javax.net.ssl.SSLException:调用webservice Android时,SSL握手中止对端重置连接。
javax.net.ssl.SSLException:调用webservice Android时,SSL握手中止对端重置连接。
提问于 2013-12-23 18:19:03
我正在调用https webservice,它以前工作得很好,但现在当我尝试调用它时,它会给我以下错误。
日志错误:
12-23 06:28:11.969: W/System.err(3014): javax.net.ssl.SSLException: SSL handshake aborted: ssl=0x1cc160: I/O error during system call, Connection reset by peer
12-23 06:28:11.979: W/System.err(3014): at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
12-23 06:28:11.979: W/System.err(3014): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:474)
12-23 06:28:11.979: W/System.err(3014): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:750)
12-23 06:28:11.979: W/System.err(3014): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:692)
12-23 06:28:11.979: W/System.err(3014): at crittercism.android.aa.getInputStream(Unknown Source)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.io.SocketInputBuffer.<init>(SocketInputBuffer.java:93)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:83)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:170)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:106)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:129)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:171)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:359)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)我使用下面的代码来调用https webservice。
public static void trustAllHosts() {
X509TrustManager easyTrustManager = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
// Oh, I am easy!
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
// Oh, I am easy!
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { easyTrustManager };
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection
.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
e.printStackTrace();
}
}
public static HttpClient getNewHttpClient() {
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore
.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new MySSLSocketFactory(trustStore);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory
.getSocketFactory(), 80));
registry.register(new Scheme("https", sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(
params, registry);
return new DefaultHttpClient(ccm, params);
} catch (Exception e) {
return new DefaultHttpClient();
}
}MySSLSocketFactory.java
public class MySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public MySSLSocketFactory(KeyStore truststore)
throws NoSuchAlgorithmException, KeyManagementException,
KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
}
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port,
autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
}它以前工作得很好,但现在失败了。服务器中没有任何更改。
我已经提过了
- Android-Query - Random SSLExceptions
- Intermittent Connection Reset by Peer errors in Android connecting to .NET REST endpoint
- Android HTTPS exception Connection reset by peer
- Why is HttpUrlConnection throwing an SSLException while on a mobile data connection?
我已经在wifi和移动数据中对其进行了测试。应用程序不能同时在两者中工作。
如果有人以前遇到过这个问题,请帮助我解决它。
回答 4
Stack Overflow用户
发布于 2013-12-23 22:34:20
我也得到了同样的异常。我发现这是因为服务器不支持TLS1.0协议。
我观察到安卓设备,http连接到不支持TLS 1.0的服务器失败。我到处寻找关于这个bug的信息,但没有找到任何与这个问题相关的东西。并且解决了这个问题,当TLS 1.0 protocol支持被添加到server.You中时,你可以使用https://www.ssllabs.com/ssltest检查你的服务器/主机名协议支持。
Stack Overflow用户
发布于 2013-12-23 19:01:28
可能有两个原因:
证书可能在客户端或服务器端过期。
解决方案:延长已有证书的有效期或更换新证书。
服务器端口已重置为其他端口。
解决方案:我曾经遇到过这种端口更改的问题,通常是由于服务器维护或补丁更新,有时服务的端口会发生更改。要求提供wsdl的人在他们的服务器上重新生成wsdl,并检查端口是否与客户端现有的wsdl匹配。这里很可能就是这种情况。
Stack Overflow用户
发布于 2015-10-14 00:27:10
我们从今天早上开始也遇到了同样的问题,并得到了解决。
IIS 8上的SSL
- 昨天一切正常,昨晚在IIS网站上更新了我们的安全套接字层。
- 在检查与安全套接字层的站点绑定时,我们注意到IIS8有一个新的复选框“需要服务器名称指示”,它没有被选中,所以我们继续启用它。
- 触发了这个问题。
- 回到IIS...,禁用了这个复选框...问题解决了!
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/20741405
复制相关文章
相似问题