SSLSOcket在Android6.0中出错原因

发生情境:
通过sslsocket在Android API23以下正常通讯,但在Android6.0时,报错;错误信息如下:

Android端报错:

core_booster, getBoosterConfig = false
 javax.net.ssl.SSLHandshakeException: Handshake failed
     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396)
     at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
     at com.android.org.conscrypt.OpenSSLSocketImpl.getOutputStream(OpenSSLSocketImpl.java:615)

 Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7fa0a92880: Failure in SSL library, usually a protocol error
 error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0x7f9e04c860:0x00000001)
 error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:750 0x7f92721518:0x00000000)
     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)

服务端报错:


javax.net.ssl.SSLHandshakeException: no cipher suites in common
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source)
    at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
    at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
    at sun.security.ssl.AppInputStream.read(Unknown Source)
    at sun.security.ssl.AppInputStream.read(Unknown Source)
    at java.io.DataInputStream.readLine(Unknown Source)
    at com.bbcvision.ssl.Server$ReceiveSocket.getHttpHeader(Server.java:209)
    at com.bbcvision.ssl.Server$ReceiveSocket.run(Server.java:236)

原因:
SSLSocket签名算法默认为DSA,Android6.0(API 23)以后KeyStore发生更改,不再支持DSA,但仍支持ECDSA。所以,查看你的SSLSocket签名算法是否包含DSA,是的话就更换掉。若有其它原因,欢迎交流。

Android Keystore Changes


    With this release, the Android Keystore provider no 
longer supports DSA. ECDSA is still supported.
    Keys which do not require encryption at rest will no 
longer be deleted when secure lock screen is disabled or 
reset (for example, by the user or a Device Administrator).
 Keys which require encryption at rest will be deleted during these events.

这是官方文档里的更改说明。

评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值