Closed YangQiang-ChengDu closed 2 months ago
客户端的代码如下:这个代码可以调用Demo 里面的Jetty服务
通过360浏览器可以正常访问 这个是nginx 配置文件
worker_processes 1;
events { worker_connections 1024; }
http { include mime.types; default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
#access_log "pipe:rollback logs/access_log interval=1d baknum=7 maxsize=2G" main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
#access_log "pipe:rollback logs/host.access_log interval=1d baknum=7 maxsize=2G" main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# pass the Dubbo rpc to Dubbo provider server listening on 127.0.0.1:20880
#
#location /dubbo {
# dubbo_pass_all_headers on;
# dubbo_pass_set args $args;
# dubbo_pass_set uri $uri;
# dubbo_pass_set method $request_method;
#
# dubbo_pass org.apache.dubbo.samples.tengine.DemoService 0.0.0 tengineDubbo dubbo_backend;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# upstream for Dubbo rpc to Dubbo provider server listening on 127.0.0.1:20880
#
#upstream dubbo_backend {
# multi 1;
# server 127.0.0.1:20880;
#}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
server {
listen 443 ssl;
#开启国密功能
enable_ntls on;
#国密签名证书
ssl_sign_certificate tlcp-server-sign.crt;
ssl_sign_certificate_key tlcp-server-sign.key;
#国密加密证书
ssl_enc_certificate tlcp-server-enc.crt;
ssl_enc_certificate_key tlcp-server-enc.key;
#国密套件
ssl_ciphers "TLCP_ECC_SM4_GCM_SM3:TLCP_ECC_SM4_CBC_SM3:ECC-SM2-SM4-CBC-SM3:TLCP_ECDHE_SM4_GCM_SM3:TLCP_ECDHE_SM4_CBC_SM3:ECC-SM2-SM4-GCM-SM3:ECDHE-SM2-SM4-CBC-SM3:ECDHE-SM2-SM4-GCM-SM3:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!RC4:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS";
default_type text/plain;
add_header "Content-Type" "text/html;charset=utf-8";
location / {
return 200 "tengine ntls test OK, ssl_protocol is $ssl_protocol (NTLSv1.1 表示国密,其他表示国际)";
}
}
}
需要看看握手的详细日志。
可以在启动java命令时加上系统属性-Dcom.tencent.kona.ssl.debug=all
。
@YangQiang-ChengDu 请问,这个问题是否依然存在? 如果没有有话,请关闭该issue。
@YangQiang-ChengDu 先关闭该issue,若有新的信息,请重新打开它。
参照Demo中编写的HttpClient测试Tengine 搭建的服务器报错:Exception in thread "main" javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake at com.tencent.kona.sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1715) at com.tencent.kona.sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1516) at com.tencent.kona.sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1423) at com.tencent.kona.sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456) at com.tencent.kona.sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at com.yq.thinking.in.sm.client.httpclient.HttpClientUtils.main(HttpClientUtils.java:72) Caused by: java.io.EOFException: SSL peer shut down incorrectly at com.tencent.kona.sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:489) at com.tencent.kona.sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:478) at com.tencent.kona.sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160) at com.tencent.kona.sun.security.ssl.SSLTransport.decode(SSLTransport.java:111) at com.tencent.kona.sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1508) ... 16 more