无法发送Https请求(在SSLv3中运行Tomcat8.5)

Question

我正在使用Nio和Java1.8在tomcatv8.5 SSLv3文件中设置server.xml。当我点击来自IE的请求时，我得到了响应，但是通过java代码，我得到了下面的异常。

javax.net.ssl.SSLHandshakeException:收到致命警报: handshake_failure

我更新了users/db8/Appdata/LocalLow/sun/java/deployment/deployment.properties (deployment.security.SSLv3=true)中的development.properties，并从java.security文件中删除了SSLv3。我在中启用了sslv3。

    server.xml 
    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" 
    port="8443" maxThreads="200" scheme="https" secure="true" 
    SSLEnabled="true" keystoreFile="keystore.jks" keystorePass="changeit" 
    clientAuth="false" sslProtocol="SSLv3" />

java code

import java.net.URL;
import java.io.*;
import javax.net.ssl.HttpsURLConnection;
import java.net.HttpURLConnection;

public class JavaHttpsExample
{
public static void main(String[] args) throws Exception {
    String certificatesTrustStorePath = "keystore.jks";
    System.setProperty("javax.net.ssl.trustStore",
    certificatesTrustStorePath);
    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
    System.setProperty("https.protocols", "SSLv3");
    System.setProperty("jdk.tls.client.protocols", "SSLv3");
    String httpsURL = "https://ip:8443/test/getData";
    URL myUrl = new URL(httpsURL);
    HttpsURLConnection conn = (HttpsURLConnection)myUrl.openConnection();
    try{       
    InputStream is = conn.getInputStream();
    InputStreamReader isr = new InputStreamReader(is);
    BufferedReader br = new BufferedReader(isr);
    String inputLine;
    while ((inputLine = br.readLine()) != null) {
    System.out.println(inputLine);
    }
    br.close();
    } catch(Exception e){
    System.out.println("exxception"+e);
    }    
    }
    } 

在更新debug = all之后，我将添加结果

允许不安全的重新协商: false允许遗留的hello消息: true是初始握手: true是安全的重新协商: false main，setSoTimeout(0)调用%%没有缓存的客户端会话更新握手状态: client_hello1即将到来的握手状态: server_hello2 * ClientHello，SSLv3 RandomCookie: GMT: 1547297410字节={ 170，53,106，27，73，55，4，39,195,152，66，1,124,244，6,114,106,181，46,183,184,202，56,105,225,158,210，195 }会话ID：{}密码套件: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA、TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA、TLS_RSA_WITH_AES_256_CBC_SHA、TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA、TLS_ECDH_RSA_WITH_AES_256_CBC_SHA、TLS_DHE_RSA_WITH_AES_256_CBC_SHA、TLS_DHE_DSS_WITH_AES_256_CBC_SHA、TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA，TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA，TLS_RSA_WITH_AES_128_CBC_SHA，TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA，TLS_ECDH_RSA_WITH_AES_128_CBC_SHA，TLS_DHE_RSA_WITH_AES_128_CBC_SHA，TLS_DHE_DSS_WITH_AES_128_CBC_SHA，TLS_EMPTY_RENEGOTIATION_INFO_SCSV压缩方法：{0}Extensionelliptic_curves曲线名称：{secp256r1，secp384r1，secp521r1，sect283k1，sect283r1，sect409k1，sect409r1，sect571k1，sect571r1，secp256k1}扩展ec_point_formats，格式:未压缩

main: SSLv3握手，length = 107 main，READ: SSLv3 Alert，length =2 main，RECVTLSv1.2警报:致命，handshake_failure main，调用closeSocket() main，处理异常: javax.net.ssl.SSLHandshakeException:接收致命警报: handshake_failure handshake_failure收到致命警报:handshake_failure

Answer 1

您的服务器似乎支持TLS密码套件，但是您尝试使用SSLv3。您能按照链接-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2的建议使用https://dzone.com/articles/troubleshooting-javaxnetsslsslhandshakeexception-r运行程序吗?链接https://dzone.com/articles/troubleshooting-javaxnetsslsslhandshakeexception-r解释了如何排除SSL握手故障。