javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7d84e10: Failure in SSL library解决

最新推荐文章于 2024-05-06 10:18:49 发布
最新推荐文章于 2024-05-06 10:18:49 发布
阅读量9.9k 收藏 8
点赞数 3 
异常信息
04-22 18:55:30.661 3949-3949/com.umeng.soexample.liuhao20190422 I/aaaa: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7d84e10: Failure in SSL library, usually a protocol error
    error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x96f15926:0x00000000)



//写一个类继承SSLSocket
public class SSL extends SSLSocketFactory {
    private SSLSocketFactory defaultFactory;
    // Android 5.0+ (API level21) provides reasonable default settings
    // but it still allows SSLv3
    // https://developer.android.com/about/versions/android-5.0-changes.html#ssl
    static String protocols[] = null, cipherSuites[] = null;

    static {
        try {
            SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
            if (socket != null) {
                /* set reasonable protocol versions */
                // - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <5.0)
                // - remove all SSL versions (especially SSLv3) because they're insecure now
                List<String> protocols = new LinkedList<>();
                for (String protocol : socket.getSupportedProtocols())
                    if (!protocol.toUpperCase().contains("SSL"))
                        protocols.add(protocol);
                SSL.protocols = protocols.toArray(new String[protocols.size()]);
                /* set up reasonable cipher suites */
                if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
                    // choose known secure cipher suites
                    List<String> allowedCiphers = Arrays.asList(
                            // TLS 1.2
                            "TLS_RSA_WITH_AES_256_GCM_SHA384",
                            "TLS_RSA_WITH_AES_128_GCM_SHA256",
                            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
                            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
                            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
                            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
                            "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256",
                            // maximum interoperability
                            "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
                            "TLS_RSA_WITH_AES_128_CBC_SHA",
                            // additionally
                            "TLS_RSA_WITH_AES_256_CBC_SHA",
                            "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
                            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
                            "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
                            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
                    List<String> availableCiphers = Arrays.asList(socket.getSupportedCipherSuites());
                    // take all allowed ciphers that are available and put them into preferredCiphers
                    HashSet<String> preferredCiphers = new HashSet<>(allowedCiphers);
                    preferredCiphers.retainAll(availableCiphers);
                    /* For maximum security, preferredCiphers should *replace* enabled ciphers (thus disabling
                     * ciphers which are enabled by default, but have become unsecure), but I guess for
                     * the security level of DAVdroid and maximum compatibility, disabling of insecure
                     * ciphers should be a server-side task */
                    // add preferred ciphers to enabled ciphers
                    HashSet<String> enabledCiphers = preferredCiphers;
                    enabledCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites())));
                    SSL.cipherSuites = enabledCiphers.toArray(new String[enabledCiphers.size()]);
                }
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public SSL(X509TrustManager tm) {
        try {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, (tm != null) ? new X509TrustManager[]{tm} : null, null);
            defaultFactory = sslContext.getSocketFactory();
        } catch (GeneralSecurityException e) {
            throw new AssertionError(); // The system has no TLS. Just give up.
        }
    }

    private void upgradeTLS(SSLSocket ssl) {
        // Android 5.0+ (API level21) provides reasonable default settings
        // but it still allows SSLv3
        // https://developer.android.com/about/versions/android-5.0-changes.html#ssl
        if (protocols != null) {
            ssl.setEnabledProtocols(protocols);
        }
        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP && cipherSuites != null) {
            ssl.setEnabledCipherSuites(cipherSuites);
        }
    }

    @Override public String[] getDefaultCipherSuites() {
        return cipherSuites;
    }

    @Override
    public String[] getSupportedCipherSuites() {
        return cipherSuites;
    }

    @Override
    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
        Socket ssl = defaultFactory.createSocket(s, host, port, autoClose);
        if (ssl instanceof SSLSocket){
            upgradeTLS((SSLSocket) ssl);
        }
        return ssl;
    }

