Ошибка подтверждения SSL в агенте Java (в HCL Notes 14)

Ошибка подтверждения SSL в агенте Java (в HCL Notes 14) ⇐ JAVA

1 сообщение • Страница 1 из 1

Anonymous

Ошибка подтверждения SSL в агенте Java (в HCL Notes 14)

Цитата

Сообщение Anonymous » 17 дек 2024, 12:01

Я пытаюсь подключиться к dnug.collab.cloud с помощью TLSv1.3 с помощью HTTP-клиента Apache 5.4.1 с Java 17.0.8.1, но постоянно сталкиваюсь с ошибкой установления связи, которую я не понимаю.< /p>
Когда я устанавливаю jdk.tls.client.protocols=TLSv1.2, рукопожатие завершается успешно.
Может ли кто-нибудь объяснить, что может пойти не так?
Код

Код: Выделить всё

System.out.println(System.getProperty("java.version"));
try (CloseableHttpClient client = HttpClients.createDefault()) {
final HttpGet request1 = new HttpGet(
"https://dnug.collab.cloud/profiles/atom/profileService.do?email=dummy@umbrellacorp.org");
client.execute(request1, response -> {
return null;
});

} catch (Exception e) {
e.printStackTrace();
}

Журнал создан с помощью javax.net.debug=ssl:handshake

Код: Выделить всё

17.0.8.1
javax.net.ssl|DEBUG|2024-12-12 17:00:53.028 CET|SSLCipher.java:466|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|2024-12-12 17:00:53.075 CET|SSLCipher.java:466|jdk.tls.keyLimits:  entry =  ChaCha20-Poly1305 KeyUpdate 2^37.  CHACHA20-POLY1305:KEYUPDATE = 137438953472
javax.net.ssl|WARNING|2024-12-12 17:00:57.306 CET|NamedGroup.java:297|No AlgorithmParameters for x25519 (
"throwable" : {
java.security.NoSuchAlgorithmException: Algorithm x25519 not available
at java.base/javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:194)
...
)
javax.net.ssl|WARNING|2024-12-12 17:00:57.316 CET|NamedGroup.java:297|No AlgorithmParameters for x448 (
"throwable" : {
java.security.NoSuchAlgorithmException: Algorithm x448 not available
at java.base/javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:194)
...
)
javax.net.ssl|WARNING|2024-12-12 17:00:57.322 CET|SignatureScheme.java:296|Signature algorithm, Ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|2024-12-12 17:00:57.323 CET|SignatureScheme.java:296|Signature algorithm, Ed448, is not supported by the underlying providers
javax.net.ssl|INFO|2024-12-12 17:00:57.445 CET|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|2024-12-12 17:00:57.446 CET|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|2024-12-12 17:00:57.447 CET|SessionTicketExtension.java:408|Stateless resumption supported
javax.net.ssl|DEBUG|2024-12-12 17:00:57.450 CET|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|2024-12-12 17:00:57.755 CET|SSLExtensions.java:272|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|2024-12-12 17:00:57.756 CET|PreSharedKeyExtension.java:661|No session to resume.
javax.net.ssl|DEBUG|2024-12-12 17:00:57.756 CET|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|2024-12-12 17:00:57.789 CET|ClientHello.java:641|Produced ClientHello handshake message (
"ClientHello": {
"client version"      : "TLSv1.2",
"random"              : "AD7E649F326AE997D6BCF2B2BAE7D019A665797892B091C0CF90F8F60A64399C",
"session id"          : "F475C1E0041E5A8BDC270BE3252E06EFC7CD830A18A6C61A1319BD84C34603D4",
"cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions"           : [
"server_name (0)": {
type=host_name (0), value=dnug.collab.cloud
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": 
"request extensions": {

}
}
},
"supported_groups (10)": {
"versions": [ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": 
"request extensions": {

}
}
}
},
"extended_master_secret (23)": {

},
"session_ticket (35)": {

},
"signature_algorithms (13)": {
"signature schemes": [rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, rsa_sha224, dsa_sha224, rsa_pkcs1_sha1, dsa_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"signature_algorithms_cert (50)": {
"signature schemes": [rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, rsa_sha224, dsa_sha224, rsa_pkcs1_sha1, dsa_sha1]
},
"key_share (51)": {
"client_shares": [
{
"named group": ffdhe2048
"key_exchange": {
0000: CA 1D A2 35 A2 7A 8A A6   DD 8F 8B 96 C3 76 D6 4D  ...5.z.......v.M
0010: D7 3E 20 B8 E8 B3 72 2B   B0 DF A8 E2 47 FB 8B 96  .> ...r+....G...
0020: 66 4E 7F 9A A8 82 84 BF   45 45 3A 28 1D 77 BC F0  fN......EE:(.w..
0030: 92 B3 1C 64 52 94 B5 EE   43 FC C9 0B 52 26 AE 59  ...dR...C...R&.Y
0040: AE 1E 89 E7 C2 DB 35 C7   9B 83 0F C7 89 37 33 0C  ......5......73.
0050: CE CB A3 E4 01 EB 7C 1B   D9 3A F1 FE 2F D1 CA 71  .........:../..q
0060: D1 2C 1A 8A CF 11 82 E3   81 73 E4 D3 B9 5B EA 7E  .,.......s...[..
0070: 23 A5 E3 B0 25 8D 31 21   4C 63 68 DD F9 01 E2 75  #...%.1!Lch....u
0080: DC 34 01 AA D4 3B 89 88   E3 05 86 9F 52 DB 76 07  .4...;......R.v.
0090: 33 CF 43 34 01 3C E9 30   4B 71 5D AC 65 6E F4 07  3.C4.

