代码可以在我的Genymotion Android 4.4.4模拟器上运行,但不能在我使用的设备(4.4.2)上运行。
我已经尝试了很多“信任所有证书”的变通方法,但是都没有用(我不认为这是问题所在,因为证书是AOK的)。
我想我已经确定了密码(使用我桌面上的wireshark跟踪);TLS 0x00 0x1E似乎有点罕见?
你知道怎么修复吗?
这是我的代码
StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder().permitAll().build();
StrictMode.setThreadPolicy(policy);
CloseableHttpClient client = HttpClientBuilder.create().setSSLSocketFactory(sslsf).build();
String baseURL = "https://mysite.co.uk/api/";
HttpGetHC4 request = new HttpGetHC4(baseURL + "/authenticate?user=abcd&password=1234");
CloseableHttpResponse response = client.execute(request);
和错误;
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6abff398: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x684dfce0:0x00000000)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:449)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:340)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:281)
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:124)
at org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:322)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:373)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:225)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:178)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
at com.example.lee.printticket.Main$OrderAsyncTask.onPostExecute(Main.java:239)
at com.example.lee.printticket.Main$OrderAsyncTask.onPostExecute(Main.java:189)
at android.os.AsyncTask.finish(AsyncTask.java:632)
at android.os.AsyncTask.access$600(AsyncTask.java:177)
at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:645)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:136)
at android.app.ActivityThread.main(ActivityThread.java:5017)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:785)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:601)
at dalvik.system.NativeStart.main(Native Method)
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6abff398: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x684dfce0:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:406)
... 25 more
编辑
尝试使用不同的技术/库;
RequestQueue queue = Volley.newRequestQueue(this);
String url ="https://mysite.co.uk/api/authenticate?user=abcd&password=1234";
// Request a string response from the provided URL.
StringRequest stringRequest = new StringRequest(Request.Method.GET, url,
new Response.Listener<String>() {
@Override
public void onResponse(String response) {
// Display the first 500 characters of the response string.
Log.d("response: ", response);
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
Log.d("response: ", error.toString());
}
});
// Add the request to the RequestQueue.
queue.add(stringRequest);
返回;
D/response:: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6ad51be0: Failure in SSL library, usually a protocol error
D/response:: error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available (external/openssl/ssl/s23_clnt.c:486 0x684dfce0:0x00000000)
或者使用来自Javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: Failure in SSL library, usually a protocol error的NoSSLv3SocketFactory黑客;
HttpStack stack = new HurlStack(null, new NoSSLv3SocketFactory());
RequestQueue queue = Volley.newRequestQueue(this, stack);
返回;
D/response:: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6ae51d30: Failure in SSL library, usually a protocol error
D/response:: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x684dfce0:0x00000000)
发布于 2016-11-10 01:16:26
试试这个:
public class ClientSSLSocketFactory {
public static SSLSocketFactory getSocketFactory(Context context) {
try {
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[]{tm}, new SecureRandom());
SSLSocketFactory ssf = SSLCertificateSocketFactory.getDefault(10000, new SSLSessionCache(context));
return ssf;
} catch (Exception ex) {
Log.e("ssl", "Error during the getSocketFactory");
ex.printStackTrace();
return null;
}
}
}
在创建队列时:
sRequestQueue = Volley.newRequestQueue(context, new HurlStack(null, ClientSSLSocketFactory.getSocketFactory()));
希望能有所帮助。
发布于 2018-05-16 08:01:28
我认为问题出在SSL v3基于这样的字符串,这表明它正试图使用SSL v3: SSL23_GET_SERVER_HELLO:sslv3。
SSL v3被认为是不安全的,因此在大多数现代软件上都被禁用了(即使在你原本期望它能工作的地方,许多公司也只是简单地把它拉了出来)。我还从堆栈跟踪中看到代码使用apache http client: org.apache.http.impl.client
因此您必须以某种方式阻止apache http客户端使用ssl v3。Apache http客户端独立于标准Java SSL/TLS库存在。
还有另一个没有得到答案的堆栈溢出问题:How do disable SSLv3 in Apache HttpClient
这个链接看起来最有希望:https://discretemkt.wordpress.com/2014/11/16/commons-httpclient-can-disable-sslv3/
在那里,关键的一行是
Protocol.registerProtocol(scheme, customHttps);
该调用似乎允许您绕过现有的ssl工厂。如果您首先运行该代码,那么它可能会工作,前提是apache http客户端版本兼容。
还要注意的是,TLS 1.0目前也被认为是不安全的。TLS 1.2和1.3以及现在的标准。
https://stackoverflow.com/questions/34493334
复制相似问题