您的位置: 首页  >  技术问答  >  如何使用不发送证书的Java连接到SSL服务器?

如何使用不发送证书的Java连接到SSL服务器?

分类: 技术问答 2022-04-17 16:44:24
问题描述:

我遇到以下情况,其中Open SSL服务器在没有证书的情况下运行: openssl s_server -accept 4443 -nocert

I have a situation where an Open SSL server is running without a certificate as follows : openssl s_server -accept 4443 -nocert

如何使用Java连接到该服务器?另外,如何使用Java启动服务器以不接受证书?

How do I connect to this server using Java? Also, how do I start my server in Java to accept no certificate?

我已经附加了我一直在使用的Client.java和Server.java的代码.

I have attached the code for Client.java and Server.java that I have been using.

在客户端运行附加代码时出错:

Error while running the attached code on the client side:

   javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
    at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
    at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
    at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
    at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
    at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
    at Client.main(Client.java:27)

服务器端错误:

ERROR
140387701290656:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1358:
shutting down SSL
CONNECTION CLOSED
ACCEPT

Client.java

Client.java

public class Client {
public static void main(String[] arstring) {
    try {
        SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("localhost", 4443);            
        //sslsocket.setEnabledCipherSuites(sslsocket.getSupportedCipherSuites());
        sslsocket.setEnabledCipherSuites(new String[] { "TLS_DH_anon_WITH_AES_128_CBC_SHA" }); //Added upon suggestion from Steffan

        boolean test = sslsocket.isConnected();
        System.out.println(test);
        InputStream inputstream = sslsocket.getInputStream();
        InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
        BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
        System.out.println("1");
        OutputStream outputstream = sslsocket.getOutputStream();
        System.out.println("2");
        OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream,"UTF-8");
        String str = "hello\n";
        outputstreamwriter.write(str,0,str.length());
        //outputstreamwriter.flush();
        BufferedWriter bufferedwriter = new BufferedWriter(outputstreamwriter);

        String string = null;
        int count = 0;
        string = bufferedreader.readLine();
        while (true) {
            System.out.println(string);                
            System.out.flush();
            System.out.println(++count);
            string = bufferedreader.readLine();
            if (inputstream.available()==0)
                break;
            else{
                System.out.print("StreamData:");
                System.out.println(inputstream.available());
            }


        }
        System.out.println("Out");
    } catch (Exception exception) {
        exception.printStackTrace();
    }
}
}

Server.java

Server.java

public class Server {
public static  void main(String[] arstring) {
    try {
        SSLServerSocketFactory sslServersocketFactory =
                (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
        SSLServerSocket sslServerSocket =
                (SSLServerSocket) sslServersocketFactory.createServerSocket(4443);
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
        sslSocket.setEnabledCipherSuites(sslSocket.getSupportedCipherSuites());

        if (sslSocket.isConnected())
            System.out.println("Connected to a client");

        InputStream inputStream = sslSocket.getInputStream();
        InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
        BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
        String command = "";
        String response = "";

        while ((command = bufferedReader.readLine()) != null) {

                System.out.println("Command Recieved: "+command);

                if (command.toLowerCase().compareTo("hello")==0)
                    response = "Bingo !! You got it write!\n";
                else
                    response = "Type Hello to see a response\n";


                OutputStream outputStream = sslSocket.getOutputStream();
                OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream,"UTF-8");
                outputStreamWriter.write(response, 0, response.length());
                outputStreamWriter.flush();
        }
    } catch (Exception exception) {
        exception.printStackTrace();
    }
}

}

我认为我需要使用匿名DH密码,但仍然无法正常工作.可能是我做错了.该代码也已被编辑.

I think I need to use the anonymous DH Cipher but it's still not working. May be I am doing it wrong. The code has been edited too.

如何使用不发送证书的Java连接到SSL服务器?

How to connect to an SSL Server in Java that doesn't send a certificate?

如果未发送证书,则可能使用(1)预共享密钥密码套件之一,例如TLS-SRP或TLS-PSK,或(2)使用匿名Diffie-Hellman.

If its not sending a certificate, then its probably using (1) one of the preshared keys cipher suites, like TLS-SRP or TLS-PSK, or (2) its using Anonymous Diffie-Hellman.

通常使用预共享密钥密码套件,因为它们提供了相互身份验证和通道绑定.

The preshared key cipher suites are usually choices because they provide mutual authentication and channel binding.

匿名Diffie-Hellman通常是一个糟糕的选择,因为它缺乏服务器身份验证.

Anonymous Diffie-Hellman is usually a bad choice because it lacks server authentication.

我遇到的情况是,Open SSL服务器在没有证书的情况下运行,如下所示:openssl s_server -accept 4443 -nocert

I have a situation where an Open SSL server is running without a certificate as follows : openssl s_server -accept 4443 -nocert

好吧,那里有.

如何使用Java连接到该服务器?另外,如何使用Java启动服务器以不接受证书?

How do I connect to this server using Java? Also, how do I start my server in Java to accept no certificate?

使用包含匿名交换的密码套件,例如:

Use a cipher suite that includes an anonymous exchange, like:

  • ADH-DES-CBC3-SHA
  • ADH-AES128-SHA
  • ADH-AES256-SHA
  • ADH-CAMELLIA128-SHA
  • ADH-CAMELLIA256-SHA
  • ADH-SEED-SHA
  • ADH-AES128-SHA256
  • ADH-AES256-SHA256
  • ADH-AES128-GCM-SHA256
  • ADH-AES256-GCM-SHA384
  • ADH-DES-CBC3-SHA
  • ADH-AES128-SHA
  • ADH-AES256-SHA
  • ADH-CAMELLIA128-SHA
  • ADH-CAMELLIA256-SHA
  • ADH-SEED-SHA
  • ADH-AES128-SHA256
  • ADH-AES256-SHA256
  • ADH-AES128-GCM-SHA256
  • ADH-AES256-GCM-SHA384

您可以在 openssl密码手册页.

您可以尝试以下命令:

openssl s_server -accept 4443 -tls1 -nocert -cipher "HIGH"

通过启用TLS1,您可以避免任何可能的问题,其中一方或另一方禁用SSLv2和SSLv3(这是一件好事),而您仅提供SSLv3(这是一件坏事).

By enabling TLS1, you side step any potential issues where one side or the other disables SSLv2 and SSLv3 (which is a good thing), but you only provide SSLv3 (which is a bad thing).

密码套件列表字符串"HIGH"默认包含ADH(在生产中,通常是"HIGH:!ADH:!RC4:!MD5...").

The cipher suite list string "HIGH" includes ADH by default (in production, usually you do "HIGH:!ADH:!RC4:!MD5...").

相关推荐