文章/答案/技术大牛

发布

社区首页 >问答首页 >Java11.0.11 SSL握手失败，异常“无通用命名组”

问Java11.0.11 SSL握手失败，异常“无通用命名组”
EN

Stack Overflow用户

提问于 2021-07-14 15:01:22

回答 1查看 1.6K关注 0票数 1

我们在Java 11中开发了一个服务器应用程序，它接受来自客户端的传入HTTPS连接。直到/包括Java11.0.10 (AdoptOpenJDK)，一切都很好。

在升级到Java11.0.11之后，我们遇到了连接握手问题(javax.net.ssl.SSLProtocolException:没有常见的命名组)与Chrome客户端的连接。Firefox客户端没有问题。

启用SSL日志(-Djavax.net.debug=ssl:handshake)之后，我们可以看到两个版本之间的区别：

11.0.11：

Ignore unsupported named group: UNDEFINED-NAMED-GROUP(31354)  
Ignore unsupported named group: x25519  
Consumed extension: key_share

11.0.10：

Ignore unsupported named group: UNDEFINED-NAMED-GROUP(6682)  
Consumed extension: key_share

新的Java版本似乎忽略了对x25519的请求。

这两个Java运行时都没有从AdoptOpenJDK下载。

下面是一些更详细的日志：

Chrome for Java 11.0.11失败：

javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.387 CEST|null:-1|Ignore unknown or unsupported extension (
"unknown extension (64,250)": {

}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.387 CEST|null:-1|Ignore unknown or unsupported extension (
"session_ticket (35)": {

}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.387 CEST|null:-1|Ignore unknown or unsupported extension (
"signed_certificate_timestamp (18)": {

}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.387 CEST|null:-1|Ignore unknown or unsupported extension (
"unknown extension (27)": {
  0000: 02 00 02                                           ...
}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.387 CEST|null:-1|Ignore unknown or unsupported extension (
"unknown extension (17,513)": {
  0000: 00 03 02 68 32                                     ...h2
}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.387 CEST|null:-1|Ignore unknown or unsupported extension (
"unknown extension (60,138)": {
  0000: 00                                                 .
}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.387 CEST|null:-1|Ignore unknown or unsupported extension (
"client_certificate_type (21)": {
  0000: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0010: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0020: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0030: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0040: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0050: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0060: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0070: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0080: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0090: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  00A0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  00B0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00        ..............
}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.399 CEST|null:-1|Consuming ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "E0 14 47 3E 55 DE 2D 30 FF 5C CE E1 D1 27 3D 4B F4 CB 42 EE 3E 22 14 C7 BE 16 1A FA BF 35 EE DD",
  "session id"          : "D7 59 27 6A 00 46 84 3A AB 32 FD 30 79 AD C4 DE 11 55 52 D5 07 1F 66 B0 7D 7E 80 A6 6F 95 2D 2B",
  "cipher suites"       : "[UNKNOWN-CIPHER-SUITE(0x2A2A)(0x2A2A), TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), UNKNOWN-CIPHER-SUITE(0xCCA9)(0xCCA9), UNKNOWN-CIPHER-SUITE(0xCCA8)(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035)]",
  "compression methods" : "00",
  "extensions"          : [
    "unknown extension (64,250)": {

    },
    "server_name (0)": {
      type=host_name (0), value=local.3dmapping.cloud
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    },
    "supported_groups (10)": {
      "versions": [UNDEFINED-NAMED-GROUP(31354), x25519, secp256r1, secp384r1]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "session_ticket (35)": {

    },
    "application_layer_protocol_negotiation (16)": {
      [h2, http/1.1]
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512]
    },
    "signed_certificate_timestamp (18)": {

