NutzCN Logo
问答 Linux环境中https请求失败
发布于 3292天前 作者 elkan1788 3813 次浏览 复制 上一个帖子 下一个帖子
标签: https

今天用Request创建一个post API请求, 然后在本地测试是OK的, 但布署到正式环境就报了下面的异常:


Exception in thread "main" org.nutz.http.HttpException: url=https://xxxxxxxxxxxx at org.nutz.http.sender.PostSender.send(PostSender.java:38) at com.touyun.crontabjob.hdmilk.util.SyncDataFromPlatform.getData(SyncDataFromPlatform.java:90) at com.touyun.crontabjob.hdmilk.util.SyncDataFromPlatform.loadBabyInfo(SyncDataFromPlatform.java:51) at com.touyun.crontabjob.hdmilk.MainSetup.main(MainSetup.java:28) Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:86) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:880) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:344) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:936) at sun.security.ssl.Handshaker.process_record(Handshaker.java:871) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1281) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1256) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) at org.nutz.http.sender.PostSender.send(PostSender.java:29) ... 3 more Caused by: java.security.NoSuchAlgorithmException: SunTls12RsaPremasterSecret KeyGenerator not available at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:158) at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:207) at sun.security.ssl.JsseJce.getKeyGenerator(JsseJce.java:272) at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:77) ... 17 more

初步认定是验证证书的问题, 为此增加了下面的代码, 关闭检验:

Http.disableJvmHttpsCheck();

但最终的结果还是报同样的错误, 求指教. 源代码如下:


String getData(String url, boolean isNew, String lastMD) { Map<String, String> headers = new HashMap<String, String>(); headers.put("AuthInfo", "sao.so"); headers.put("Content-Type", "application/json"); String result = ""; String body = "{\"isNew\":" + isNew + ",\"lastMD\":\"" + lastMD + "\"}"; try { Http.disableJvmHttpsCheck(); Request req = Request.create(url, METHOD.POST); req.setEnc("UTF-8"); req.setData(body); req.setHeader(Header.create(headers)); Response resp = Sender.create(req, 5 * 1000).send(); if (resp.isOK()) { String content = resp.getContent(); return content; } return result; } catch (HttpException e) { throw Lang.wrapThrow(e, "An exception was happend when get data from paltform."); } }
6 回复

显示的是tls12不支持,原因是jdk版本低,换jdk7以上才会好

来自炫酷的 NutzCN

@wendal 可生产环境的JDK版本已经是1.8版本了 :!!! 开发环境和生产环境都是64位系统, 不同的是开发为window, JDK1.7, 生产环境为 Linux, JDK1.8. 还有可能是别的原因么? JDK版本过高???

@elkan1788 不太可能

目标服务器是自签名的证书? 要不提供一下地址让我测试一下?

来自炫酷的 NutzCN

@wendal API地址发你的QQ上了, 有时间麻烦帮忙看看,谢谢.

一个很坑爹的问题呀, 把jre的ext加到classpath都不行,非得要拷贝到自己工程的lib下才能工作, 可参考网友提供的方案.
http://my.oschina.net/zixiao/blog/377808

1.8.0_60 及 1.8.0_66 均ok

添加回复
请先登陆
回到顶部