    @Override
    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        Socket ssl = defaultFactory.createSocket(host, port);
        if (ssl instanceof SSLSocket){
            upgradeTLS((SSLSocket) ssl);
        }
        return ssl;
    }

    @Override
    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
        Socket ssl = defaultFactory.createSocket(host, port, localHost, localPort);
        if (ssl instanceof SSLSocket) {
            upgradeTLS((SSLSocket) ssl);
        }
        return ssl;
    }

    @Override
    public Socket createSocket(InetAddress host, int port) throws IOException {
        Socket ssl = defaultFactory.createSocket(host, port);
        if (ssl instanceof SSLSocket) {
            upgradeTLS((SSLSocket) ssl);
        }
        return ssl;
    }

    @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
        Socket ssl = defaultFactory.createSocket(address, port, localAddress, localPort);
        if (ssl instanceof SSLSocket){
            upgradeTLS((SSLSocket) ssl);
        }
        return ssl;
    }
}
//定义一个信任所有证书的TrustManager
final X509TrustManager trustAllCert = new X509TrustManager() {
    @Override
    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
    }

    @Override
    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
    }

    @Override
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return new java.security.cert.X509Certificate[]{};
    }
};
OkHttpClient client = new OkHttpClient.Builder()
        .sslSocketFactory(new SSL(trustAllCert), trustAllCert)
        .hostnameVerifier(new HostnameVerifier() {             @Override
             public boolean verify(String s, SSLSession sslSession) {
                return true;
             }
         }).build();
liuhao032
关注
  • 3
    点赞
  • 8
    收藏
    觉得还不错? 一键收藏
  • 3
    评论
OkHttpUtils: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8f02e68: Failure in S
guozhaohui628
01-16 5369
1. 问题   碰到这个问题是我们公司用的是https,证书是赛门铁克的证书是tls1.2,然后我用的是okhttp,然后在android5.0以上没问题,请求都是可以的,但是在android5.0以下,连登陆都登不进,也不闪退,点击登陆没反应,然后报如上的异常,后面各种查资料,终于找到靠谱的,其中很多人其实都不知道,在瞎说。最权威的解释在这里httpsTLS,真心感谢这位博主。 2. 原因
阿里云环境中TLS/SSL握手失败的场景分析
阿里云云栖号
07-10 4667
TLS/SSL握手是一个相对复杂的过程,在阿里云环境中结合产品,安全等特性,可能会让TLS/SSL握手过程的不定性更多。本文来总结下各种握手失败的场景。 一次TLS/SSL握手的过程 本文不详细介绍TLS/SSL基础知识,相关介绍可以参考文章。下面3张图描述了3种TLS/SSL握手的全过程。 服务器验证的完全握手 (Full Handshake with Mutual Authenticat...
解决javax.net.ssl.SSLHandshakeException: SSL握手异常的解决方法,亲测有效,嘿嘿嘿!!!
最新发布
PythonAigc的博客
05-06 2697
`javax.net.ssl.SSLHandshakeException: SSL握手异常` 通常表示在尝试建立安全套接字连接(SSL/TLS 握手)时出现了问题。这个问题可能由多种原因引起,包括但不限于证书问题、协议不匹配、加密算法不支持等。以下是对这个异常的分析、报错原因、解决思路、解决方法以及代码示例。 ### 问题分析 SSL握手是建立安全通信的过程,它涉及到客户端和服务器之间的多个步骤,包括证书交换、加密算法协商等。如果在这个过程中任何一个步骤出现问题,都可能导致SSL握手失败,并抛出`SSL
javax.net.ssl.SSLProtocolException: SSL handshake aborted
热门推荐
Kinsomy的博客
01-26 1万+
问题出现 前几天在接入新版api的时候,在Android 4.4版本的机型上测试的时候,网络请求捕获了一个异常,SSLProtocolException,具体的异常信息是 com.base.http.exception.NetworkRespException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=
Android异常处理javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x41ea4068: Failure in SSL
Blue_Tong的博客
