android – 在Retrofit2上使用HTTPs的SSLProtocolException

我在Android 4.4手机上遇到了一个问题(特别是Galaxy S4,虽然我认为这不是手机本身的错误).使用Retrofit2.Http时,我在HTTPS上连接时收到以下错误： javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x737510d0: Failure in SSL library, usually a protocol error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x727fb7d0:0x00000000) 我发现有几个资源表明这是Android 4.4(1)中的一个错误,但给出的示例总是假设使用HttpsUrlConnection类,我没有使用它. 我确实在这里找到了一些关于为连接设置特定ConnectionSpec实例的答案,这似乎很有希望,因为它是特定于Retrofit的(2).不幸的是,这在错误方面没有区别.我的代码示例(我尝试了MODERN_TLS和COMPATIBLE_TLS)： return new OkHttpClient.Builder() .addInterceptor(interceptor) .connectionSpecs(Collections.singletonList(ConnectionSpec.MODERN_TLS)) .build(); 切换到“http”确实有效,但这不是最终版本的选项.绝对需要安全的加密连接,因此任何完全禁用HTTPS或盲目接受任何证书的解决方案都不可能被接受. 提前致谢！ (1)Javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: Failure in SSL library, usually a protocol error (2)Retrofit OkHttp SSLHandshakeException 编辑： 运行openssl给出以下内容： [[my_computer]]$./openssl s_client -connect [[server_hidden_by_me]]:443 -tls1 CONNECTED(00000003) depth=2 /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=[hidden_by_me] i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- [snip certificate for brevity] -----END CERTIFICATE----- subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=[hidden_by_me] issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA --- No client certificate CA names sent --- SSL handshake has read 5449 bytes and written 426 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-SEED-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-SEED-SHA Session-ID: A4D84E2A0A16DB03082172695141BE1BB562F920ED4E4F6A9139733D9CAB7A54 Session-ID-ctx: Master-Key: 119C10E5CC34297D1717E4AEAB8BF1CAA8BA012C125B10513FBFE0854B6AB0E9E65536F801990CA3C992FEB69ADBE279 Key-Arg : None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 5c 21 2c ac 68 a9 ef 71-8c 69 2a 86 0c da 6c cd \!,.h..q.i*...l. [snipped for brevity] Start Time: 1464109807 Timeout : 7200 (sec) Verify return code: 0 (ok) ---