First, the discovery of the problem

The problem is found and dealt with some time ago, now to review and summarize. During that time, Remote host closed connection during Handshake was occasionally warned online, the number of times was about 3-10 times a day, the frequency was not high. At first, there was not much attention, but THOUGHT that since there is, always want to check.

This feature requests a third-party interface, using the HTTPS protocol.

Second, try to deal with

My understanding of HTTPS protocol is not deep, there is this problem, first Baidu, after Google, anyway, have checked. There are two main reasons for the online analysis:

1. The SSL version is faulty

2. SSL certificate verification problem

3, jdK1.8 encryption suite problem, related configuration is crypto

The default version of TLS 1.0 is used in the production code, so you can upgrade the SSL version. The other option is to remove SSL certificate authentication, which is to trust all certificates. The relevant codes are as follows:

X509TrustManager xtm = new X509TrustManager() {
	@Override
	public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}

	@Override
	public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}

	@Override
	public X509Certificate[] getAcceptedIssuers() {
		return null; }}; SSLContext ctx = SSLContext.getInstance("TLSv1.0");
ctx.init(null.new TrustManager[]{xtm}, null);
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(ctx, NoopHostnameVerifier.INSTANCE);
Copy the code

Obviously, when the confidence is full of online, found, the problem still exists. It doesn’t work for the first two, so you can only look at modifying the Java\jre\lib\security\java.security file

crypto.policy=unlimited
Copy the code

For detailed analysis and principles, please refer to the resources. 1

Obviously, the third attempt doesn’t solve the problem either. There’s no choice but to grab the bag. Why is the final capture, as the sentence “before the source code, no secret”, all data interaction, can be seen through the capture of the package.

Three, prepare knowledge

Before packet capture and analysis, we must have some understanding of SSL, although not in depth, but the basic principle is to understand, so it is problem driven learning, let me learn SSL. The difference between SSL and TLS: TLS is based on SSL, there are some differences between the two, the most important is TLS security and content enhancements and improvements. The HTTPS protocol is embedded with TLS between TCP and HTTP to encrypt content.

Overview of the SSL/TLS protocol operation mechanism

(1) The client initiates clienthello and sends a random number

(2) The server replies serverHello with a certificate and a random number

(3) The client will also send a random number, if the client requires to verify the reliability of the certificate, will also send CertificateVerify, etc

(4) Final reply from the server

The certificate contains the public key. The public key is used to encrypt the random number, not the content of the interaction. What is really used to encrypt the content is the password composed of three random numbers, which is used by both parties to encrypt and decrypt

To learn about the handshake process, you can understand the captured packets and learn more about TLS, see Reference 3

4. Packet capture analysis

Packet capture analysis results: After receiving the certificate from the server, the client replies to the ACK, but the server terminates the connection and sends the FIN to the client. Therefore, the problem is on the server side, that is, the third party, not on their own side.

In addition, I compared the abnormal packet with the normal packet, and found that the protocol version, certificate, and encryption suite of the two packets were the same, which further confirmed and excluded the cause of the above analysis

V. Solutions

Obviously, the interface provider had to check and find out that the server was faulty (the exact cause is unknown). The server in question was removed and the problem was resolved.

Therefore, the occurrence of this kind of problem, in addition to the possible reasons mentioned above, there may be a problem with the other party’s server.

reference

  1. Blog.csdn.net/kevin_mails…
  2. www.ruanyifeng.com/blog/2014/0…
  3. Blog.csdn.net/mrpre/categ…