很抱歉回复这个古老的帖子,但我无法抗拒。
我见过这种握手效果很好:
根据 javax.net.debug=all
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA, Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
Cert Authorities:
<Empty>
*** ServerHelloDone
matching alias: our_client_cert_alias
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=
但这可能取决于您的 HTTP 客户端库以及它如何处理 SSL/TLS(重新)协商。这是使用 Java 8 和http://spray.io/documentation/1.2.4/spray-client/ http://spray.io/documentation/1.2.4/spray-client/