javax.net.ssl.SSLHandshakeException:禁用SSLv2和SSlv3(仅限TLS)(及更高版本)时,在Android5.0.0上握手失败
高才
问题内容:
问题答案:
这是我的第一篇文章,我将尽力使自己尽可能清晰(对不起我的英语)。
这是我的麻烦,我正在使用Retrofit:1.9.0和okhttp:2.7.5来执行API调用。一切都很好,直到我的服务器提供程序禁用了SLLv2和SSLv3导致安全性问题的原因(3月1日被淹死)。
现在,我检查了有关我的提供程序的信息,并且他仅允许通过https://www.ssllabs.com/获得带密码的TLSv1(TLS
1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA No FS)。
好的,这就是我完成的所有测试和结果:
[已解决更新问题]
在第二个答案中找到解决此问题的方法。
更新 似乎问题出在google API版本。当我在API 18上进行测试时,一切正常。在Android或更高版本等于5.0.0时,它将失败。
第一次测试
Conf。 回顾:
- 编译版本23
- buildToolsVersion ‘23 .0.2’
- minSdkVersion 18
- targetSdkVersion 21
- 改造:1.9.0
- http:2.7.5
- Android版本> 5.0.0(但在每台设备上都相同…)
其余客户端(LoginRestClient):
public class LoginRestClient
{
private static final String BASE_URL = "";
private LoginApiService apiService;
public LoginRestClient()
{
Gson gson = new GsonBuilder()
.setDateFormat("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'SSS'Z'")
.create();
RestAdapter restAdapter = new RestAdapter.Builder()
.setLogLevel(RestAdapter.LogLevel.FULL)
.setEndpoint(ApiIntentService.getHostAddress())
.setConverter(new GsonConverter(gson))
.setClient(new OkClient(ApiIntentService.getConnectionHttpClient()))
.build();
apiService = restAdapter.create(LoginApiService.class);
}
public LoginApiService getApiService() {
return apiService;
}
}
创建客户端OkHttpClient getConnectionHttpClient()的函数
public static OkHttpClient getConnectionHttpClient()
{
OkHttpClient okHttpClient = new OkHttpClient();
okHttpClient.setReadTimeout(60, TimeUnit.SECONDS);
okHttpClient.setConnectTimeout(60, TimeUnit.SECONDS);
ConnectionSpec specs = new ConnectionSpec.Builder(ConnectionSpec.COMPATIBLE_TLS)
.tlsVersions(TlsVersion.TLS_1_0)
.cipherSuites(CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA)
.build();
okHttpClient.setConnectionSpecs(Collections.singletonList(specs));
return okHttpClient;
}
导致自定义CallBack导致公共无效失败(RetrofitError错误)
_java.net.UnknownServiceException:无法找到可接受的协议。 isFallback = false,模式=
[ConnectionSpec(cipherSuites = [TLS_RSA_WITH_3DES_EDE_CBC_SHA],tlsVersions =
[TLS_1_0],supportsTlsExtensions = true)],受支持的协议=
[SSLv3,TLSv1,TLSv1.1,TLSv1.2]_
第二次测试
我制作了一个自定义SSLSocketFactory来禁用SSLv3并强制使用TLS:
/**
* @author fkrauthan
*/
public class TLSSocketFactory extends SSLSocketFactory {
private SSLSocketFactory internalSSLSocketFactory;
public TLSSocketFactory() throws KeyManagementException, NoSuchAlgorithmException {
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, null, null);
internalSSLSocketFactory = context.getSocketFactory();
}
@Override
public String[] getDefaultCipherSuites() {
return internalSSLSocketFactory.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return internalSSLSocketFactory.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose));
}
@Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort));
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
}
private Socket enableTLSOnSocket(Socket socket) {
if(socket != null && (socket instanceof SSLSocket)) {
((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1"});
}
return socket;
}
}
我这样使用它:
public static OkHttpClient getConnectionHttpClient()
{
OkHttpClient okHttpClient = new OkHttpClient();
okHttpClient.setReadTimeout(60, TimeUnit.SECONDS);
okHttpClient.setConnectTimeout(60, TimeUnit.SECONDS);
try {
TLSSocketFactory tlsSocketFactory = new TLSSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(tlsSocketFactory);
okHttpClient.setSslSocketFactory(tlsSocketFactory);
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return okHttpClient;
}
导致自定义CallBack导致公共无效失败(RetrofitError错误)
_javax.net.ssl.SSLProtocolException:SSL握手已中止:ssl =
0x7f87885280:SSL库失败,通常是协议错误错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败(外部/openssl/ssl/s23_clnt.c:770
0x7f87c2fdf0:0x00000000)_
如果有人可以帮助我,这将非常酷。我所有的应用程序都已关闭,从昨天早上开始,我一直在与这个问题作斗争以恢复我的服务。我要一头接一根头发…
提前致谢。
问题答案:
问题解决了:
大家好,经过三天三夜的战斗,这是最终的解决方案。因此,由于这里的解决方案:
如何在android中为HttpsUrlConnection禁用SSLv3?
