Rails和Play Framework之间的间歇SSL握手失败

Question

我们有两个服务，客户端是Rails应用，服务器是使用Play框架构建的REST API。我们在Rails中使用HTTParty客户端。

我们在这两个服务之间得到间歇性的SSL握手错误。在游戏中，我们得到以下错误：

Jan 09 14:37:47 graph-dev graph: org.jboss.netty.handler.ssl.SslHandler - SSLEngine.closeInbound() raised an exception after a handshake failure. 
Jan 09 14:37:47 graph-dev javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? 
Jan 09 14:37:47 graph-dev at: sun.security.ssl.Alerts.getSSLException(Alerts.java:208) 
Jan 09 14:37:47 graph-dev at: sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619) 
Jan 09 14:37:47 graph-dev at: sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587) 
Jan 09 14:37:47 graph-dev at: sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1517) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1407) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1293) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:913) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90) 
Jan 09 14:37:47 graph-dev at: org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) 
Jan 09 14:37:47 graph-dev at: java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 
Jan 09 14:37:47 graph-dev at: java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
Jan 09 14:37:47 graph-dev at: java.lang.Thread.run(Thread.java:744) 

On Rails的，相应的错误：

Error: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert handshake failure 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `connect' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `block in connect' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/timeout.rb:52:in `timeout' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `connect' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:862:in `do_start' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:851:in `start' 
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:1367:in `request' 

我们的SSL证书由颁发的RapidSSL。在Play上，我们包含由Equifax验证GeoTrust签署的跨根证书。

我们一直在试图弄清楚这几天，现在我们真的很茫然。

Answer 1

在Play邮件列表上提供了一个答案。我们在$JAVA_HOME/jre/lib/security/java.security中添加了DiffieHellman到jdk.tls.disabledAlgorithms的默认值的末尾，并解决了这个问题。

信用可以在该列表中选择Will Sargent。

https://groups.google.com/forum/#!topic/play-framework/ECee_w2wlrU