SSLv3协议、TLSv1.2协议配置不对导致javax.ws.rs.ProcessingException: java.net.SocketException: Connection reset

SSl:Secure Sockets Layer 安全套接层

TLS:Transport Layer Security传输层安全

是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。(见百度)

场景描述:将公司请求第三方公司的接口协议由http改成https后,出现了请求套接字异常的情况,第三方公司也收不到具体的请求,具体异常如下,

javax.ws.rs.ProcessingException: java.net.SocketException: Connection reset
at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:287)
at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:252)
at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:684)
at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:681)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:228)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:444)
at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:681)
at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:411)
at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:311)
at com.baoxian.payment.UnionPayPayment.request(UnionPayPayment.java:323)...

Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:209)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:394)
at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:285)
... 66 more

实现http协议的代码为:

 1 import java.security.SecureRandom;
 2 import java.security.cert.X509Certificate;
 3
 4 import javax.net.ssl.HostnameVerifier;
 5 import javax.net.ssl.SSLContext;
 6 import javax.net.ssl.SSLSession;
 7 import javax.net.ssl.TrustManager;
 8 import javax.net.ssl.X509TrustManager;
 9 import javax.ws.rs.client.Client;
10 import javax.ws.rs.client.ClientBuilder;
11
12 import org.apache.commons.logging.Log;
13 import org.apache.commons.logging.LogFactory;
14
15 public class ClientUtil {
16     private static Log log = LogFactory.getLog(ClientUtil.class);
17     private static SSLContext sslContext = null;
18     private static HostnameVerifier hv = null;
19     public static Client sslClient = null;
20     public static Client client = null;
21     static{
22         client = ClientBuilder.newClient();
23         try {
24             sslContext = SSLContext.getInstance("SSLv3");
25             sslContext.init(null, new TrustManager[] { new X509TrustManager() {
26                 public X509Certificate[] getAcceptedIssuers() {
27                     return new X509Certificate[0];
28                 }
29
30                 public void checkClientTrusted(X509Certificate[] certs, String authType) {
31                 }
32
33                 public void checkServerTrusted(X509Certificate[] certs, String authType) {
34                 }
35             } }, new SecureRandom());
36         } catch (Exception e) {
37             log.error("SSL失败", e);
38         }
39         hv = new HostnameVerifier() {
40             public boolean verify( String arg0, SSLSession arg1 ) { return true; }
41         };
42         sslClient = ClientBuilder.newBuilder().hostnameVerifier(hv).sslContext(sslContext).build();
43     }
44 }

调用ClientUtil类的代码

1         url = url + "?data=" + URLEncoder.encode(jsonObject.toJSONString(), "UTF-8");
2         log.info("银联请求: type: " + transType + ", URL:" + url);
3         4
5         Response response = ClientUtil.client.                 .target(url)
7                 .request()
8                 .get();

这里的代码写死了只能用SSLv3安全协议,一运行的时候就报连接错误。可是,同样的请求放到google浏览器上请求就可以通过。

把请求复制到google浏览器请求栏,按F12,点击enter键,查看Security菜单栏输出的网页内容,发现这个请求接受TLS1.2安全协议

为了不影响其它类使用SSL协议,对这个类进行重写。重写后类,新增了获取制定安全协议的方法,支持指定安全协议的请求。
 1 import java.security.SecureRandom;
 2 import java.security.cert.X509Certificate;
 3
 4 import javax.net.ssl.HostnameVerifier;
 5 import javax.net.ssl.SSLContext;
 6 import javax.net.ssl.SSLSession;
 7 import javax.net.ssl.TrustManager;
 8 import javax.net.ssl.X509TrustManager;
 9 import javax.ws.rs.client.Client;
10 import javax.ws.rs.client.ClientBuilder;
11
12 import org.apache.commons.logging.Log;
13 import org.apache.commons.logging.LogFactory;
14
15 public class ClientUtil {
16     private static Log log = LogFactory.getLog(ClientUtil.class);
17     private static SSLContext sslContext = null;
18     private static HostnameVerifier hv = null;
19     public static Client sslClient = null;
20     public static Client client = null;
21     private static TrustManager simpleTrust=null;
22     static{
23         client = ClientBuilder.newClient();
24         try {
25             sslContext = SSLContext.getInstance("SSLv3");
26             simpleTrust=new X509TrustManager() {
27                 public X509Certificate[] getAcceptedIssuers() {
28                     return new X509Certificate[0];
29                 }
30
31                 public void checkClientTrusted(X509Certificate[] certs, String authType) {
32                 }
33
34                 public void checkServerTrusted(X509Certificate[] certs, String authType) {
35                 }
36             };
37             sslContext.init(null, new TrustManager[] { simpleTrust}, new SecureRandom());
38         } catch (Exception e) {
39             log.error("SSL失败", e);
40         }
41         hv = new HostnameVerifier() {
42             public boolean verify( String arg0, SSLSession arg1 ) { return true; }
43         };
44         sslClient = ClientBuilder.newBuilder().hostnameVerifier(hv).sslContext(sslContext).build();
45     }
46
47     public static Client getSslClient(String protocol)
48     {
49         try {
50             SSLContext sslContextTmp= SSLContext.getInstance(protocol);
51             sslContextTmp.init(null, new TrustManager[] { simpleTrust}, new SecureRandom());
52             return ClientBuilder.newBuilder().hostnameVerifier(hv).sslContext(sslContextTmp).build();
53         }
54         catch (Exception ex)
55         {
56             return ClientBuilder.newBuilder().hostnameVerifier(hv).sslContext(sslContext).build();
57         }
58     }
59 }

