我正在使用 Java 服务器通过其 validation server 验证 Apple 付款收据.我们大约 50% 的请求因“SocketException:连接重置”而失败,以获取有效收据(稍后重试成功)。
我在另一台部署在 Java 7 上的服务器上没有遇到这种行为,但在部署到 Java 8 上时开始遇到这种情况。
我看到默认的 TLS 协议(protocol)在 Java 8 中从 TLSv1 更改为 TLSv1.2,因此我尝试更改默认协议(protocol)以使用 Java 7 的默认协议(protocol),但没有看到任何改进。这是我使用的 JVM 属性:
-Djdk.tls.client.protocols="TLSv1,TLSv1.2,TLSv1.1"
知道为什么我在大约一半的时间内收到错误“SocketException:连接重置”吗?
谢谢!
[更新]
我设法获取失败请求的调试和 ssl 日志:
DEBUG [2017-03-02 00:35:37,586] org.apache.http.impl.conn.PoolingClientConnectionManager: Connection request: [route: {s}->https://buy.itunes.apple.com:443][total kept alive: 1; route allocated: 1 of 50; total allocated: 1 of 2000]
DEBUG [2017-03-02 00:35:37,586] org.apache.http.impl.conn.PoolingClientConnectionManager: Connection leased: [id: 4][route: {s}->https://buy.itunes.apple.com:443][total kept alive: 0; route allocated: 1 of 50; total allocated: 1 of 2000]
DEBUG [2017-03-02 00:35:37,586] org.apache.http.impl.client.DefaultHttpClient: Stale connection check
dw-66 - POST /v1/reqrep, setSoTimeout(1) called
dw-66 - POST /v1/reqrep, handling exception: java.net.SocketTimeoutException: Read timed out
dw-66 - POST /v1/reqrep, setSoTimeout(15000) called
dw-66 - POST /v1/reqrep, setSoTimeout(15000) called
DEBUG [2017-03-02 00:35:37,590] org.apache.http.client.protocol.RequestAddCookies: CookieSpec selected: ignoreCookies
DEBUG [2017-03-02 00:35:37,590] org.apache.http.client.protocol.RequestAuthCache: Auth cache not set in the context
DEBUG [2017-03-02 00:35:37,590] org.apache.http.client.protocol.RequestTargetAuthentication: Target auth state: UNCHALLENGED
DEBUG [2017-03-02 00:35:37,590] org.apache.http.client.protocol.RequestProxyAuthentication: Proxy auth state: UNCHALLENGED
DEBUG [2017-03-02 00:35:37,590] org.apache.http.impl.client.DefaultHttpClient: Attempt 1 to execute request
DEBUG [2017-03-02 00:35:37,590] org.apache.http.impl.conn.DefaultClientConnection: Sending request: POST /verifyReceipt HTTP/1.1
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "POST /verifyReceipt HTTP/1.1[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "Content-Length: 6839[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "Host: buy.itunes.apple.com[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "Connection: Keep-Alive[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.wire: >> "[\r][\n]"
DEBUG [2017-03-02 00:35:37,590] org.apache.http.headers: >> POST /verifyReceipt HTTP/1.1
DEBUG [2017-03-02 00:35:37,590] org.apache.http.headers: >> Content-Type: application/x-www-form-urlencoded
DEBUG [2017-03-02 00:35:37,590] org.apache.http.headers: >> Content-Length: 6839
DEBUG [2017-03-02 00:35:37,591] org.apache.http.headers: >> Host: buy.itunes.apple.com
DEBUG [2017-03-02 00:35:37,591] org.apache.http.headers: >> Connection: Keep-Alive
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Application Data, length = 179
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Application Data, length = 6863
dw-66 - POST /v1/reqrep, handling exception: java.net.SocketException: Connection reset
%% Invalidated: [Session-505, TLS_RSA_WITH_AES_128_GCM_SHA256]
dw-66 - POST /v1/reqrep, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Alert, length = 26
dw-66 - POST /v1/reqrep, Exception sending alert: java.net.SocketException: Broken pipe
dw-66 - POST /v1/reqrep, called closeSocket()
dw-66 - POST /v1/reqrep, called close()
dw-66 - POST /v1/reqrep, called closeInternal(true)
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.conn.DefaultClientConnection: Connection 0.0.0.0:59028<->17.173.66.179:443 closed
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.client.DefaultHttpClient: Closing the connection.