和这个库:https :
//guardianproject.info/code/netcipher
在禁用SSLv2和SSlv3的情况下,它允许向Android提供更好的使用密码和TLS的方法。
首先创建此类NoSSLv3SocketFactory.java,然后通过创建类似这样的构造函数,将其与CypherUrl连接耦合
public NoSSLv3SocketFactory(URL sourceUrl) throws IOException {
this.delegate = NetCipher.getHttpsURLConnection(sourceUrl).getDefaultSSLSocketFactory();
}
NoSSLv3SocketFactory.java(完整代码)
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.SocketException;
import java.net.URL;
import java.nio.channels.SocketChannel;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import info.guardianproject.netcipher.NetCipher;
public class NoSSLv3SocketFactory extends SSLSocketFactory{
private final SSLSocketFactory delegate;
public NoSSLv3SocketFactory(URL sourceUrl) throws IOException {
this.delegate = NetCipher.getHttpsURLConnection(sourceUrl).getDefaultSSLSocketFactory();
}
public NoSSLv3SocketFactory() {
this.delegate = HttpsURLConnection.getDefaultSSLSocketFactory();
}
public NoSSLv3SocketFactory(SSLSocketFactory delegate) {
this.delegate = delegate;
}
@Override
public String[] getDefaultCipherSuites() {
return delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return delegate.getSupportedCipherSuites();
}
private Socket makeSocketSafe(Socket socket) {
if (socket instanceof SSLSocket) {
socket = new NoSSLv3SSLSocket((SSLSocket) socket);
}
return socket;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return makeSocketSafe(delegate.createSocket(s, host, port, autoClose));
}
@Override
public Socket createSocket(String host, int port) throws IOException {
return makeSocketSafe(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
return makeSocketSafe(delegate.createSocket(host, port, localHost, localPort));
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return makeSocketSafe(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return makeSocketSafe(delegate.createSocket(address, port, localAddress, localPort));
}
private class NoSSLv3SSLSocket extends DelegateSSLSocket {
private NoSSLv3SSLSocket(SSLSocket delegate) {
super(delegate);
}
@Override
public void setEnabledProtocols(String[] protocols) {
if (protocols != null && protocols.length == 1 && "SSLv3".equals(protocols[0])) {
List<String> enabledProtocols = new ArrayList<String>(Arrays.asList(delegate.getEnabledProtocols()));
if (enabledProtocols.size() > 1) {
enabledProtocols.remove("SSLv3");
System.out.println("Removed SSLv3 from enabled protocols");
} else {
System.out.println("SSL stuck with protocol available for " + String.valueOf(enabledProtocols));
}
protocols = enabledProtocols.toArray(new String[enabledProtocols.size()]);
}
super.setEnabledProtocols(protocols);
}
}
public class DelegateSSLSocket extends SSLSocket {
protected final SSLSocket delegate;
DelegateSSLSocket(SSLSocket delegate) {
this.delegate = delegate;
}
@Override
public String[] getSupportedCipherSuites() {
return delegate.getSupportedCipherSuites();
}
@Override
public String[] getEnabledCipherSuites() {
return delegate.getEnabledCipherSuites();
}
@Override
public void setEnabledCipherSuites(String[] suites) {
delegate.setEnabledCipherSuites(suites);
}
@Override
public String[] getSupportedProtocols() {
return delegate.getSupportedProtocols();
}
@Override
public String[] getEnabledProtocols() {
return delegate.getEnabledProtocols();
}
@Override
public void setEnabledProtocols(String[] protocols) {
delegate.setEnabledProtocols(protocols);
}
@Override
public SSLSession getSession() {
return delegate.getSession();
}
@Override
public void addHandshakeCompletedListener(HandshakeCompletedListener listener) {
delegate.addHandshakeCompletedListener(listener);
}
@Override
public void removeHandshakeCompletedListener(HandshakeCompletedListener listener) {
delegate.removeHandshakeCompletedListener(listener);
