异常：javax.net.ssl.SSLException: Received fatal alert: protocol_version_凉茶微凉的博客

相关文章推荐

寂寞的芹菜 · Spring Boot ...· 1 年前 ·

玩足球的核桃 · sql查询不到结果返回空值-掘金· 1 年前 ·

不拘小节的山寨机 · 挂断电话，删除呼叫记录，接口和回调函数，分页 ...· 1 年前 ·

八块腹肌的冲锋衣 · unity踩过的音频坑 - 知乎· 1 年前 ·

眉毛粗的毛衣 · python字符串截取、查找、分割 - ...· 1 年前 ·

javax.net.ssl.SSLException: Received fatal alert: protocol_version
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
	at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:449)
	at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:434)
	at org.jsoup.helper.HttpConnection.execute(HttpConnection.java:181)
	at org.jsoup.helper.HttpConnection.get(HttpConnection.java:170)

先在代码中加入 System.setProperty("javax.net.debug", "all")或设置VM参数-Djavax.net.debug=all，以显示https握手过程，方便调试：

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
AWT-EventQueue-0, setSoTimeout(3000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1530541852 bytes = { 25, 106, 142, 179, 195, 87, 163, 223, 105, 170, 57, 91, 102, 15, 218, 48, 52, 167, 231, 83, 190, 177, 54, 27, 232, 111, 11, 140 }
Session ID:  {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: github.com]
[write] MD5 and SHA1 hashes:  len = 168
0000: 01 00 00 A4 03 01 5B 3A   37 1C 19 6A 8E B3 C3 57  ......[:7..j...W
0010: A3 DF 69 AA 39 5B 66 0F   DA 30 34 A7 E7 53 BE B1  ..i.9[f..04..S..
0020: 36 1B E8 6F 0B 8C 00 00   2A 00 33 C0 04 00 16 00  6..o....*.3.....
0030: 05 C0 03 C0 11 C0 02 C0   07 C0 13 C0 08 C0 0C 00  ................
0040: FF C0 0D C0 0E C0 09 00   2F C0 12 00 04 00 32 00  ......../.....2.
0050: 13 00 0A 01 00 00 51 00   0A 00 34 00 32 00 17 00  ......Q...4.2...
0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................
0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................
0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................
0090: 0B 00 02 01 00 00 00 00   0F 00 0D 00 00 0A 67 69  ..............gi
00A0: 74 68 75 62 2E 63 6F 6D                            thub.com
AWT-EventQueue-0, WRITE: TLSv1 Handshake, length = 168
[Raw write]: length = 173
0000: 16 03 01 00 A8 01 00 00   A4 03 01 5B 3A 37 1C 19  ...........[:7..
0010: 6A 8E B3 C3 57 A3 DF 69   AA 39 5B 66 0F DA 30 34  j...W..i.9[f..04
0020: A7 E7 53 BE B1 36 1B E8   6F 0B 8C 00 00 2A 00 33  ..S..6..o....*.3
0030: C0 04 00 16 00 05 C0 03   C0 11 C0 02 C0 07 C0 13  ................
0040: C0 08 C0 0C 00 FF C0 0D   C0 0E C0 09 00 2F C0 12  ............./..
0050: 00 04 00 32 00 13 00 0A   01 00 00 51 00 0A 00 34  ...2.......Q...4
0060: 00 32 00 17 00 01 00 03   00 13 00 15 00 06 00 07  .2..............
0070: 00 09 00 0A 00 18 00 0B   00 0C 00 19 00 0D 00 0E  ................
0080: 00 0F 00 10 00 11 00 02   00 12 00 04 00 05 00 14  ................
0090: 00 08 00 16 00 0B 00 02   01 00 00 00 00 0F 00 0D  ................
00A0: 00 00 0A 67 69 74 68 75   62 2E 63 6F 6D           ...github.com
[Raw read]: length = 5
0000: 15 03 01 00 02                                     .....
[Raw read]: length = 2
0000: 02 46                                              .F
AWT-EventQueue-0, READ: TLSv1 Alert, length = 2
AWT-EventQueue-0, RECV TLSv1 ALERT:  fatal, protocol_version
AWT-EventQueue-0, called closeSocket()
AWT-EventQueue-0, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version
AWT-EventQueue-0, called close()
AWT-EventQueue-0, called closeInternal(true)

