当前位置：首页 > news >正文

解决SSL握手失败问题：SSLHandshakeException: Received fatal alert: handshake_failure

news 2025/9/27 7:34:05

1.异常情况

异常情况如下：
在这里插入图片描述

JDK版本中安全机制导致，不同https安全协议不一致，TLS协议版本越高，HTTPS通信的安全性越高，但是相较于低版本TLS协议，高版本TLS协议对浏览器的兼容性较差。我方系统是jdk1.7默认使用TLSV1.0，对方系统是jdk1.8默认使用TLSV1.2，导致出现异常。

JDK与TLS版本情况如图所示：

在这里插入图片描述

2.解决方法

系统做http请求时，手动将TLS版本号改为1.2即可。

2.1http接口解决方法

public class HttpsClient {private static Log logger = LogFactory.getLog(HttpClientUtil.class);private volatile static CloseableHttpClient httpsClient = null;private HttpsClient(){}public static CloseableHttpClient getInstance() throws Exception{if (httpsClient == null ){synchronized (HttpsClient.class){if (httpsClient == null ) {               	httpsClient = createSSLHttpClient();}}}return httpsClient;}private static CloseableHttpClient createSSLHttpClient() {CloseableHttpClient client = null;// 设置ssl兼容协议版本SSLConnectionSocketFactory sslsf = null;try {SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {@Overridepublic boolean isTrusted(X509Certificate[] chain,String authType) throws CertificateException {return true;}}).build();sslsf = new SSLConnectionSocketFactory(sslContext,new String[] { "TLSv1.2" },null,SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);javax.net.ssl.SSLSocketFactory factory = sslContext.getSocketFactory();SSLSocket socket = (SSLSocket) factory.createSocket();String[] protocols = socket.getSupportedProtocols();logger.trace("支持的协议：" + Arrays.asList(protocols));client = HttpClients.custom().setSSLSocketFactory(sslsf).build();} catch (Exception e) {logger.error("创建SSLConnectionSocketFactory失败", e);e.printStackTrace();}// 创建httpclientif (client == null) {logger.error("创建支持SSL的HttpClient失败，创建普通的HttpClient");client = HttpClients.createDefault();}return client;}}

2.2 webservice接口解决方法

public String submitToOA(KmReviewParamterForm form) throws Exception {ISysCodeService sysCodeService = (ISysCodeService)SpringBeanUtil.getBean("sysCodeService");WebServiceConfig cfg = WebServiceConfig.getInstance();cfg.setAddress(sysCodeService.getContentByCode("reviewUrl").getFdContent());cfg.setUser(sysCodeService.getContentByCode("reviewFinanceUser").getFdContent());cfg.setPassword(sysCodeService.getContentByCode("reviewFinancePassword").getFdContent());IKmReviewWebserviceService service = (IKmReviewWebserviceService) callService(cfg.getAddress(), cfg.getServiceClass());//2025-07-18 设置TLSv1.2版本 STARTClient client = ClientProxy.getClient(service);HTTPConduit httpConduit = (HTTPConduit) client.getConduit();SSLSocketFactory sslSocketFactory = SSLSocketFactoryBuilder.create().setProtocol("TLSv1.2").build();TLSClientParameters tlsClientParameters = new TLSClientParameters();tlsClientParameters.setSSLSocketFactory(sslSocketFactory);httpConduit.setTlsClientParameters(tlsClientParameters);//2025-07-18 设置TLSv1.2版本 ENDreturn service.addReview(form);}