}
@Override
public void startHandshake() throws IOException {
delegate.startHandshake();
}
@Override
public void setUseClientMode(boolean mode) {
delegate.setUseClientMode(mode);
}
@Override
public boolean getUseClientMode() {
return delegate.getUseClientMode();
}
@Override
public void setNeedClientAuth(boolean need) {
delegate.setNeedClientAuth(need);
}
@Override
public void setWantClientAuth(boolean want) {
delegate.setWantClientAuth(want);
}
@Override
public boolean getNeedClientAuth() {
return delegate.getNeedClientAuth();
}
@Override
public boolean getWantClientAuth() {
return delegate.getWantClientAuth();
}
@Override
public void setEnableSessionCreation(boolean flag) {
delegate.setEnableSessionCreation(flag);
}
@Override
public boolean getEnableSessionCreation() {
return delegate.getEnableSessionCreation();
}
@Override
public void bind(SocketAddress localAddr) throws IOException {
delegate.bind(localAddr);
}
@Override
public synchronized void close() throws IOException {
delegate.close();
}
@Override
public void connect(SocketAddress remoteAddr) throws IOException {
delegate.connect(remoteAddr);
}
@Override
public void connect(SocketAddress remoteAddr, int timeout) throws IOException {
delegate.connect(remoteAddr, timeout);
}
@Override
public SocketChannel getChannel() {
return delegate.getChannel();
}
@Override
public InetAddress getInetAddress() {
return delegate.getInetAddress();
}
@Override
public InputStream getInputStream() throws IOException {
return delegate.getInputStream();
}
@Override
public boolean getKeepAlive() throws SocketException {
return delegate.getKeepAlive();
}
@Override
public InetAddress getLocalAddress() {
return delegate.getLocalAddress();
}
@Override
public int getLocalPort() {
return delegate.getLocalPort();
}
@Override
public SocketAddress getLocalSocketAddress() {
return delegate.getLocalSocketAddress();
}
@Override
public boolean getOOBInline() throws SocketException {
return delegate.getOOBInline();
}
@Override
public OutputStream getOutputStream() throws IOException {
return delegate.getOutputStream();
}
@Override
public int getPort() {
return delegate.getPort();
}
@Override
public synchronized int getReceiveBufferSize() throws SocketException {
return delegate.getReceiveBufferSize();
}
@Override
public SocketAddress getRemoteSocketAddress() {
return delegate.getRemoteSocketAddress();
}
@Override
public boolean getReuseAddress() throws SocketException {
return delegate.getReuseAddress();
}
@Override
public synchronized int getSendBufferSize() throws SocketException {
return delegate.getSendBufferSize();
}
@Override
public int getSoLinger() throws SocketException {
return delegate.getSoLinger();
}
@Override
public synchronized int getSoTimeout() throws SocketException {
return delegate.getSoTimeout();
}
@Override
public boolean getTcpNoDelay() throws SocketException {
return delegate.getTcpNoDelay();
}
@Override
public int getTrafficClass() throws SocketException {
return delegate.getTrafficClass();
}
@Override
public boolean isBound() {
return delegate.isBound();
}
@Override
public boolean isClosed() {
return delegate.isClosed();
}
@Override
public boolean isConnected() {
return delegate.isConnected();
}
@Override
public boolean isInputShutdown() {
return delegate.isInputShutdown();
}
@Override
public boolean isOutputShutdown() {
return delegate.isOutputShutdown();
}
@Override
public void sendUrgentData(int value) throws IOException {
delegate.sendUrgentData(value);
}
@Override
public void setKeepAlive(boolean keepAlive) throws SocketException {
delegate.setKeepAlive(keepAlive);
}
@Override
public void setOOBInline(boolean oobinline) throws SocketException {
delegate.setOOBInline(oobinline);
}
@Override
public void setPerformancePreferences(int connectionTime, int latency, int bandwidth) {