由上边握手日志可知，客户端使用的是TLSv1协议，查看JDK版本是1.7，根据 Oracle文档知各版本JDK默认使用的TLS协议如下：

	JDK 8 (March 2014 to present)	JDK 7 (July 2011 to present)	JDK 6 (2006 to end of public updates 2013 )
TLS Protocols	TLSv1.2 (default) TLSv1.1 TLSv1 SSLv3	TLSv1.2 TLSv1.1 TLSv1 (default) SSLv3	TLS v1.1 ( JDK 6 update 111 and above) TLSv1 (default) SSLv3
JSSE Ciphers:	Ciphers in JDK 8	Ciphers in JDK 7	Ciphers in JDK 6
Reference:	JDK 8 JSSE	JDK 7 JSSE	JDK 6 JSSE
Java Cryptography Extension, Unlimited Strength (explained later)	JCE for JDK 8	JCE for JDK 7	JCE for JDK 6

通过火狐浏览器打开该网页，发现其使用的TLS协议是TLSv1.2：

知道了原因以后就好找解决方法了：

1：把JDK升级到1.8。由于该网站使用的是TLSv1.2协议，JDK1.8默认是该协议，故把客户端JDK升级到1.8可以解决该问题。

2：在JDK1.7客户端代码中指定使用的协议 System.setProperty("https.protocols", "TLSv1.2") 或

System.setProperty("jdk.tls.client.protocols", "TLSv1.2")。 注意，该方法有时候会莫名的失效，原因未知。

3：在VM参数中设置 -Dhttps.protocols=TLSv1.2 或 -Djdk.tls.client.protocols=TLSv1.2。 注意，该方法有时候会莫名的失效，原因未知。

4：使用第三方库了，参考http://ligaosong.iteye.com/blog/2356346

5：使用httpclient，其支持配置使用指定协议

import java .security.cert.Certificate Exception ; import java .security.cert.X509Certificate; import java x .net . ssl .X509TrustManager; public class MyX50... java x .net . ssl . SSL Exception : closing inbound before receiving peer‘s close_notify 异常解决方案记录一次线上bug修改过程。线上服务中有一个需要调用对接接口的业务，对接的接口是 https协议的，之前请求一直没有问题，最近对方反馈收不到我们的请求了，所以到线上看了下，发现了了一些错误日志： java x .net . ssl . SSL Exception : Re ceived fatal alert : pro tocol _ version at sun.security. ssl . Alert s.get SSL Exception ( Alert s. java :208) ~[na: 1.7 .0_45] ** 本地测试好的程序放到测试环境居然不好使，查阅资料发现是 SSL 问题，记录一下** SSL (Secure Sockets Layer 安全套接字协议),及其继任者传输层安全（Transport Layer Security， TLS ）是为网络通信提供安全及数据完整性的一种安全协议。 TLS 与 SSL 在传输层与应用层之间对网络连接进行加密。原因是： https的请求需要加上 ssl 的验证，但是代码里一般只用到http，即使用到https也只是换了个前缀，并没有带上 ssl 验证的过程。在 Java 1.8上，默认TL 1.问题：由于后台第三方服务器进行了变更，所以服务地址进行了切换，但是切换地址后我本地（ JDK 1.8）是可以连通的，但是上测试服务器（ JDK 1.7 ）发送报文后，第三方运维人员说没有收到请求，并且返回的错误为：Re ceived fatal alert : pro tocol _ version 2.问题检索：根据网上搜索资料发现可能是传输过程中支持的网络协议不一致导致第三方服务器拒绝访问，与第三方运维人员沟通后发现第三方新的服务平台最低支持 TLS v1 .2，这个是 JDK 1.8请求远程服务默认打开的协议，但是J com.mysql.jdbc. exception s.jdbc4.Communications Exception : Communications link failure The last packet successfully re ceived from the server was 122 milliseconds ago. The last packet sent successfully to the server was 119 milliseconds ago. 因公司对接oppoSDK登陆，需要调用oppo的接口，近期调用过程中突然爆发大批量用户登陆失败，最终定位到是http请求报错，报错信息如下： 2021-12-03 10:26:47,722 [http-bio-8080-exec-13] INFO [com.ceapon.fire.ams.utils.HttpsUtil] - Request url:https://iopen.game.oppomobile.com/sdkopen/user/fileIdInfo?fileId=272829701& 最近在做一个接口请求的时候，遇到 java x .net . ssl . SSL Handshake Exception : Re ceived fatal alert : handshake_failure这个异常，怎么也处理不了，最后发现是jar包的问题，在通过https访问的时候安全机制策略有问题，这个是 jdk 导致的， jdk 里面有一个jce的包，安全性机制导致的访问https会报错，官网上有替代的jar包，替换以后...