如何正确设置C#与Java之间的ssl套接字连接?
我在将C#套接字客户端连接到Java服务器时遇到了问题。
Java服务器(部署在CentOS服务器上)
System.setProperty( "javax.net.ssl.keyStore", "/etc/ssl/servercert" );
System.setProperty( "javax.net.ssl.keyStorePassword", "pass" );
SSLServerSocket serverSocket = SSLServerSocketFactory.getDefault().createServerSocket( PORT );
SSLSocket sslSocket = serverSocket.accept();
sslSocket.startHandshake();
InputStream inputStream = socket.getInputStream();
...servercert是包含私钥和整个信任链(主、中、根)的密钥存储库。
C#客户端(从我的笔记本- Win7 x64运行)
var sock = new Socket( AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp );
sock.Connect(server, port );
NetworkStream stream = new NetworkStream(sock);
SslStream ssl = new SslStream(stream);
ssl.AuthenticateAsClient(server);
ssl.Write("test");
...Java客户端(从我的笔记本- Win7 x64运行)
SSLSocket sslSocket = SSLSocketFactory.getDefault().createSocket( host, port );
sslSocket.startHandshake();
UTF8OutputStreamWriter outputStreamWriter = new UTF8OutputStreamWriter( socket.getOutputStream() );
outputStreamWriter.write( "test" );Java -> Java成功
C#客户端->失败
Java服务器错误
Exception in thread "main" javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1014)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:731)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:213)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:957)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:892)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)C#客户端错误
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)我做错什么了?
编辑:
我做了一些测试,现在我知道这不是C#客户机的错误,因为同一个客户端可以连接到任何HTTPS网站并交换HTTP请求(应用程序不会在AuthenticateAsClient上崩溃)
回答 4
Stack Overflow用户
发布于 2015-04-13 12:29:17
我找到了。问题:不正确的密钥存储库。我合并了两个关于创建密钥存储库的教程。首先:将私钥和整个信任链合并为pem。第二:将pem导入到keystore。但结果是,keystore只包含了主证书。最近,我想在Windows上验证keystore,我使用了KeyStore Explorer。然后,我意识到什么是错误的,并使新的密钥存储成功使用这个工具。
Stack Overflow用户
发布于 2015-04-09 09:09:54
jave服务器返回的“没有共同密码套件”错误没有显示问题的所在吗?如果我正确地回忆起TLS协议,客户端首先发送客户端hello,其中它指定了可能的安全套件(支持)。服务器应该选择一个(基于它支持的安全套件),并在Server中指定它。Java服务器没有找到任何匹配的安全套件,而是抛出异常。java服务器与java客户端协同工作的原因是因为两者都支持相同的密码。试着制作C#服务器和C#客户端,它的工作方式应该是一样的.
Stack Overflow用户
发布于 2015-04-12 03:45:04
最近,我不得不通过C++/Win API通过SSL与Apache服务器进行通信,这样我才能理解。您可能缺少Windows机器上的证书(公钥)--在Linux (java)机器上使用私钥的证书。我必须做的一件事是获取WireShark并查看事务。如果您可以从您的Linux机器获得私钥,您可以将其提供给WireShark,它将提供您的数据包内容的非常好的(解密)分解。通过这种方式,您可以查看事务并查看其失败的位置,以及密码套件列表的交换。我可以告诉您,有时从软件堆栈返回的错误与您看到的监视有线协议的错误不匹配。他们似乎不太可能找到共同的密码套件(有相当多的常用密码套件)。我怀疑这要么是密钥(证书)问题,要么是初始交换期间对话框中的失败。WireShark是你的朋友。
https://stackoverflow.com/questions/29433292
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号