異常信息
javax.net.ssl.SSLException: Received fatal alert: protocol_version
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:449)
at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:434)
at org.jsoup.helper.HttpConnection.execute(HttpConnection.java:181)
at org.jsoup.helper.HttpConnection.get(HttpConnection.java:170)
異常原因
先在代碼中加入 System.setProperty("javax.net.debug", "all")或設置VM參數-Djavax.net.debug=all,以顯示https握手過程,方便調試:
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
AWT-EventQueue-0, setSoTimeout(3000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1530541852 bytes = { 25, 106, 142, 179, 195, 87, 163, 223, 105, 170, 57, 91, 102, 15, 218, 48, 52, 167, 231, 83, 190, 177, 54, 27, 232, 111, 11, 140 }
Session ID: {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: github.com]
***
[write] MD5 and SHA1 hashes: len = 168
0000: 01 00 00 A4 03 01 5B 3A 37 1C 19 6A 8E B3 C3 57 ......[:7..j...W
0010: A3 DF 69 AA 39 5B 66 0F DA 30 34 A7 E7 53 BE B1 ..i.9[f..04..S..
0020: 36 1B E8 6F 0B 8C 00 00 2A 00 33 C0 04 00 16 00 6..o....*.3.....
0030: 05 C0 03 C0 11 C0 02 C0 07 C0 13 C0 08 C0 0C 00 ................
0040: FF C0 0D C0 0E C0 09 00 2F C0 12 00 04 00 32 00 ......../.....2.
0050: 13 00 0A 01 00 00 51 00 0A 00 34 00 32 00 17 00 ......Q...4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
0090: 0B 00 02 01 00 00 00 00 0F 00 0D 00 00 0A 67 69 ..............gi
00A0: 74 68 75 62 2E 63 6F 6D thub.com
AWT-EventQueue-0, WRITE: TLSv1 Handshake, length = 168
[Raw write]: length = 173
0000: 16 03 01 00 A8 01 00 00 A4 03 01 5B 3A 37 1C 19 ...........[:7..
0010: 6A 8E B3 C3 57 A3 DF 69 AA 39 5B 66 0F DA 30 34 j...W..i.9[f..04
0020: A7 E7 53 BE B1 36 1B E8 6F 0B 8C 00 00 2A 00 33 ..S..6..o....*.3
0030: C0 04 00 16 00 05 C0 03 C0 11 C0 02 C0 07 C0 13 ................
0040: C0 08 C0 0C 00 FF C0 0D C0 0E C0 09 00 2F C0 12 ............./..
0050: 00 04 00 32 00 13 00 0A 01 00 00 51 00 0A 00 34 ...2.......Q...4
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................
0090: 00 08 00 16 00 0B 00 02 01 00 00 00 00 0F 00 0D ................
00A0: 00 00 0A 67 69 74 68 75 62 2E 63 6F 6D ...github.com
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 46 .F
AWT-EventQueue-0, READ: TLSv1 Alert, length = 2
AWT-EventQueue-0, RECV TLSv1 ALERT: fatal, protocol_version
AWT-EventQueue-0, called closeSocket()
AWT-EventQueue-0, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version
AWT-EventQueue-0, called close()
AWT-EventQueue-0, called closeInternal(true)
由上邊握手日誌可知,客戶端使用的是TLSv1協議,查看JDK版本是1.7,根據Oracle文檔知各版本JDK默認使用的TLS協議如下:
通過火狐瀏覽器打開該網頁,發現其使用的TLS協議是TLSv1.2:
解決辦法
知道了原因以後就好找解決方法了:
1:把JDK升級到1.8。由於該網站使用的是TLSv1.2協議,JDK1.8默認是該協議,故把客戶端JDK升級到1.8可以解決該問題。
2:在JDK1.7客戶端代碼中指定使用的協議System.setProperty("https.protocols", "TLSv1.2")或
System.setProperty("jdk.tls.client.protocols", "TLSv1.2")。注意,該方法有時候會莫名的失效,原因未知。
3:在VM參數中設置-Dhttps.protocols=TLSv1.2或-Djdk.tls.client.protocols=TLSv1.2。注意,該方法有時候會莫名的失效,原因未知。
4:使用第三方庫了,參考http://ligaosong.iteye.com/blog/2356346
5:使用httpclient,其支持配置使用指定協議
