io.netty.handler.ssl.SslHandler setHandshakeFailure
WARNING: SSLEngine.closeInbound() raised an exception due to closed connection.
javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source)
at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:905)
at io.netty.handler.ssl.SslHandler.channelInactive(SslHandler.java:576)
at io.netty.channel.DefaultChannelHandlerContext.invokeChannelInactive(DefaultChannelHandlerContext.java:819)
at io.netty.channel.DefaultChannelHandlerContext.access$1300(DefaultChannelHandlerContext.java:38)
at io.netty.channel.DefaultChannelHandlerContext$5.run(DefaultChannelHandlerContext.java:808)
at io.netty.channel.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:259)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:305)
at io.netty.channel.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:110)
at java.lang.Thread.run(Unknown Source)
在客户端:
No response. Is the certificate valid? Click here to check.
在Chrome的地址栏中发出相同的请求,即相同的服务器端异常.在Firefox的地址栏上发布相同的例外情况,同时Firefox正在显示有关证书不是来自可信CA的警告页面.此异常似乎非常通用,并不直接指示协议的状态.这是否意味着这三个客户端(Chrome,Firefox,DHC by Restlet)没有很好地播放协议而只是在服务器上消失而不是发送close_notify?或者这是SSL RFC所要求的客户端行为,还是仅面向安全的客户端设计?
解决方法
Chrome doesn’t provide an API for managing certificates. In other words,we have no API to automatically accept your certificate nor a way how to raise ‘untrusted certificate’ dialog. But,you can use a little workaround:
- Open the https URL in another tab.
- Manually accept the certificate.
- Go back to DHC and it will work because your certificate has been accepted manually (is stored in your Chrome) by the prevIoUs step.
Usually you have to do this just once.