    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": UNDEFINED-NAMED-GROUP(31354)
          "key_exchange": {
            0000: 00
          }
        },
        {
          "named group": x25519
          "key_exchange": {
            0000: AA F1 CE 3D 91 DD 66 C1   50 6F 5F B6 21 B3 EC 15  ...=..f.Po_.!...
            0010: A9 56 23 C7 3C 33 22 7B   EC 6C 3F 0C 37 C4 B6 45  .V#.<3"..l?.7..E
          }
        },
      ]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "supported_versions (43)": {
      "versions": [(D)TLS-10.10, TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
    },
    "unknown extension (27)": {
      0000: 02 00 02                                           ...
    },
    "unknown extension (17,513)": {
      0000: 00 03 02 68 32                                     ...h2
    },
    "unknown extension (60,138)": {
      0000: 00                                                 .
    },
    "client_certificate_type (21)": {
      0000: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0010: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0020: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0030: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0040: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0050: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0060: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0070: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0080: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0090: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      00A0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      00B0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00        ..............
    }
  ]
}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.400 CEST|null:-1|Consumed extension: supported_versions
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.401 CEST|null:-1|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.402 CEST|null:-1|Consumed extension: psk_key_exchange_modes
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.403 CEST|null:-1|Handling pre_shared_key absence.
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.404 CEST|null:-1|no server name matchers, ignore server name indication
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.404 CEST|null:-1|Consumed extension: server_name
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.406 CEST|null:-1|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.407 CEST|null:-1|Consumed extension: status_request
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.407 CEST|null:-1|Consumed extension: supported_groups
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.408 CEST|null:-1|Ignore unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.409 CEST|null:-1|Consumed extension: signature_algorithms
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.410 CEST|null:-1|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.417 CEST|null:-1|Ignore server unenabled extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.417 CEST|null:-1|Consumed extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.418 CEST|null:-1|Ignore unsupported extension: status_request_v2
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.419 CEST|null:-1|Ignore unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.419 CEST|null:-1|Ignore unavailable extension: cookie
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.420 CEST|null:-1|Ignore unsupported named group: UNDEFINED-NAMED-GROUP(31354)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.421 CEST|null:-1|Ignore unsupported named group: x25519
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.422 CEST|null:-1|Consumed extension: key_share
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.422 CEST|null:-1|Ignore unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:00:46.423 CEST|null:-1|use cipher suite TLS_AES_128_GCM_SHA256
javax.net.ssl|ERROR|19|PortServer:Http1111|2021-07-14 10:00:46.426 CEST|null:-1|Fatal (UNEXPECTED_MESSAGE): No common named group (
"throwable" : {
  javax.net.ssl.SSLProtocolException: No common named group
        at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
        at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.KeyShareExtension$HRRKeyShareProducer.produce(Unknown Source)
        at java.base/sun.security.ssl.SSLExtension.produce(Unknown Source)
        at java.base/sun.security.ssl.SSLExtensions.produce(Unknown Source)
        at java.base/sun.security.ssl.ServerHello$T13HelloRetryRequestProducer.produce(Unknown Source)
        at java.base/sun.security.ssl.SSLHandshake.produce(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goHelloRetryRequest(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown Source)
        at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source)
        at core.toolx/com.orbitgis.toolx.network.server.server2.SSLSocketChannel.a(SourceFile:1505)
        at core.toolx/com.orbitgis.toolx.network.server.server2.SSLSocketChannel.read(SourceFile:653)
        at core.toolx/com.orbitgis.toolx.network.server.server2.PortServer2.e(SourceFile:502)
        at core.toolx/com.orbitgis.toolx.network.server.server2.PortServer2.run(SourceFile:951)
        at java.base/java.lang.Thread.run(Unknown Source)}
)

Chrome for Java 11.0.10的成功：

javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.904 CEST|null:-1|Ignore unknown or unsupported extension (
"unknown extension (31,354)": {

}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.904 CEST|null:-1|Ignore unknown or unsupported extension (
"session_ticket (35)": {

}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.905 CEST|null:-1|Ignore unknown or unsupported extension (
"signed_certificate_timestamp (18)": {

}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.906 CEST|null:-1|Ignore unknown or unsupported extension (
"unknown extension (27)": {
  0000: 02 00 02                                           ...
}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.907 CEST|null:-1|Ignore unknown or unsupported extension (
"unknown extension (17,513)": {
  0000: 00 03 02 68 32                                     ...h2
}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.907 CEST|null:-1|Ignore unknown or unsupported extension (
"unknown extension (10,794)": {
  0000: 00                                                 .
}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.908 CEST|null:-1|Ignore unknown or unsupported extension (
"client_certificate_type (21)": {
  0000: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0010: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0020: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0030: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0040: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0050: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0060: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0070: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0080: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0090: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  00A0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  00B0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00        ..............
}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.916 CEST|null:-1|Consuming ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "F0 2C 2D B7 E0 B2 5C 59 20 66 E7 61 53 6A F5 3F AC FB 8B 14 22 51 D2 8E 7D 1D 52 17 A4 C1 33 E3",
  "session id"          : "12 91 36 9A BD 16 00 CA 84 5D 3D 40 61 5C A1 1F 65 2C DD 91 96 D5 E8 B8 21 09 31 76 DC B2 11 CB",
  "cipher suites"       : "[UNKNOWN-CIPHER-SUITE(0xCACA)(0xCACA), TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), UNKNOWN-CIPHER-SUITE(0xCCA9)(0xCCA9), UNKNOWN-CIPHER-SUITE(0xCCA8)(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035)]",
  "compression methods" : "00",
  "extensions"          : [
    "unknown extension (31,354)": {

    },
    "server_name (0)": {
      type=host_name (0), value=local.3dmapping.cloud
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    },
    "supported_groups (10)": {
      "versions": [UNDEFINED-NAMED-GROUP(6682), x25519, secp256r1, secp384r1]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "session_ticket (35)": {

    },
    "application_layer_protocol_negotiation (16)": {
      [h2, http/1.1]
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512]
    },
    "signed_certificate_timestamp (18)": {