delegate.setPerformancePreferences(connectionTime, latency, bandwidth);
}
@Override
public synchronized void setReceiveBufferSize(int size) throws SocketException {
delegate.setReceiveBufferSize(size);
}
@Override
public void setReuseAddress(boolean reuse) throws SocketException {
delegate.setReuseAddress(reuse);
}
@Override
public synchronized void setSendBufferSize(int size) throws SocketException {
delegate.setSendBufferSize(size);
}
@Override
public void setSoLinger(boolean on, int timeout) throws SocketException {
delegate.setSoLinger(on, timeout);
}
@Override
public synchronized void setSoTimeout(int timeout) throws SocketException {
delegate.setSoTimeout(timeout);
}
@Override
public void setTcpNoDelay(boolean on) throws SocketException {
delegate.setTcpNoDelay(on);
}
@Override
public void setTrafficClass(int value) throws SocketException {
delegate.setTrafficClass(value);
}
@Override
public void shutdownInput() throws IOException {
delegate.shutdownInput();
}
@Override
public void shutdownOutput() throws IOException {
delegate.shutdownOutput();
}
@Override
public String toString() {
return delegate.toString();
}
@Override
public boolean equals(Object o) {
return delegate.equals(o);
}
}
}
现在(在我的情况下为翻新)只是像这样使用它:
因此,首先, 使用我们之前创建的NoSSlv3Factory.java类添加一个静态方法(或在使用时创建该方法)以创建okHttpClient。
public static OkClient createClient(int readTimeout, TimeUnit readTimeoutUnit, int connectTimeout, TimeUnit connectTimeoutUnit)
{
final OkHttpClient okHttpClient = new OkHttpClient();
okHttpClient.setReadTimeout(readTimeout, readTimeoutUnit);
okHttpClient.setConnectTimeout(connectTimeout, connectTimeoutUnit);
try {
URL url = new URL(ApiIntentService.getHostAddress());
SSLSocketFactory NoSSLv3Factory = new NoSSLv3SocketFactory(url);
okHttpClient.setSslSocketFactory(NoSSLv3Factory);
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return new OkClient(okHttpClient);
}
然后 ,在我的情况下,当您创建RestAdapter时,只需像这样进行设置,不要忘记为您设置客户端。
public class LoginRestClient
{
private static final String BASE_URL = "";
private LoginApiService apiService;
public LoginRestClient()
{
Gson gson = new GsonBuilder()
.setDateFormat("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'SSS'Z'")
.create();
RestAdapter restAdapter = new RestAdapter.Builder()
.setLogLevel(RestAdapter.LogLevel.FULL)
.setEndpoint(ApiIntentService.getHostAddress())
.setConverter(new GsonConverter(gson))
.setClient(ApiIntentService.createClient(60, TimeUnit.SECONDS, 20, TimeUnit.SECONDS))
.build();
apiService = restAdapter.create(LoginApiService.class);
}
public LoginApiService getApiService() {
return apiService;
}
}
有了它,它应该可以工作了。我希望这对其他人有用。
类似资料:
-
我有一个在eclipse上运行的项目,但当我制作“java-jar”时,它会出现以下错误: 当我制作“java-version”时,输出是: 我做错了什么?
-
我正在尝试使用java邮件发送邮件。我的邮件服务器只接受TLSv1.2。我试图在我的客户端请求中配置TLSv1.2。但是,在TLS握手期间,我的客户你好总是使用TLSv1。我试图调试下面的握手, 我在客户端进行了以下配置,以继续连接TLSv1.2, -协议=TLSv1.2 -Dmail.smtp.ssl.protocols=“TLSv1.2” -Djdk.tls.client.protocols=
-
我需要与外部服务连接,而且我的客户端身份验证有问题。该服务需要证书、用户名和密码以及请求。 我正在使用Windows Server 2008 R2。 我已经收到带有证书的PKCS#7包并导入: 本地计算机/个人的SSL证书(仅含公钥) 中间CA和根CA到本地计算机/受信任的RootCertificationAuthorities 我已经在Windows注册表中启用了TLS 1.0、1.1、1.2客
-
我们很难与远程机器(如PayPal vb)建立https连接谁从我们的系统中禁用了SSL3协议。Net应用程序。HttpWebRequest实例的GetResponse方法出现以下异常。 请求被中止:无法创建SSL/TLS安全通道。 当我们使用WireShark深入并跟踪网络日志时,我们看到远程机器返回以下错误 TLSv1。2警报(级别:致命,描述:握手失败)握手失败40 更有趣的情况是,当我尝试
-
我打以下电话给branch.io 它在我的本地机器上运行良好,但在服务器上出现故障。 Openssl版本: 本地:OpenSSL 0 . 9 . 8 ZG 2015年7月14日 服务器:OpenSSL 0.9.8e-fips-rhel5 2008年7月1日 Python: 本地:2.7.10服务器:2.7.6 分支io服务器连接: Chrome 已验证 DigiCert SHA2 安全服务器 CA
-
我已经创建了自己的私有注册表(私有注册表),但我无法将图像推送到它。比我得到以下错误: 正在运行的注册表的日志显示以下内容: 我无法卷曲我的注册表(超时)。以下是我执行的步骤: 首先,我创建了自签名证书: 我已创建注册表,它将使用以下证书: 我授予了正确的权限: 我创建了:,并复制了我的在它里面。我编辑了我的并添加了:(我的内部ip和注册表名) 我还重新启动了docker和我的注册表。 编辑: