SSL请求从Soap UI中失败，并与fiddler代理一起工作。

Question

对SOAP服务的HTTPŞ请求并不直接从SOAP中运行，但是当我将fiddler代理放入Visual时，它也适用于Visual中的WcfTestClient。

我试过：

1.使用SOAP 5.0.0和5.2.0。

2.将这些开关：

-Djavax.net.debug=all
-Dsun.security.ssl.allowUnsafeRenegotiation=true
-Dsun.security.ssl.allowLegacyHelloMessages=true
-Dhttps.protocols=TLSv1 (because server doesn't support SSL, only TLS)

3.加入CA证书一式一份和服务器SSL证书(因为SSL证书是用“国产CA证书”签名的)

• \jdk1.7.0_51\jre\lib\security\cacerts
• 导入它们通过java控制面板。

以下是我得到的例外：

Mon Jul 06 13:42:57 CEST 2015:ERROR:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
    at sun.security.ssl.AppOutputStream.write(Unknown Source)
    at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
    at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
    at org.apache.http.impl.conn.LoggingSessionOutputBuffer.flush(LoggingSessionOutputBuffer.java:95)
    at org.apache.http.impl.io.ContentLengthOutputStream.flush(ContentLengthOutputStream.java:102)
    at org.apache.http.entity.ByteArrayEntity.writeTo(ByteArrayEntity.java:69)
    at org.apache.http.entity.HttpEntityWrapper.writeTo(HttpEntityWrapper.java:96)
    at org.apache.http.impl.client.EntityEnclosingRequestWrapper$EntityWrapper.writeTo(EntityEnclosingRequestWrapper.java:108)
    at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:120)
    at org.apache.http.impl.AbstractHttpClientConnection.sendRequestEntity(AbstractHttpClientConnection.java:263)
    at org.apache.http.impl.conn.AbstractClientConnAdapter.sendRequestEntity(AbstractClientConnAdapter.java:227)
    at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:255)
    at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$SoapUIHttpRequestExecutor.doSendRequest(HttpClientSupport.java:119)
    at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
    at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:633)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:454)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
    at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:233)
    at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:323)
    at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:290)
    at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:220)
    at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
    at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
   Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(Unknown Source)
    ... 31 more

Answer 1

这个问题是由服务器名称指示引起的。对于运行在同一个IP:端口上的不同的FQDN-s，我们有多个SSL证书，因此服务器被迫使用SNI，这显然是支持java 7。

我不知道的另一件事是SOAP已经在安装文件夹中打包了jre，它的版本报告了1.7u55用于SOAPUI5.2.0，但是fiddler中的http请求中的用户代理报告了Java1.5。

当我们从SOAP中移除其他SSL证书时，这仅仅是为了证明这是SNI造成的。在生产中，我们必须与SNI和确保我们的客户支持它。

这里是有关SOAP的线程，但是线程中的建议不起作用，所以我假设SOAP中不支持SNI (显然是因为http客户端报告用户代理:Java1.5)