改正后的调用方法

1         url = url + "?data=" + URLEncoder.encode(jsonObject.toJSONString(), "UTF-8");
2
3         Response response = ClientUtil.getSslClient("TLSv1.2")
4                 .target(url)
5                 .request()
6                 .get();

说明:不同第三方公司支持https协议的时候可以用不同安全协议,对于不同的情况要予以考虑。

				


				
时间: 2024-12-29 23:45:24 

		


		


	

	
	

		


		
SSLv3协议、TLSv1.2协议配置不对导致javax.ws.rs.ProcessingException: java.net.SocketException: Connection reset的相关文章


								

		

			

                jenkins权限配置不对导致jenkins无法登陆
			

		

		

									

				提醒:每次更改权限时,要将config.xml备份一下. 在打开jenkins后,没有创建用户前,先不要勾选系统设置中启用安全选项,如果勾选了,就会出现无法进入jenkins的现象. 如果已经勾选可以通过如下方法来解决: 在jenkins默认的主目录.jenkins中修改config.xml文件,将文件下的几行 <useSecurity>true</useSecurity> <authorizationStrategy class="hudson.security.			

		

	

				

		

			

                事务配置不对导致:?Could not obtain transaction-synchronized Session for current thread
			

		

		

									

				Struts has detected an unhandled exception: Messages: ?Could not obtain transaction-synchronized Session for current thread File: org/springframework/orm/hibernate5/SpringSessionContext.java Line number: 132 Stacktraces org.hibernate.HibernateExcepti			

		

	

				

		

			

                Cisco PT模拟实验(20) 通过TFTP协议备份、恢复配置或系统升级
			

		

		

									

				Cisco PT模拟实验(20) 通过TFTP协议备份.恢复配置或系统升级 实验目的: 掌握TFTP方式备份.恢复配置文件的基本命令 掌握TFTP上传IOS文件并升级系统的方法 熟悉TFTP协议文件传输的原理 实验背景: 交换机.路由器等网络设备内的用户配置是网络得以正常运行的重要保证,也是网络维护管理的重要内容,在复杂的网络中,网络设备配置往往比较复杂,一旦用户配置丢失,要用手工恢复不仅工作量相当大,而且容易出错.现在要求利用TFTP协议在完成路由器配置后进行配置备份,并向一台路由器上传IOS			

		

	

				

		

			

                动态路由RIP协议的原理及配置
			

		

		

									

				动态路由RIP协议的原理及配置 一:RIP路由协议原理 ? RIP 路由协议是基于距离矢量算法,使用跳数(metric)来衡量到达目标地址的距离.它是一个用于路由器和主机间交换路由信息的距离向量协议.这种协议的路由器只与自己相邻的路由器交换信息,范围限制在15跳之内. 二:实验目的 使得一台主机能通过RIPv2协议动态获取到另一台主机分配的ip地址 三:实验操作 1.使用装有GNS3的电脑,打开GNS3,拖出三台路由器和两台PC机,用双绞线链接好.该标记的标记以便自己查看,并开启. 2.现在开始			

		

	

				

		

			

                深入理解HTTP协议、HTTP协议原理分析
			

		

		

									

				深入理解HTTP协议.HTTP协议原理分析 目录(?)[+] http协议学习系列 1. 基础概念篇 1.1 介绍 HTTP是Hyper Text Transfer Protocol(超文本传输协议)的缩写.它的发展是万维网协会(World Wide Web Consortium)和Internet工作小组IETF(Internet Engineering Task Force)合作的结果,(他们)最终发布了一系列的RFC,RFC 1945定义了HTTP/1.0版本.其中最著名的就是RFC 26			

		

	

				

		

			

                【转】SSL协议、SET协议、HTTPS简介
			

		

		

									

				一.SSL协议简介 SSL是Secure Socket Layer的缩写,中文名为安全套接层协议层.使用该协议后,您提交的所有数据会首先加密后,再提交到网易邮箱,从而可以有效防止黑客盗取您的用户名.密码和通讯内容,保证了您个人内容的安全. 具体地说,SSL (Secure Socket Layer) 为Netscape所研发,用以保障在Internet上数据传输之安全,利用数据加密(Encryption)技术,可确保数据在网络 上之传输过程中不会被截取及窃听.目前一般通用之规格为40 bit之安			

		

	

				

		

			

                Android通过Http协议POST请求异常(Connection reset by peer)
			

		

		

									

				上周遇到了一个Connection reset by peer 网络连接问题,为此,我找遍了中英文的一些网站,搜遍了能找的每个角落,发现了出现这种状况的原理,该java异常在客户端和服务器端都有可能发生,引起该异常的原因有: Connection reset by peer的常见原因: 1)服务器的并发连接数超过了其承载量,服务器会将其中一些连接关闭: 如果知道实际连接服务器的并发客户数没有超过服务器的承载量,则有可能是中了病毒或者木马,引起网络流量异常.可以使用netstat -an查看网络连			

		

	

				

		

			

                浅谈幸运28源码下载FIle协议与Http协议及区别
			

		

		

									

				先看三段代码: index.html: 复制代码<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-equiv="X-UA-C			

		

	

				

		

			

                TCP协议,UDP协议,Utp,双绞线,DHCP协议,子网掩码,LAN,VLAN,网口,服务器,UI设计,Linux系统,Unix系统,名词解释
			

		

		

									

				TCP协议: TCP:Transmission Control Protocol 传输控制协议TCP是一种面向连接(连接导向)的.可靠的.基于字节流的运输层(Transport layer)通信协议,由IETF的RFC 793说明(specified).在简化的计算机网络OSI模型中,它完成第四层传输层所指定的功能,UDP是同一层内另一个重要的传输协议. UDP协议: UDP 是User Datagram Protocol的简称, 中文名是用户数据报协议,是OSI(Open System Int