    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": UNDEFINED-NAMED-GROUP(6682)
          "key_exchange": {
            0000: 00
          }
        },
        {
          "named group": x25519
          "key_exchange": {
            0000: D8 DB B4 6D 69 D4 44 C2   21 7C 59 8C 3F EB 18 20  ...mi.D.!.Y.?..
            0010: B5 13 73 41 2C 57 18 2E   1C DB 03 64 50 57 0B 6B  ..sA,W.....dPW.k
          }
        },
      ]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "supported_versions (43)": {
      "versions": [(D)TLS--6.-6, TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
    },
    "unknown extension (27)": {
      0000: 02 00 02                                           ...
    },
    "unknown extension (17,513)": {
      0000: 00 03 02 68 32                                     ...h2
    },
    "unknown extension (10,794)": {
      0000: 00                                                 .
    },
    "client_certificate_type (21)": {
      0000: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0010: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0020: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0030: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0040: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0050: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0060: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0070: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0080: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0090: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      00A0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      00B0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00        ..............
    }
  ]
}
)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.917 CEST|null:-1|Consumed extension: supported_versions
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Consumed extension: psk_key_exchange_modes
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Handling pre_shared_key absence.
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|no server name matchers, ignore server name indication
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Consumed extension: server_name
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Consumed extension: status_request
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Consumed extension: supported_groups
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Ignore unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Consumed extension: signature_algorithms
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Ignore server unenabled extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Consumed extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Ignore unsupported extension: status_request_v2
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Ignore unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Ignore unavailable extension: cookie
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Ignore unsupported named group: UNDEFINED-NAMED-GROUP(6682)
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Consumed extension: key_share
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.918 CEST|null:-1|Ignore unsupported extension: renegotiation_info
javax.net.ssl|WARNING|19|PortServer:Http1111|2021-07-14 10:22:25.935 CEST|null:-1|Ignore impact of unsupported extension: server_name
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.938 CEST|null:-1|Ignore unavailable extension: max_fragment_length
javax.net.ssl|WARNING|19|PortServer:Http1111|2021-07-14 10:22:25.939 CEST|null:-1|Ignore impact of unsupported extension: status_request
javax.net.ssl|WARNING|19|PortServer:Http1111|2021-07-14 10:22:25.939 CEST|null:-1|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.942 CEST|null:-1|Populated with extension: signature_algorithms
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.942 CEST|null:-1|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|WARNING|19|PortServer:Http1111|2021-07-14 10:22:25.943 CEST|null:-1|Ignore impact of unsupported extension: application_layer_protocol_negotiation
javax.net.ssl|WARNING|19|PortServer:Http1111|2021-07-14 10:22:25.944 CEST|null:-1|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.944 CEST|null:-1|Ignore unavailable extension: cookie
javax.net.ssl|WARNING|19|PortServer:Http1111|2021-07-14 10:22:25.945 CEST|null:-1|Ignore impact of unsupported extension: psk_key_exchange_modes
javax.net.ssl|WARNING|19|PortServer:Http1111|2021-07-14 10:22:25.946 CEST|null:-1|Ignore impact of unsupported extension: key_share
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.947 CEST|null:-1|use cipher suite TLS_AES_128_GCM_SHA256
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.949 CEST|null:-1|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|19|PortServer:Http1111|2021-07-14 10:22:25.950 CEST|null:-1|Produced ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "59 39 C8 98 37 AF C6 72 50 DF 02 74 43 DF 4C 29 F6 65 CE 97 66 79 E2 69 6F 8C B1 E4 1B B6 65 54",
  "session id"          : "12 91 36 9A BD 16 00 CA 84 5D 3D 40 61 5C A1 1F 65 2C DD 91 96 D5 E8 B8 21 09 31 76 DC B2 11 CB",
  "cipher suite"        : "TLS_AES_128_GCM_SHA256(0x1301)",
  "compression methods" : "00",
  "extensions"          : [
    "supported_versions (43)": {
      "selected version": [TLSv1.3]
    },
    "key_share (51)": {
      "server_share": {
        "named group": x25519
        "key_exchange": {
          0000: 3A 89 E5 8E E2 1E 7D 48   E2 FE 44 92 BD 03 EE BA  :......H..D.....
          0010: 27 08 8E 06 06 86 D8 7D   8E 74 D3 BF A7 55 5D 03  '........t...U].
        }
      },
    }
  ]
}
)

Java11.0.11似乎已经放弃了对TLSv1和TLSv1.1的支持，但我不确定这是否相关。启用这些并不能解决问题。

知道为什么不再支持x25519了吗？或者如何启用它？

handshake

java

ssl

回答 1

Stack Overflow用户

回答已采纳

发布于 2021-07-15 14:12:08

造成此问题的原因是模块路径中的单个jar文件。jar本身与网络、加密或安全无关，它是为了改变UI外观和感觉。这个罐子是7年前签署的，以前没有引起过任何问题。用未签名的副本替换此jar解决了所有问题，并使Java 11.0.11再次完全运行，提供了安全提供者的预期列表(13而不是4)。

为什么这个问题只发生在Java11.0.11上仍然是个谜。我没有看到来自Java类加载器的任何错误消息。

票数 1

页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://stackoverflow.com/questions/68380510

复制

相似问题

问Java11.0.11 SSL握手失败，异常“无通用命名组”
EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问Java11.0.11 SSL握手失败，异常“无通用命名组”EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问Java11.0.11 SSL握手失败，异常“无通用命名组”
EN