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.conn.DefaultClientConnection: Connection 0.0.0.0:59028<->17.173.66.179:443 closed
ERROR [2017-03-02 00:35:37,600] com.spaceape.http.client.HttpClient$$anon$1: http retry for it. executionCount=1
! java.net.SocketException: Connection reset
<ommitted stack trace>
INFO [2017-03-02 00:35:37,601] org.apache.http.impl.client.DefaultHttpClient: I/O exception (java.net.SocketException) caught when processing request to {s}->https://buy.itunes.apple.com:443: Connection reset
DEBUG [2017-03-02 00:35:37,603] org.apache.http.impl.client.DefaultHttpClient: Connection reset
! java.net.SocketException: Connection reset
<ommitted stack trace>
INFO [2017-03-02 00:35:37,604] org.apache.http.impl.client.DefaultHttpClient: Retrying request to {s}->https://buy.itunes.apple.com:443
DEBUG [2017-03-02 00:35:37,604] org.apache.http.impl.client.DefaultHttpClient: Reopening the direct connection.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
DEBUG [2017-03-02 00:35:37,609] org.apache.http.impl.conn.DefaultClientConnectionOperator: Connecting to buy.itunes.apple.com:443
dw-66 - POST /v1/reqrep, setSoTimeout(15000) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
...
之后 SSL 连接成功重新打开并进行验证。 上面日志中重置连接的特定位是:
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Application Data, length = 179
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Application Data, length = 6863
dw-66 - POST /v1/reqrep, handling exception: java.net.SocketException: Connection reset
%% Invalidated: [Session-505, TLS_RSA_WITH_AES_128_GCM_SHA256]
dw-66 - POST /v1/reqrep, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
dw-66 - POST /v1/reqrep, WRITE: TLSv1.2 Alert, length = 26
dw-66 - POST /v1/reqrep, Exception sending alert: java.net.SocketException: Broken pipe
dw-66 - POST /v1/reqrep, called closeSocket()
dw-66 - POST /v1/reqrep, called close()
dw-66 - POST /v1/reqrep, called closeInternal(true)
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.conn.DefaultClientConnection: Connection 0.0.0.0:59028<->17.173.66.179:443 closed
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.client.DefaultHttpClient: Closing the connection.
DEBUG [2017-03-02 00:35:37,595] org.apache.http.impl.conn.DefaultClientConnection: Connection 0.0.0.0:59028<->17.173.66.179:443 closed
如有任何帮助,我们将不胜感激!
最佳答案
我们目前遇到了同样的问题。如果我们从我们的服务器调用此命令大约 5-10 次:
openssl s_client -connect buy.itunes.apple.com:443 -tls1_2
它最终会毫无响应地挂起。并且可能因为达到超时而发生了 java SocketException(我们也在日志中看到)。 Apple 的验证服务器之一可能有问题?
关于java - Apple 收据验证时的连接重置 (Java 8),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42485299/
给定这段代码defcreate@upgrades=User.update_all(["role=?","upgraded"],:id=>params[:upgrade])redirect_toadmin_upgrades_path,:notice=>"Successfullyupgradeduser."end我如何在该操作中实际验证它们是否已保存或未重定向到适当的页面和消息? 最佳答案 在Rails3中,update_all不返回任何有意义的信息,除了已更新的记录数(这可能取决于您的DBMS是否返回该信息)。http://ar.ru
我想安装一个带有一些身份验证的私有(private)Rubygem服务器。我希望能够使用公共(public)Ubuntu服务器托管内部gem。我读到了http://docs.rubygems.org/read/chapter/18.但是那个没有身份验证-如我所见。然后我读到了https://github.com/cwninja/geminabox.但是当我使用基本身份验证(他们在他们的Wiki中有)时,它会提示从我的服务器获取源。所以。如何制作带有身份验证的私有(private)Rubygem服务器?这是不可能的吗?谢谢。编辑:Geminabox问题。我尝试“捆绑”以安装新的gem..
