javax.net.ssl.SSLException: Received fatal alert: protocol_version 问题解决

时间 2020-08-13 标签 javax.net.ssl.sslexception javax ssl sslexception received fatal alert protocol version 问题解决

记录一次线上bug修改过程。java

线上服务中有一个须要调用对接接口的业务，对接的接口是 https协议的，以前请求一直没有问题，最近对方反馈收不到咱们的请求了，因此到线上看了下，发现了了一些错误日志：web

javax.net.ssl.SSLException: Received fatal alert: protocol_version
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) ~[na:1.7.0_45]
        ...

查了相关资料，说是由于JDK的版本问题致使会使用不一样的TLS协议。服务器

我检查了下线上JDK的版本，是1.7版本，1.7版本的JDK默认是使用TLS协议。两种办法解决这个问题ide

调整了线上JDK的版本到1.8，1.8版本的JDK默认使用TLSv1.2 协议，调整后此问题就没有了。svg
固然还有一种办法，就是给在JDK1.7的环境下，主动设置使用TLS1.2 协议，不是使用默认的TLS协议。此方法还能够解决https正式验证问题。ui

CloseableHttpClient httpClient =  HttpClients.custom().
						setRetryHandler(new DefaultHttpRequestRetryHandler(0, false))
						.setSSLSocketFactory(buildSslSocketFactoryForIgnoreCertificate())
						.build();
						
private static SSLSocketFactory buildSslSocketFactoryForIgnoreCertificate() throws NoSuchAlgorithmException, KeyManagementException {

		X509TrustManager trustManager = new X509TrustManager() {

			@Override
			public void checkClientTrusted(X509Certificate[] chain, String authType) throws java.security.cert.CertificateException {
			}

			@Override
			public void checkServerTrusted(X509Certificate[] chain, String authType) throws java.security.cert.CertificateException {
			}

			@Override
			public X509Certificate[] getAcceptedIssuers() {
				return null;
			}

		};

		SSLContext sslcontext = SSLContext.getInstance("TLSv1.2");

		sslcontext.init(null, new TrustManager[]{trustManager}, null);

		SSLSocketFactory sslSocketFactory = new SSLSocketFactory(sslcontext);

		sslSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

		return sslSocketFactory;

	}

之因此以前一直正常，后来请求失败。我感受很大多是对方的服务器限制了TLS协议的请求。.net

关于TLS协议和SSL的区别及介绍，能够看此文章：https://kb.cnblogs.com/page/197396/日志