SSLHandshakeException: handshake_failure, READ: TLSv1 Alert RECV, TLSv1.2 ALERT handshake_failure - PullRequest
Новая
       10

SSLHandshakeException: handshake_failure, READ: TLSv1 Alert RECV, TLSv1.2 ALERT handshake_failure

0 голосов
/ 13 февраля 2020

Это можно рассматривать как дубликат вопроса. Я использую jdk1.8.171 на моем компьютере разработчика и jdk1.8.25 на моем сценическом сервере, версия httpclient apache httpcomponents 4.0. 

<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpclient</artifactId>
    <version>4.0</version>
</dependency>

my https init settings:

private void initSettings (String TLS){
        DefaultHttpClient httpclient = new DefaultHttpClient(httpParams);
        int CONNECTION_TIMEOUT = 20000;
        HttpParams httpParams = new BasicHttpParams();
        HttpConnectionParams.setConnectionTimeout(httpParams, CONNECTION_TIMEOUT);
        HttpConnectionParams.setSoTimeout(httpParams, CONNECTION_TIMEOUT);
        httpParams.setParameter(ClientPNames.COOKIE_POLICY, CookiePolicy.BROWSER_COMPATIBILITY);
        try{
            X509TrustManager tm = new X509TrustManager() {

                public void checkClientTrusted(X509Certificate[] arg0, String arg1)
                        throws CertificateException {
                }

                public void checkServerTrusted(X509Certificate[] arg0, String arg1)
                        throws CertificateException {
                }

                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };

            X509HostnameVerifier verifier = new X509HostnameVerifier(){

                public void verify(String arg0, SSLSocket arg1) throws IOException {

                }

                public void verify(String arg0, X509Certificate arg1)
                        throws SSLException {

                }

                public void verify(String arg0, String[] arg1, String[] arg2)
                        throws SSLException {

                }

                public boolean verify(String arg0, SSLSession arg1) {
                    return true;
                }

            };

            TLS = StringUtils.isBlank(TLS) ? "TLS" : TLS;
            SSLContext ctx = SSLContext.getInstance(TLS);
            ctx.init(null, new TrustManager[]{tm}, null);
            SSLSocketFactory ssf = new SSLSocketFactory(ctx);
            ssf.setHostnameVerifier(verifier);
            ClientConnectionManager ccm = httpclient.getConnectionManager();
            SchemeRegistry sr = ccm.getSchemeRegistry();
            Scheme https = new Scheme("https", ssf, 443);
            sr.register(https);

            httpclient = new DefaultHttpClient(ccm, httpclient.getParams());
        }catch(Exception e){
            e.printStackTrace();
            httpclient = new DefaultHttpClient(httpParams);
        }
    }

, когда я отправляю запрос https третьему Служба, будет другой результат, затем добавьте -Djavax. net .debug = all к параметрам vm, журнал ssl показывает: 

my computer log:

trigger seeding of SecureRandom
done seeding SecureRandom
trustStore is: C:\Program Files\Java\jdk1.8.0_171\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0xc3517
  Valid from Mon Jun 21 12:00:00 CST 1999 until Mon Jun 22 12:00:00 CST 2020

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Algorithm: EC; Serial number: 0xa68b79290000000050d091f9
  Valid from Tue Dec 18 23:25:36 CST 2012 until Fri Dec 18 23:55:36 CST 2037

adding as trusted cert:(too many)
...

