httpclient访问https网站失败(peer not authenticated)的解决办法
2016-04-07 00:00
453 查看
摘要: 这个问题困扰了好几天,终于在今天成功解决了,和代码一点关系都没有。但是原理还是不是太明白。有明白的大牛来解释下吧。
最近一个订购数据的爬虫出现了问题,问题报错peer not authenticated
百度搜索,各种解决方案,但大都是一个思路,忽略证书验证。但是我的代码里已经做了相关的证书忽略的步骤。
为什么还是出现这个错误?百思不得其解。
随后尝试了导入本地证书,还有各种版本的证书忽略版本的尝试。均以失败告终。
一个现象引起了我的注意:就是这个爬虫在我的linux mint环境下运行正常。而在windows 7下运行不正常。有可能是环境的问题。linux 下装的是openjdk7 win7下安装的jdk7 1.7.0_79。而服务器上安装的是jdk 1.7.0_55
难不成真实jdk 的问题?
随后在代码中开启了debug 的模式,
在Linux下调试的运行的结果:
win7下调试内容
对比很明显,win7下忽略的加密套件更多一些,估计就是这个问题。
在stack overflow看到一个提问,大概是说,因为客户端的加密机制太简单,服务器认为不安全,握手失败。
这个错误:
这样目标就很明确了。随后找到一个这个帖子,和我的问题一样一样的。
解决办法里面说的很清楚了。需要一个
去
下载就好了。我下载的jdk7的,里面包含了两个jar.
在你的
貌似这个文件夹在jre下
替换后,重新运行爬虫,不再报错了。成功的获取了订单号。
早上一来竟然解决了昨天晚上搞了一晚上没有解决的问题,我也是醉了。。。
最近一个订购数据的爬虫出现了问题,问题报错peer not authenticated
百度搜索,各种解决方案,但大都是一个思路,忽略证书验证。但是我的代码里已经做了相关的证书忽略的步骤。
为什么还是出现这个错误?百思不得其解。
随后尝试了导入本地证书,还有各种版本的证书忽略版本的尝试。均以失败告终。
一个现象引起了我的注意:就是这个爬虫在我的linux mint环境下运行正常。而在windows 7下运行不正常。有可能是环境的问题。linux 下装的是openjdk7 win7下安装的jdk7 1.7.0_79。而服务器上安装的是jdk 1.7.0_55
难不成真实jdk 的问题?
随后在代码中开启了debug 的模式,
System.setProperty("javax.net.debug", "ssl");
在Linux下调试的运行的结果:
true adding as trusted cert: Subject: 证书内容略去 trigger seeding of SecureRandom done seeding SecureRandom executing requestGET HTTP/1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false %% No cached client sess
win7下调试内容
true adding as trusted cert: 证书内容略去 trigger seeding of SecureRandom done seeding SecureRandom executing requestGET HTTP/1.1 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false %% No cached client session *** ClientHello, TLSv1 …… main, WRITE: TLSv1 Handshake, length = 181 main, READ: TLSv1 Alert, length = 2 main, RECV TLSv1 ALERT: fatal, handshake_failure main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
对比很明显,win7下忽略的加密套件更多一些,估计就是这个问题。
在stack overflow看到一个提问,大概是说,因为客户端的加密机制太简单,服务器认为不安全,握手失败。
这个错误:
RECV TLSv1 ALERT: fatal, handshake_failure
这样目标就很明确了。随后找到一个这个帖子,和我的问题一样一样的。
http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html SSL Handshake failure due to unsupported cipher suite In my program which tried to open HTTPS connection to a remote server I got the following handshake error: 2014-09-19 11:33:55,649 [JBOSS-F] INFO [stdout] http--0.0.0.0-8081-2, RECV TLSv1 ALERT: fatal, handshake_failure A further dump of the log showed that it is because the 256 bit ciphers are not supported: 2014-09-19 11:33:55,549 [JBOSS-F] INFO [stdout] Opening connection to 172.17.3.45:443... 2014-09-19 11:33:55,550 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 2014-09-19 11:33:55,550 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 2014-09-19 11:33:55,550 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 2014-09-19 11:33:55,550 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 2014-09-19 11:33:55,551 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 2014-09-19 11:33:55,551 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 2014-09-19 11:33:55,551 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 2014-09-19 11:33:55,551 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 2014-09-19 11:33:55,551 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 2014-09-19 11:33:55,552 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 2014-09-19 11:33:55,552 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 2014-09-19 11:33:55,552 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 2014-09-19 11:33:55,552 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 2014-09-19 11:33:55,553 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 The problem is that to run encryption stronger than 128-bit, you will need to download and install "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" from Java SE http://www.oracle.com/technetwork/java/javase/downloads/index.html. For JDK7, it is named UnlimitedJCEPolicyJDK7.zip. To install, you will need to unzip this file, and put the 2 files inside: local_policy.jar and US_export_policy.jar, into your <JVM home>/lib/security. Then restart the java program, and the handshake failure probelm is resolved.
解决办法里面说的很清楚了。需要一个
UnlimitedJCEPolicyJDK7.zip
去
http://www.oracle.com/technetwork/java/javase/downloads/index.html
下载就好了。我下载的jdk7的,里面包含了两个jar.
在你的
<JVM home>/lib/security
貌似这个文件夹在jre下
替换后,重新运行爬虫,不再报错了。成功的获取了订单号。
早上一来竟然解决了昨天晚上搞了一晚上没有解决的问题,我也是醉了。。。
相关文章推荐
- Pull is not possible because you have unmerged ...
- Ubuntu 下修改 Could not reliably determine the serve
- 解决Default storage engine (InnoDB) is not available导致mysql无法启动的修改办法
- MySQL4 File ‘c:\mysql\share\charsets\?.conf’ not found (Errcode: 22)的解决方法
- SQL中IS NOT NULL与!=NULL的区别
- mysql4.1以上版本连接时出现Client does not support authentication protocol问题解决办法
- movie not found的解决办法(iis)
- 写php分页时出现的Fatal error的解决方法
- fatal error LNK1104: 无法打开文件“libc.lib”的解决方法
- Fatal error: Call to undefined function curl_init()解决方法
- 解决bash: mysql: command not found 的方法
- MySQL 启动报错:File ./mysql-bin.index not found (Errcode: 13)
- Fatal error: session_start(): Failed to initialize storage module: files问题解决方法
- PHP中Fatal error session_start()错误解决步骤
- Windows平台的 PHP 报错 Fatal error: Class COM not found in 的解决方法
- Apache启动错误Permission denied: httpd: could not open error log file解决方法
- sql not in 与not exists使用中的细微差别
- MYSQL出现" Client does not support authentication "的解决方法
- bash scp command not found的解决方法
- 执行setup,报错 -bash: setup: command not found