记录一次线上bug修改过程。java
线上服务中有一个须要调用对接接口的业务,对接的接口是 https协议的,以前请求一直没有问题,最近对方反馈收不到咱们的请求了,因此到线上看了下,发现了了一些错误日志:web
javax.net.ssl.SSLException: Received fatal alert: protocol_version at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.7.0_45] at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[na:1.7.0_45] at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959) ~[na:1.7.0_45] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077) ~[na:1.7.0_45] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) ~[na:1.7.0_45] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) ~[na:1.7.0_45] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) ~[na:1.7.0_45] ...
查了相关资料,说是由于JDK的版本问题致使会使用不一样的TLS协议。服务器
我检查了下线上JDK的版本,是1.7版本,1.7版本的JDK默认是使用TLS协议。两种办法解决这个问题ide
调整了线上JDK的版本到1.8,1.8版本的JDK默认使用TLSv1.2 协议,调整后此问题就没有了。svg
固然还有一种办法,就是给在JDK1.7的环境下,主动设置使用TLS1.2 协议,不是使用默认的TLS协议。此方法还能够解决https正式验证问题。ui
CloseableHttpClient httpClient = HttpClients.custom(). setRetryHandler(new DefaultHttpRequestRetryHandler(0, false)) .setSSLSocketFactory(buildSslSocketFactoryForIgnoreCertificate()) .build(); private static SSLSocketFactory buildSslSocketFactoryForIgnoreCertificate() throws NoSuchAlgorithmException, KeyManagementException { X509TrustManager trustManager = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws java.security.cert.CertificateException { } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws java.security.cert.CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; SSLContext sslcontext = SSLContext.getInstance("TLSv1.2"); sslcontext.init(null, new TrustManager[]{trustManager}, null); SSLSocketFactory sslSocketFactory = new SSLSocketFactory(sslcontext); sslSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); return sslSocketFactory; }
之因此以前一直正常,后来请求失败。我感受很大多是对方的服务器限制了TLS协议的请求。.net
关于TLS协议和SSL的区别及介绍,能够看此文章:https://kb.cnblogs.com/page/197396/日志