[求助]android 4.x 访问ca签名https报错error:14077410:SSL routines:SSL23_GET_SERVER_HELLO

EmmaGuo2015 2017-02-05 05:04:26
小妹经过两天时间的google+百度,搜出来很多本应解决此问题的自定义SSLSocketFactory,然而在4.1-4.4的模拟器上始终报错
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7daa998: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x9c42d7f1:0x00000000)

开始以为是因为okhttp或者okhttp3访问的问题,结果今天用HttpsURLConnection重新写了一遍,在20+没有任何问题,16+还是不报错,实在不知道什么原因高人求解,谢谢

访问源代码如下:
public static String httpGet(String httpUrl) {
BufferedReader input = null;
StringBuilder sb = null;
URL url = null;
HttpURLConnection con = null;
String cre = Credentials.basic(username,password);//此处为伪代码
Log.d("request","Credentials:"+cre);
// return response.request().newBuilder().header("Authorization",cre).build();
try {
url = new URL(httpUrl);
try {
// trustAllHosts();
HttpsURLConnection https = (HttpsURLConnection)url.openConnection();
https.addRequestProperty("Authorization",cre);
SSLSocketFactory sf = new MySSLSocketFactory();
https.setSSLSocketFactory(sf);
if (url.getProtocol().toLowerCase().equals("https")) {
https.setHostnameVerifier(DO_NOT_VERIFY);
con = https;
} else {
con = (HttpURLConnection)url.openConnection();
}
input = new BufferedReader(new InputStreamReader(con.getInputStream()));
sb = new StringBuilder();
String s;
while ((s = input.readLine()) != null) {
sb.append(s).append("\n");
}
} catch (IOException e) {
e.printStackTrace();
}
} catch (MalformedURLException e1) {
e1.printStackTrace();
} finally {
// close buffered
if (input != null) {
try {
input.close();
} catch (IOException e) {
e.printStackTrace();
}
}
// disconnecting releases the resources held by a connection so they may be closed or reused
if (con != null) {
con.disconnect();
}
}

return sb == null ? null : sb.toString();
}


使用的MySSLSocketFactory内容如下
public class MySSLSocketFactory extends SSLSocketFactory {

private SSLContext sc;
private SSLSocketFactory mSSLSocketFactory;

public MySSLSocketFactory() {
try {
sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, null, null);
mSSLSocketFactory = sc.getSocketFactory();

} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}

@Override
public String[] getDefaultCipherSuites() {
return mSSLSocketFactory.getDefaultCipherSuites();
}

@Override
public String[] getSupportedCipherSuites() {
return mSSLSocketFactory.getSupportedCipherSuites();
}

@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return enableTLS(mSSLSocketFactory.createSocket(s, host, port, autoClose));
}

@Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
return enableTLS(mSSLSocketFactory.createSocket(host, port));
}

@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
return enableTLS(mSSLSocketFactory.createSocket(host, port, localHost, localPort));
}

@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return enableTLS(mSSLSocketFactory.createSocket(host, port));
}

@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return enableTLS(mSSLSocketFactory.createSocket(address, port, localAddress, localPort));
}

private Socket enableTLS(Socket socket) {
if(socket != null && (socket instanceof SSLSocket)) {
String[] protocols = new String[] {
"TLSv1.2"
};
((SSLSocket) socket).setEnabledProtocols(protocols);
}
return socket;
}
}

编译器版本为api25不知是否与此有关
...全文
4259 6 打赏 收藏 转发到动态 举报
AI 作业
写回复
用AI写文章
6 条回复
切换为时间正序
请发表友善的回复…
发表回复
随笔晓生 2017-06-27
  • 打赏
  • 举报
回复
我也遇到这个问题 ,5.0以下坑死
EmmaGuo2015 2017-03-16
  • 打赏
  • 举报
回复
结果还是没有解决,只能推测是我的SSL写的不对,可已经试了挺多的仍然不行,最后放弃了对4.x的适配最低支持5.0
搬砖高手 2017-03-10
  • 打赏
  • 举报
回复
楼主解决了吗
ayuhani 2017-02-08
  • 打赏
  • 举报
回复
题主解决问题了吗?今天公司把项目转移到了https访问的服务器,同样4.x的设备无法访问,5.x以上正常
EmmaGuo2015 2017-02-06
  • 打赏
  • 举报
回复
是这样有CA公签的证书,在安卓api16~api20,也就是android 4.x不能获取数据,但同样的代码在android 5.x以上能获取到数据。目前网上搜到的 自定义SSLSocketFactory都是使了一下,还是不能解决android 4.x不能获取数据的问题,我觉得很奇怪,明明大家都说可以,为什么到我这就不行了,因为我是公签么?
ganshenml 2017-02-06
  • 打赏
  • 举报
回复
自签名的证书? 没搞懂这句话的意思:“在20+没有任何问题,16+还是不报错”

80,471

社区成员

发帖
与我相关
我的任务
社区描述
移动平台 Android
androidandroid-studioandroidx 技术论坛(原bbs)
社区管理员
  • Android
  • yechaoa
  • 失落夏天
加入社区
  • 近7日
  • 近30日
  • 至今
社区公告
暂无公告

试试用AI创作助手写篇文章吧