1. 首页
  2. 问答
  3. 改造2.2.0 Android API 24 javax.net.ssl.SSLHandshakeException:握手失败

改造2.2.0 Android API 24 javax.net.ssl.SSLHandshakeException:握手失败

2017-03-23 69 views

回答

5

我已经用它与2.2.0

创建一个不验证证书链

final TrustManager[] trustAllCerts = new TrustManager[]{ 
       new X509TrustManager() { 
        @Override 
        public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { 
        } 

        @Override 
        public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { 

        } 

        @Override 
        public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
         return new java.security.cert.X509Certificate[]{}; 
        } 
       } 
     }; 

     // Install the all-trusting trust manager 

     HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(); 
     httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY); 
     OkHttpClient.Builder client = new OkHttpClient.Builder(); 
     client.interceptors().add(httpLoggingInterceptor); 
     client.readTimeout(180, TimeUnit.SECONDS); 
     client.connectTimeout(180, TimeUnit.SECONDS); 

     KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 
     keyStore.load(null, null); 

     SSLContext sslContext = SSLContext.getInstance("TLS"); 

     TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
     trustManagerFactory.init(keyStore); 
     KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
     keyManagerFactory.init(keyStore, "keystore_pass".toCharArray()); 
     sslContext.init(null, trustAllCerts, new SecureRandom()); 
     client.sslSocketFactory(sslContext.getSocketFactory()) 
       .hostnameVerifier(new HostnameVerifier() { 
        @Override 
        public boolean verify(String hostname, SSLSession session) { 
         return true; 
        } 
       }); 

     Gson gson = new GsonBuilder().setLenient().create(); 

     Retrofit retrofit = new Retrofit.Builder() 
       .baseUrl(Common.BASE_URL) 
       .addConverterFactory(GsonConverterFactory.create(gson)) 
       .client(client.build()) 
       .build(); 

     serviceApi = retrofit.create(Api.class);

由于信托经理希望这会帮助你。 有时ssl版本1.2或更低版本也未安装在服务器端。

来源

2017-03-23 17:19:03 Saveen

+1

非常有用的许多感谢 – prabu

+1

为我工作,但我不得不跟进问题。此修复是否意味着您可能会受到攻击,因为您会接受发送给客户端的任何证书? –

2

对于我来说,解决方案是为OkHttpClient添加更多的密码。从API 21开始,Android的某些TLS证书已弃用。这可能帮助:

ConnectionSpec spec = new 
ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) 
       .tlsVersions(TlsVersion.TLS_1_2) 
       .cipherSuites(  
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,      
CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) 
       .build(); 

OkHttpClient client = new OkHttpClient.Builder() 
      .connectionSpecs(Collections.singletonList(spec)) 
      .build();

欲了解更多信息,请访问:https://github.com/square/okhttp/wiki/HTTPS

来源

2017-06-08 12:40:29

+0

没有为我工作。 –

相关问题

 相关问题