keyStore is : 
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-nio-8081-exec-1, setSoTimeout(20000) called
http-nio-8081-exec-1, setSoTimeout(20000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1581507484 bytes = { 42, 76, 141, 191, 3, 84, 100, 32, 175, 8, 30, 43, 140, 213, 233, 153, 36, 158, 235, 41, 254, 156, 54, 93, 104, 151, 56, 105 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=paapistg.oreo88.com]
***
[write] MD5 and SHA1 hashes:  len = 221
0000: 01 00 00 D9 03 03 5E 44   E4 9C 2A 4C 8D BF 03 54  ......^D..*L...T
0010: 64 20 AF 08 1E 2B 8C D5   E9 99 24 9E EB 29 FE 9C  d ...+....$..)..
0020: 36 5D 68 97 38 69 00 00   56 C0 24 C0 28 00 3D C0  6]h.8i..V.$.(.=.
0030: 26 C0 2A 00 6B 00 6A C0   0A C0 14 00 35 C0 05 C0  &.*.k.j.....5...
0040: 0F 00 39 00 38 C0 23 C0   27 00 3C C0 25 C0 29 00  ..9.8.#.'.<.%.).
0050: 67 00 40 C0 09 C0 13 00   2F C0 04 C0 0E 00 33 00  g.@...../.....3.
0060: 32 C0 2C C0 2B C0 30 00   9D C0 2E C0 32 00 9F 00  2.,.+.0.....2...
0070: A3 C0 2F 00 9C C0 2D C0   31 00 9E 00 A2 00 FF 01  ../...-.1.......
0080: 00 00 5A 00 0A 00 16 00   14 00 17 00 18 00 19 00  ..Z.............
0090: 09 00 0A 00 0B 00 0C 00   0D 00 0E 00 16 00 0B 00  ................
00A0: 02 01 00 00 0D 00 16 00   14 06 03 06 01 05 03 05  ................
00B0: 01 04 03 04 01 04 02 02   03 02 01 02 02 00 17 00  ................
00C0: 00 00 00 00 18 00 16 00   00 13 70 61 61 70 69 73  ..........paapis
00D0: 74 67 2E 6F 72 65 6F 38   38 2E 63 6F 6D           tg.oreo88.com
http-nio-8081-exec-1, WRITE: TLSv1.2 Handshake, length = 221
[Raw write]: length = 226
0000: 16 03 03 00 DD 01 00 00   D9 03 03 5E 44 E4 9C 2A  ...........^D..*
0010: 4C 8D BF 03 54 64 20 AF   08 1E 2B 8C D5 E9 99 24  L...Td ...+....$
0020: 9E EB 29 FE 9C 36 5D 68   97 38 69 00 00 56 C0 24  ..)..6]h.8i..V.$
0030: C0 28 00 3D C0 26 C0 2A   00 6B 00 6A C0 0A C0 14  .(.=.&.*.k.j....
0040: 00 35 C0 05 C0 0F 00 39   00 38 C0 23 C0 27 00 3C  .5.....9.8.#.'.<
0050: C0 25 C0 29 00 67 00 40   C0 09 C0 13 00 2F C0 04  .%.).g.@...../..
0060: C0 0E 00 33 00 32 C0 2C   C0 2B C0 30 00 9D C0 2E  ...3.2.,.+.0....
0070: C0 32 00 9F 00 A3 C0 2F   00 9C C0 2D C0 31 00 9E  .2...../...-.1..
0080: 00 A2 00 FF 01 00 00 5A   00 0A 00 16 00 14 00 17  .......Z........
0090: 00 18 00 19 00 09 00 0A   00 0B 00 0C 00 0D 00 0E  ................
00A0: 00 16 00 0B 00 02 01 00   00 0D 00 16 00 14 06 03  ................
00B0: 06 01 05 03 05 01 04 03   04 01 04 02 02 03 02 01  ................
00C0: 02 02 00 17 00 00 00 00   00 18 00 16 00 00 13 70  ...............p
00D0: 61 61 70 69 73 74 67 2E   6F 72 65 6F 38 38 2E 63  aapistg.oreo88.c
00E0: 6F 6D                                              om
[Raw read]: length = 5
0000: 16 03 03 09 B3                                     .....
[Raw read]: length = 2483
......
http-nio-8081-exec-1, READ: TLSv1.2 Handshake, length = 2483
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1581507485 bytes = { 136, 24, 218, 233, 230, 112, 97, 181, 65, 194, 17, 30, 132, 219, 32, 102, 180, 228, 47, 125, 181, 217, 88, 165, 8, 93, 170, 134 }
Session ID:  {19, 82, 86, 172, 54, 9, 135, 213, 212, 103, 53, 88, 231, 74, 186, 85, 98, 61, 226, 198, 228, 252, 66, 251, 45, 153, 7, 29, 27, 209, 111, 243}
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension extended_master_secret

...