我希望我的UserPrice模型的属性在它们为空或不验证数值时默认为0。这些属性是tax_rate、shipping_cost和price。classCreateUserPrices8,:scale=>2t.decimal:tax_rate,:precision=>8,:scale=>2t.decimal:shipping_cost,:precision=>8,:scale=>2endendend起初,我将所有3列的:default=>0放在表格中,但我不想要这样,因为它已经填充了字段,我想使用占位符。这是我的UserPrice模型:classUserPrice回答before_val
我有一个表单,其中有很多字段取自数组(而不是模型或对象)。我如何验证这些字段的存在?solve_problem_pathdo|f|%>... 最佳答案 创建一个简单的类来包装请求参数并使用ActiveModel::Validations。#definedsomewhere,atthesimplest:require'ostruct'classSolvetrue#youcouldevencheckthesolutionwithavalidatorvalidatedoerrors.add(:base,"WRONG!!!")unlesss
我正在使用Sequel构建一个愿望list系统。我有一个wishlists和itemstable和一个items_wishlists连接表(该名称是续集选择的名称)。items_wishlists表还有一个用于facebookid的额外列(因此我可以存储opengraph操作),这是一个NOTNULL列。我还有Wishlist和Item具有续集many_to_many关联的模型已建立。Wishlist类也有:selectmany_to_many关联的选项设置为select:[:items.*,:items_wishlists__facebook_action_id].有没有一种方法可以
我真的很习惯使用Ruby编写以下代码:my_hash={}my_hash['test']=1Java中对应的数据结构是什么? 最佳答案 HashMapmap=newHashMap();map.put("test",1);我假设? 关于java-等价于Java中的RubyHash,我们在StackOverflow上找到一个类似的问题: https://stackoverflow.com/questions/22737685/
我有一些非常大的模型,我必须将它们迁移到最新版本的Rails。这些模型有相当多的验证(User有大约50个验证)。是否可以将所有这些验证移动到另一个文件中?说app/models/validations/user_validations.rb。如果可以,有人可以提供示例吗? 最佳答案 您可以为此使用关注点:#app/models/validations/user_validations.rbrequire'active_support/concern'moduleUserValidationsextendActiveSupport:
当我的预订模型通过rake任务在状态机上转换时,我试图找出如何跳过对ActiveRecord对象的特定实例的验证。我想在reservation.close时跳过所有验证!叫做。希望调用reservation.close!(:validate=>false)之类的东西。仅供引用,我们正在使用https://github.com/pluginaweek/state_machine用于状态机。这是我的预订模型的示例。classReservation["requested","negotiating","approved"])}state_machine:initial=>'requested
我有一个服务模型/表及其注册表。在表单中,我几乎拥有服务的所有字段,但我想在验证服务对象之前自动设置其中一些值。示例:--服务Controller#创建Action:defcreate@service=Service.new@service_form=ServiceFormObject.new(@service)@service_form.validate(params[:service_form_object])and@service_form.saverespond_with(@service_form,location:admin_services_path)end在验证@ser
我使用的是Firefox版本36.0.1和Selenium-Webdrivergem版本2.45.0。我能够创建Firefox实例,但无法使用脚本继续进行进一步的操作无法在60秒内获得稳定的Firefox连接(127.0.0.1:7055)错误。有人能帮帮我吗? 最佳答案 我遇到了同样的问题。降级到firefoxv33后一切正常。您可以找到旧版本here 关于ruby-无法在60秒内获得稳定的Firefox连接(127.0.0.1:7055),我们在StackOverflow上找到一个类