问题描述：

变更记录

问题现象1： EAS使用的部分JDK版本会出现调用苍穹https时报传输加密层的握手错误“Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure”导致EAS连接配置部署失败，所以当苍穹从http协议切换到https协议时，需要特别慎重并在测试环境验证没有问题后再切换。

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.ibm.jsse2.o.a(o.java:22) at com.ibm.jsse2.o.a(o.java:34) at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:378) at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:479) at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:437) at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:142) at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:686) at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:98) at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:13) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1026) at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:25)

Caused by: javax.net.ssl.SSLException: Received fatal alert: internal_error

at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)

at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1092)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)

at kd.isc.iscb.util.misc.NetUtil.sendRequestData(NetUtil.java:521)

... 23 more

问题现象2：EAS单据反写报错( EAS-苍穹) 同步，触发日志异常

java.lang.RuntimeException: server certificate change is restricted during renegotiation

at kd.isc.iscb.util.dt.D.e(D.java:272)

at kd.isc.iscb.util.misc.NetUtil.asyncHttpInvoke(NetUtil.java:176)

at kd.isc.iscb.util.connector.server.ConnectorCallback.call(ConnectorCallback.java:129)

at kd.isc.iscb.util.connector.server.ConnectorCallback.call(ConnectorCallback.java:143)

at kd.isc.iscb.util.connector.RemoteEventPusher.push(RemoteEventPusher.java:25)

at kd.isc.iscb.util.connector.EventBindingUtil.pushData(EventBindingUtil.java:326)

at kd.isc.iscb.util.connector.EventBindingUtil.pushData(EventBindingUtil.java:315)

at kd.isc.iscb.util.connector.EventBindingUtil.pushAll(EventBindingUtil.java:271)

at kd.isc.iscb.util.connector.EventBindingUtil.pushAll(EventBindingUtil.java:233)

at kd.isc.connector.eas.e.PushDataJobHandler.execute(PushDataJobHandler.java:41)

at com.kingdee.bos.service.job.core.ThreadWorker.execute(ThreadWorker.java:186)

at com.kingdee.bos.service.job.core.ThreadWorker.run(ThreadWorker.java:121)

at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: server certificate change is restricted during renegotiation

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

问题现象3：当EAS连接配置进行测试或部署报以下错误信息：

EAS反调苍穹时报错，url:https://publicispoc.test.kdcloud.com,错误内容:网络请求失败，URL是：https://publicispoc.test.kdcloud.com/api/...，原因是：Received fatal alert: internal_error

Running HTTPHandler-1

kd.isc.iscb.util.except.IscBizException: 

at kd.isc.connector.eas.Util.testCallbackIerp(Util.java:367)

at kd.isc.connector.eas.e.RemoteDeploy.exec(RemoteDeploy.java:46)

at kd.isc.connector.eas.e.RemoteDeploy.exec(RemoteDeploy.java:1)

at kd.isc.iscb.util.connector.server.AbstractCommandExecutor.exec(AbstractCommandExecutor.java:15)

at kd.isc.iscb.util.connector.server.CommandDispatcher.execute(CommandDispatcher.java:143)

at kd.isc.iscb.util.connector.server.CommandDispatcher.access$1(CommandDispatcher.java:139)

at kd.isc.iscb.util.connector.server.CommandDispatcher$1.run(CommandDispatcher.java:119)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

。。。

Caused by: javax.net.ssl.SSLException: Received fatal alert: internal_error

at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)

at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1091)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)

at kd.isc.iscb.util.misc.NetUtil.sendRequestData(NetUtil.java:523)

... 23 more

问题现象4：当EAS连接配置进行测试或部署报以下错误信息：

SSL peer shut down incorrectly

解决方案：

问题现象1此问题根据实际情况选择解决办法如下： 

（1）查看EAS自带JDK版本有哪些，如果有高版本JDK可以通过切换到高版本JDK看是否能解决（需要特别慎重并在测试环境验证没有问题后再切换） 

（2）若第一种办法无法解决， 可修改eas实例配置 eas/server/profiles/server*/config/vm.properties， 增加一行配置：

https.protocols=TLSv1,TLSv1.1,TLSv1.2 

修改后重启所有服务器实例再进行测试。（修改前请注意备份）

问题现象2、3、4的解决方法如下：

修改eas实例配置 eas/server/profiles/server*/config/vm.properties， 增加配置（修改前请注意备份）：

jdk.tls.allowUnsafeServerCertChange=true 

sun.security.ssl.allowUnsafeRenegotiation=true

https.protocols=TLSv1,TLSv1.1,TLSv1.2 

修改后重启所有服务器实例再进行测试。