Подробнее здесь: [url]https://stackoverflow.com/questions/79275809/ssl-handshake-failure-in-java-agent-in-hcl-notes-14[/url]

1734426089

Anonymous

Я пытаюсь подключиться к dnug.collab.cloud с помощью TLSv1.3 с помощью HTTP-клиента Apache 5.4.1 с Java 17.0.8.1, но постоянно сталкиваюсь с ошибкой установления связи, которую я не понимаю.< /p>
Когда я устанавливаю jdk.tls.client.protocols=TLSv1.2, рукопожатие завершается успешно.
Может ли кто-нибудь объяснить, что может пойти не так?
Код
[code]System.out.println(System.getProperty("java.version"));
try (CloseableHttpClient client = HttpClients.createDefault()) {
final HttpGet request1 = new HttpGet(
"https://dnug.collab.cloud/profiles/atom/profileService.do?email=dummy@umbrellacorp.org");
client.execute(request1, response -> {
return null;
});

} catch (Exception e) {
e.printStackTrace();
}
[/code]
Журнал создан с помощью javax.net.debug=ssl:handshake
[code]17.0.8.1
javax.net.ssl|DEBUG|2024-12-12 17:00:53.028 CET|SSLCipher.java:466|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|2024-12-12 17:00:53.075 CET|SSLCipher.java:466|jdk.tls.keyLimits:  entry =  ChaCha20-Poly1305 KeyUpdate 2^37.  CHACHA20-POLY1305:KEYUPDATE = 137438953472
javax.net.ssl|WARNING|2024-12-12 17:00:57.306 CET|NamedGroup.java:297|No AlgorithmParameters for x25519 (
"throwable" : {
java.security.NoSuchAlgorithmException: Algorithm x25519 not available
at java.base/javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:194)
...
)
javax.net.ssl|WARNING|2024-12-12 17:00:57.316 CET|NamedGroup.java:297|No AlgorithmParameters for x448 (
"throwable" : {
java.security.NoSuchAlgorithmException: Algorithm x448 not available
at java.base/javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:194)
...
)
javax.net.ssl|WARNING|2024-12-12 17:00:57.322 CET|SignatureScheme.java:296|Signature algorithm, Ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|2024-12-12 17:00:57.323 CET|SignatureScheme.java:296|Signature algorithm, Ed448, is not supported by the underlying providers
javax.net.ssl|INFO|2024-12-12 17:00:57.445 CET|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|2024-12-12 17:00:57.446 CET|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|2024-12-12 17:00:57.447 CET|SessionTicketExtension.java:408|Stateless resumption supported
javax.net.ssl|DEBUG|2024-12-12 17:00:57.450 CET|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|2024-12-12 17:00:57.755 CET|SSLExtensions.java:272|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|2024-12-12 17:00:57.756 CET|PreSharedKeyExtension.java:661|No session to resume.
javax.net.ssl|DEBUG|2024-12-12 17:00:57.756 CET|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|2024-12-12 17:00:57.789 CET|ClientHello.java:641|Produced ClientHello handshake message (
"ClientHello": {
"client version"      : "TLSv1.2",
"random"              : "AD7E649F326AE997D6BCF2B2BAE7D019A665797892B091C0CF90F8F60A64399C",
"session id"          : "F475C1E0041E5A8BDC270BE3252E06EFC7CD830A18A6C61A1319BD84C34603D4",
"cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions"           : [
"server_name (0)": {
type=host_name (0), value=dnug.collab.cloud
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": 
"request extensions": {

}
}
},
"supported_groups (10)": {
"versions": [ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": 
"request extensions": {

}
}
}
},
"extended_master_secret (23)": {

},
"session_ticket (35)": {

},
"signature_algorithms (13)": {
"signature schemes": [rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, rsa_sha224, dsa_sha224, rsa_pkcs1_sha1, dsa_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"signature_algorithms_cert (50)": {
"signature schemes": [rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, rsa_sha224, dsa_sha224, rsa_pkcs1_sha1, dsa_sha1]
},
"key_share (51)": {
"client_shares": [
{
"named group": ffdhe2048
"key_exchange": {
0000: CA 1D A2 35 A2 7A 8A A6   DD 8F 8B 96 C3 76 D6 4D  ...5.z.......v.M
0010: D7 3E 20 B8 E8 B3 72 2B   B0 DF A8 E2 47 FB 8B 96  .> ...r+....G...
0020: 66 4E 7F 9A A8 82 84 BF   45 45 3A 28 1D 77 BC F0  fN......EE:(.w..
0030: 92 B3 1C 64 52 94 B5 EE   43 FC C9 0B 52 26 AE 59  ...dR...C...R&.Y
0040: AE 1E 89 E7 C2 DB 35 C7   9B 83 0F C7 89 37 33 0C  ......5......73.
0050: CE CB A3 E4 01 EB 7C 1B   D9 3A F1 FE 2F D1 CA 71  .........:../..q
0060: D1 2C 1A 8A CF 11 82 E3   81 73 E4 D3 B9 5B EA 7E  .,.......s...[..
0070: 23 A5 E3 B0 25 8D 31 21   4C 63 68 DD F9 01 E2 75  #...%.1!Lch....u
0080: DC 34 01 AA D4 3B 89 88   E3 05 86 9F 52 DB 76 07  .4...;......R.v.
0090: 33 CF 43 34 01 3C E9 30   4B 71 5D AC 65 6E F4 07  3.C4.

Подробнее здесь: [url]https://stackoverflow.com/questions/79275809/ssl-handshake-failure-in-java-agent-in-hcl-notes-14[/url]