
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA 
--- 
No client certificate CA names sent 
--- 
SSL handshake has read 5848 bytes and written 328 bytes 
--- 
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA 
Server public key is 2048 bit 
Secure Renegotiation IS supported 
Compression: NONE 
Expansion: NONE 
SSL-Session: 
    Protocol : TLSv1 
    Cipher : DHE-RSA-AES256-SHA 
    Session-ID: A868799D47C550929ADF026FDC48CABD2444C96FDDAB86036196029BF7754D1B 
    Session-ID-ctx: 
    Master-Key: 6C0E428129970C6B1E358E134B12125373BED6FF50D55004A68A9042AD4E51C6D70BB8480266CC1BD1F11B093E212BFC 
    Key-Arg : None 
    Start Time: 1433943895 
    Timeout : 300 (sec) 
    Verify return code: 0 (ok) 
--- 

Per analizzare-ssl trackobot.com:443 ho ottenuto:

-- trackobot.com port 443 
! server sent unused chain certificate '/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority' 
! server sent unused chain certificate '/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority' 
* maximum SSL version : TLSv1_2 (SSLv23) 
* supported SSL versions with handshake used and preferred cipher(s): 
    * handshake protocols ciphers 
    * SSLv23 TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384 
    * TLSv1_2 TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384 
    * TLSv1_1 TLSv1_1 ECDHE-RSA-AES256-SHA 
    * TLSv1  TLSv1  ECDHE-RSA-AES256-SHA 
    * SSLv3  FAILED: SSL connect attempt failed because of handshake problems error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure 
* cipher order by  : server 
* SNI supported  : ok 
* certificate verified : ok 
* chain on 5.102.146.151 
    * [0/0] bits=2048, ocsp_uri=http://ocsp.startssl.com/sub/class1/server/ca, /C=CH/CN=www.trackobot.com/emailAddress=df1c792ce8e2fc342c0c63c2fab9c6fe-1805689@contact.gandi.net SAN=DNS:www.trackobot.com,DNS:trackobot.com 
    * [1/1] bits=2048, ocsp_uri=http://ocsp.startssl.com/ca, /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA 
    * [2/-] bits=4096, ocsp_uri=, /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority 
    * [-/2] bits=4096, ocsp_uri=, /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority 
* OCSP stapling  : no stapled response 
* OCSP status   : good (soft error: no ocsp_uri for /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority) 

Versioni:

Mac OSX 10.10.3 
OpenSSL 0.9.8zd 8 Jan 2015 
java version "1.8.0_25" 
Java(TM) SE Runtime Environment (build 1.8.0_25-b17) 
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode) 

Qualcuno può individuare dove fallisce il mio programma Java? Cosa posso fare per soddisfare i requisiti di handshake del server? Questo è davvero il problema?

Answer 1

Secondo https://www.ssllabs.com, il server supporta suite di cifratura

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA 

Essi sono elencati come "non disponibile suite di cifratura", come si può vedere nelle messaggi di debug.

In JRE/lib/security/local_policy.vaso, vediamo

// Some countries have import limits on crypto strength. This policy file 
// is worldwide importable. 

grant { 
    permission javax.crypto.CryptoPermission "DES", 64; 
    permission javax.crypto.CryptoPermission "DESede", *; 
    permission javax.crypto.CryptoPermission "RC2", 128, 
            "javax.crypto.spec.RC2ParameterSpec", 128; 
    permission javax.crypto.CryptoPermission "RC4", 128; 
    permission javax.crypto.CryptoPermission "RC5", 128, 
      "javax.crypto.spec.RC5ParameterSpec", *, 12, *; 
    permission javax.crypto.CryptoPermission "RSA", *; 
    permission javax.crypto.CryptoPermission *, 128; 
}; 

Scaricare e installare "(JCE) File illimitato Policy Forza Giurisdizione" - http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html - e posso confermare che il problema è risolto. Il file leggimi dice

causa di restrizioni all'importazione di controllo di alcuni paesi, la versione di i file delle politiche JCE che sono in bundle nel Java Runtime Environment, o JRE (TM), 8 ambiente consentono "forte" ma la crittografia limitata deve essere usata. Questo bundle di download (quello incluso questo file README) fornisce i file di criteri "forza illimitata" che non contengono restrizioni sui punti di forza crittografici.

Answer 2

Cipher Suite: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, ...

ci sono AES256 pacchetto di crittografia offerti da voi client Java.

Ignorando suite di cifratura disponibile: TLS_RSA_WITH_AES_256_CBC_SHA

Perché non sono disponibili nella vostra applicazione. Non sono un esperto di Java, ma questi non sono disponibili in Java o devono essere esplicitamente abilitati. Essi sono necessari perché il server supporta solo AES256 cifrari:

$ perl analyze-ssl.pl -v3 --all-ciphers trackobot.com 
... 
* supported ciphers with SSLv23 handshake 
* TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384 
* TLSv1_2 ECDHE-RSA-AES256-SHA384 
* TLSv1_2 ECDHE-RSA-AES256-SHA 
* TLSv1_2 DHE-RSA-AES256-GCM-SHA384 
* TLSv1_2 DHE-RSA-AES256-SHA256 
* TLSv1_2 DHE-RSA-AES256-SHA 

potrebbe essere che la versione di Java si utilizza non ha il supporto per AES256 a causa di norme per l'esportazione, vedere https://knowledge.safe.com/articles/Error_Unexpected_Behavior/Enabling-AES256-in-the-Java-Runtime-Environment-for-Single-Sign-On

Answer 3

Grazie a Steffen Ullrich's tipp ho controllato i codici java disponibili. Apparentemente, in Java 8 non hai una forza illimitata per i tuoi codici. Ad esempio, nel mio caso il mio programma non ha potuto utilizzare una crittografia AES a 256 bit richiesta dal server.

Per risolvere questo problema, Oracle fornisce un insieme di file di criteri che consentono la crittografia a forza illimitata. Lo puoi trovare here.

Gli stati README:

causa di restrizioni all'importazione di controllo di alcuni paesi, la versione di i file delle politiche JCE che sono in bundle nel Java Runtime Environment, o JRE (TM), 8 ambiente consentono Si utilizza "crittografia avanzata" ma limitata a .

Basta scaricare il pacchetto e sostituire i file appropriati come indicato nelle istruzioni di installazione. Dopo averlo fatto, la stretta di mano ha funzionato come un incantesimo.