2017-06-11 6 views
1

Comment puis-je activer l'extension SNI dans un nouveau client Java 9? (Forfait jdk.incubator.http)Activer SNI TLS dans le nouveau client Java 9

HttpClient client = HttpClient.newHttpClient(); 
client.send(
     HttpRequest 
      .newBuilder(uri) 
      .GET() 
      .build(), 
     HttpResponse.BodyHandler.asString()); 

Mais cette demande a échoué à cause de manque TLS SNI extension de

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:198) 
at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:159) 
at java.base/sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1905) 
at java.base/sun.security.ssl.SSLEngineImpl.processInputRecord(SSLEngineImpl.java:1140) 
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1020) 
at java.base/sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:902) 
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:680) 
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626) 
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.unwrapBuffer(AsyncSSLDelegate.java:476) 
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.handshakeReceiveAndUnWrap(AsyncSSLDelegate.java:395) 
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.doHandshakeImpl(AsyncSSLDelegate.java:294) 
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.doHandshakeNow(AsyncSSLDelegate.java:262) 
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.connect(AsyncSSLDelegate.java:233) 
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLConnection.connect(AsyncSSLConnection.java:78) 
at jdk.incubator.httpclient/jdk.incubator.http.Http2Connection.<init>(Http2Connection.java:263) 
at jdk.incubator.httpclient/jdk.incubator.http.Http2ClientImpl.getConnectionFor(Http2ClientImpl.java:108) 
at jdk.incubator.httpclient/jdk.incubator.http.ExchangeImpl.get(ExchangeImpl.java:86) 
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.establishExchange(Exchange.java:272) 
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.responseImpl0(Exchange.java:283) 
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.responseImpl(Exchange.java:260) 
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.response(Exchange.java:136) 
at jdk.incubator.httpclient/jdk.incubator.http.MultiExchange.response(MultiExchange.java:154) 
at jdk.incubator.httpclient/jdk.incubator.http.HttpClientImpl.send(HttpClientImpl.java:234) 
at CheckProj/Main.Main.lambda$main$0(Main.java:42) 
at java.base/java.util.concurrent.CompletableFuture$UniAccept.tryFire(CompletableFuture.java:714) 
at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506) 
at java.base/java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2073) 
at jdk.incubator.httpclient/jdk.incubator.http.ResponseProcessors$ByteArrayProcessor.onComplete(ResponseProcessors.java:219) 
at jdk.incubator.httpclient/jdk.incubator.http.BlockingPushPublisher.acceptData(BlockingPushPublisher.java:65) 
at jdk.incubator.httpclient/jdk.incubator.http.AbstractPushPublisher.consume(AbstractPushPublisher.java:51) 
at jdk.incubator.httpclient/jdk.incubator.http.ResponseContent.pushBodyChunked(ResponseContent.java:238) 
at jdk.incubator.httpclient/jdk.incubator.http.ResponseContent.pushBody(ResponseContent.java:110) 
at jdk.incubator.httpclient/jdk.incubator.http.Http1Response.lambda$readBody$2(Http1Response.java:157) 
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1161) 
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) 
at java.base/java.lang.Thread.run(Thread.java:844) 

Comment puis-je résoudre ce problème?

+2

Comment savez-vous échoué pour cette raison? – EJP

+0

Débogué, testé, comparé les paquets avec wireshark. (HttpUrlConnection et ce newHttpClient). La seule différence est SNI. Action du serveur: handshake_failure (40) –

+0

Le serveur requiert SNI! –

Répondre

0

Voici une solution de rechange qui ne devrait pas fonctionner, mais qui fonctionne si loin. J'ai implémenté une sous-classe SSLContext qui crée toujours un SSLEngine avec le nom d'hôte/port (ainsi que les paramètres SSL pour vérifier le nom d'hôte).

https://gist.github.com/beders/51d3600d7fb57ad7d36a1745749ef641

utiliser comme ceci

HttpClient client = HttpClient.newBuilder().sslContext(ctx).sslParameters(ctx.getParametersForSNI()).followRedirects(HttpClient.Redirect.ALWAYS).build(); 

Permettez-moi de savoir si cela fonctionne