クライアント側でopenJdkバージョン11.28を使用しています。https 経由でデプロイされた Web サービスを呼び出すと、ハンドシェイク エラーが発生します。Web サービスの Nmap コマンドは、以下の結果を提供します。
以下のログを生成している Java で ssl,handshake ロギングを有効にしました。
15:02:04,638 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: secp256r1
15:02:04,638 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: secp384r1
15:02:04,639 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: secp521r1
15:02:04,639 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: sect283k1
15:02:04,640 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: sect283r1
15:02:04,640 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: sect409k1
15:02:04,641 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: sect409r1
15:02:04,641 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: secp256k1
15:02:04,648 ERROR javax.net.ssl|WARNING|D2|SignatureScheme.java:282|Signature algorithm, ed25519, is not supported by the underlying providers
15:02:04,648 ERROR javax.net.ssl|WARNING|D2|SignatureScheme.java:282|Signature algorithm, ed448, is not supported by the underlying providers
15:02:04,663 ERROR javax.net.ssl|INFO|D2|AlpnExtension.java:161|No available application protocols
15:02:04,664 ERROR javax.net.ssl|DEBUG|D2|SSLExtensions.java:235|Ignore, context unavailable extension: application_layer_protocol_negotiation
15:02:04,666 ERROR javax.net.ssl|DEBUG|D2|SSLExtensions.java:235|Ignore, context unavailable extension: renegotiation_info
15:02:04,668 ERROR javax.net.ssl|DEBUG|D2|ClientHello.java:633|Produced ClientHello handshake message (
15:02:04,668 ERROR "ClientHello": {
15:02:04,668 ERROR "client version" : "TLSv1.2",
15:02:04,669 ERROR "random" : "EE F5 C2 80 02 39 44 E5 C4 0E 65 EC 49 FF D0 38 A1 C7 2F 80 EA 5A F5 43 DC A1 4E C3 CB 42 7E 81",
15:02:04,669 ERROR "session id" : "",
15:02:04,669 ERROR "cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
15:02:04,669 ERROR "compression methods" : "00",
15:02:04,669 ERROR "extensions" : [
15:02:04,670 ERROR "server_name (0)": {
15:02:04,670 ERROR type=host_name (0), value=mydomain.com
15:02:04,670 ERROR },
15:02:04,670 ERROR "status_request (5)": {
15:02:04,670 ERROR "certificate status type": ocsp
15:02:04,671 ERROR "OCSP status request": {
15:02:04,671 ERROR "responder_id": <empty>
15:02:04,671 ERROR "request extensions": {
15:02:04,671 ERROR <empty>
15:02:04,671 ERROR }
15:02:04,672 ERROR }
15:02:04,672 ERROR },
15:02:04,672 ERROR "supported_groups (10)": {
15:02:04,672 ERROR "versions": [sect571k1, sect571r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
15:02:04,672 ERROR },
15:02:04,673 ERROR "ec_point_formats (11)": {
15:02:04,673 ERROR "formats": [uncompressed]
15:02:04,673 ERROR },
15:02:04,673 ERROR "signature_algorithms (13)": {
15:02:04,673 ERROR "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
15:02:04,674 ERROR },
15:02:04,674 ERROR "signature_algorithms_cert (50)": {
15:02:04,674 ERROR "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
15:02:04,674 ERROR },
15:02:04,674 ERROR "status_request_v2 (17)": {
15:02:04,675 ERROR "cert status request": {
15:02:04,675 ERROR "certificate status type": ocsp_multi
15:02:04,675 ERROR "OCSP status request": {
15:02:04,675 ERROR "responder_id": <empty>
15:02:04,675 ERROR "request extensions": {
15:02:04,676 ERROR <empty>
15:02:04,676 ERROR }
15:02:04,676 ERROR }
15:02:04,676 ERROR }
15:02:04,677 ERROR },
15:02:04,677 ERROR "extended_master_secret (23)": {
15:02:04,677 ERROR <empty>
15:02:04,677 ERROR },
15:02:04,677 ERROR "supported_versions (43)": {
15:02:04,678 ERROR "versions": [TLSv1.2]
15:02:04,678 ERROR }
15:02:04,678 ERROR ]
15:02:04,678 ERROR }
15:02:04,678 ERROR )
15:02:04,693 ERROR javax.net.ssl|DEBUG|D2|2020-05-16 15:02:04.692|Alert.java:232|Received alert message (
15:02:04,693 ERROR "Alert": {
15:02:04,693 ERROR "level" : "fatal",
15:02:04,693 ERROR "description": "handshake_failure"
15:02:04,693 ERROR }
15:02:04,694 ERROR )
15:02:04,696 ERROR javax.net.ssl|ERROR|D2|2020-05-16 15:02:04.695| : Received fatal alert: handshake_failure (
15:02:04,696 ERROR "throwable" : {
15:02:04,696 ERROR javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
15:02:04,696 ERROR at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
ハンドシェイクの失敗の背後にある理由を見つけることができません。握手中に問題が発生した場所を特定するのを手伝ってください。ありがとうございました。