stage server log:

trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
catalina-exec-13, setSoTimeout(20000) called
catalina-exec-13, setSoTimeout(20000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1581422566 bytes = { 206, 165, 218, 126, 230, 6, 51, 178, 158, 242, 217, 224, 110, 182, 75, 5, 149, 207, 72, 125, 174, 192, 181, 5, 243, 231, 196, 54 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
***
[write] MD5 and SHA1 hashes:  len = 249
0000: 01 00 00 F5 03 03 5E 43   98 E6 CE A5 DA 7E E6 06  ......^C........
0010: 33 B2 9E F2 D9 E0 6E B6   4B 05 95 CF 48 7D AE C0  3.....n.K...H...
0020: B5 05 F3 E7 C4 36 00 00   70 C0 24 C0 28 00 3D C0  .....6..p.$.(.=.
0030: 26 C0 2A 00 6B 00 6A C0   0A C0 14 00 35 C0 05 C0  &.*.k.j.....5...
0040: 0F 00 39 00 38 C0 23 C0   27 00 3C C0 25 C0 29 00  ..9.8.#.'.<.%.).
0050: 67 00 40 C0 09 C0 13 00   2F C0 04 C0 0E 00 33 00  g.@...../.....3.
0060: 32 C0 2C C0 2B C0 30 00   9D C0 2E C0 32 00 9F 00  2.,.+.0.....2...
0070: A3 C0 2F 00 9C C0 2D C0   31 00 9E 00 A2 C0 08 C0  ../...-.1.......
0080: 12 00 0A C0 03 C0 0D 00   16 00 13 C0 07 C0 11 00  ................
0090: 05 C0 02 C0 0C 00 04 00   FF 01 00 00 5C 00 0A 00  ............\...
00A0: 34 00 32 00 17 00 01 00   03 00 13 00 15 00 06 00  4.2.............
00B0: 07 00 09 00 0A 00 18 00   0B 00 0C 00 19 00 0D 00  ................
00C0: 0E 00 0F 00 10 00 11 00   02 00 12 00 04 00 05 00  ................
00D0: 14 00 08 00 16 00 0B 00   02 01 00 00 0D 00 1A 00  ................
00E0: 18 06 03 06 01 05 03 05   01 04 03 04 01 03 03 03  ................
00F0: 01 02 03 02 01 02 02 01   01                       .........
catalina-exec-13, WRITE: TLSv1.2 Handshake, length = 249
[Raw write]: length = 254
0000: 16 03 03 00 F9 01 00 00   F5 03 03 5E 43 98 E6 CE  ...........^C...
0010: A5 DA 7E E6 06 33 B2 9E   F2 D9 E0 6E B6 4B 05 95  .....3.....n.K..
0020: CF 48 7D AE C0 B5 05 F3   E7 C4 36 00 00 70 C0 24  .H........6..p.$
0030: C0 28 00 3D C0 26 C0 2A   00 6B 00 6A C0 0A C0 14  .(.=.&.*.k.j....
0040: 00 35 C0 05 C0 0F 00 39   00 38 C0 23 C0 27 00 3C  .5.....9.8.#.'.<
0050: C0 25 C0 29 00 67 00 40   C0 09 C0 13 00 2F C0 04  .%.).g.@...../..
0060: C0 0E 00 33 00 32 C0 2C   C0 2B C0 30 00 9D C0 2E  ...3.2.,.+.0....
0070: C0 32 00 9F 00 A3 C0 2F   00 9C C0 2D C0 31 00 9E  .2...../...-.1..
0080: 00 A2 C0 08 C0 12 00 0A   C0 03 C0 0D 00 16 00 13  ................
0090: C0 07 C0 11 00 05 C0 02   C0 0C 00 04 00 FF 01 00  ................
00A0: 00 5C 00 0A 00 34 00 32   00 17 00 01 00 03 00 13  .\...4.2........
00B0: 00 15 00 06 00 07 00 09   00 0A 00 18 00 0B 00 0C  ................
00C0: 00 19 00 0D 00 0E 00 0F   00 10 00 11 00 02 00 12  ................
00D0: 00 04 00 05 00 14 00 08   00 16 00 0B 00 02 01 00  ................
00E0: 00 0D 00 1A 00 18 06 03   06 01 05 03 05 01 04 03  ................
00F0: 04 01 03 03 03 01 02 03   02 01 02 02 01 01        ..............
[Raw read]: length = 5
0000: 15 03 01 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
catalina-exec-13, READ: TLSv1 Alert, length = 2
catalina-exec-13, RECV TLSv1.2 ALERT:  fatal, handshake_failure
catalina-exec-13, called closeSocket()
catalina-exec-13, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

по многим причинам, его трудно мне изменить этап сервера JDK версии. Хотите узнать, как это сделать, я могу запросить третью услугу при успешной организации сервера.

...