10-22 2029
Android异常处理: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x41ea4068: Failure in SSL library, usually a protocol error log如下: 10-19 17:40:47.610 805-826/com.example.ipawsplay W/System.err: error:14077410:SSL routines:SSL23_
javax.net.ssl.SSLProtocolException:SSL handshake aborted
andoop的博客
03-15 4959
在做微信登录的时候遇到了这样的问题:javax.net.ssl.SSLProtocolException:SSL handshake aborted解决方案:手机连接的WiFi有代理,把代理去掉就搞定了
jenkins配置SVN时报错:javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
会写代码的大叔
06-05 3719
最近在学习jenkins,在配置SVN时发现老是会报错: javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name 这个错误在使用idea的svn插件时遇到过,只要在java参数里面添加下面代码: -Djsse.enableSNIExtension=false 在jenkins里面用下
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure的一个解决方案-附件资源
03-05
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure的一个解决方案-附件资源
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair 解决方法总结
08-25
主要介绍了javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair 解决方法,有需要的朋友们可以学习下。
解决webMagic0.7.3 出现javax.net.ssl.SSLException: Received fatal alert: protocol_version的问题-附件资源
03-02
解决webMagic0.7.3 出现javax.net.ssl.SSLException: Received fatal alert: protocol_version的问题-附件资源
javax.net.ssl.SSLHandshakeException: sun.security.validator 问题解决,与环境有关
04-03
Java编程中,`javax.net.ssl.SSLHandshakeException` 是一个常见的错误,通常发生在进行安全套接层(SSL)或传输层安全(TLS)协议握手时出现问题。这个异常通常是由于客户端和服务器之间的证书不匹配、信任锚点...
url.openStream报错javax.net.ssl.SSLHandshakeException解决(忽略ssl证书方式)
02-23
访问带https请求忽略ssl证书,避免url.openStream报错javax.net.ssl.SSLHandshakeException url = new URL(imageUrl); if("https".equalsIgnoreCase(url.getProtocol())){ SslUtils.ignoreSsl(); } //不添加...
javax.net.ssl.SSLHandshakeException
03-19
NULL 博文链接:https://xusaomaiss.iteye.com/blog/723167
Java xml出现错误 javax.xml.transform.TransformerException: java.lang.NullPointerException
09-01
主要介绍了Java xml出现错误 javax.xml.transform.TransformerException: java.lang.NullPointerException的相关资料,需要的朋友可以参考下
com.sun.net.ssl.jar
12-28
这一库主要提供了`javax.net.ssl`包,包括了SSL/TLS相关的各种类,如`SSLSocket`、`SSLServerSocket`、`SSLEngine`等,它们是构建安全网络连接的基础。`SSLSocket`用于创建客户端到服务器的安全连接,而`...
org.eclipse.paho.mqttv5.client-1.2.5.jar解决SSL认证连接SNIHostName类不存在的问题
03-25
MQTTv5版的客户端库,原地址:... 本资源合入了解决低于android7.0报错Caused by: java.lang.ClassNotFoundException: Didn't find class "javax.net.ssl.SNIHostName"的问题。
https请求握手失败,javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException
huashanjuji的专栏
12-06 3052
在与银行支付系统通讯中,客户端前期运行正常,后来在银行系统更新以后,发现支付接口不能正常通讯。具体报错如下:javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x73f10468: Failure in SSL library, usually a ...
FreeRDP的安装配置(错误信息:SSL_read: Failure in SSL library (protocol error?))
weixin_34010566的博客
01-11 2895
最新文章:Virson's Blog 使用xfreerdp [serveripaddress]命令,连接xp/windows 2003都正常,但是在连接win7/2008时总是出错: ;-------------------------------------------------------------------------------- root@pg-vm:/etc/ld.so.c...
使用OkHttp请求https在android4.4报错javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException
q1581375053的博客
09-06 2812
对于HTTPS的请求我们一般都是采取忽略的策略,一般而言直接实现X509TrustManager接口,简单的以SSLContext获取SSLSocketFactory就可以的了,实测6.0以上还未遇到过什么奇葩的问题,6.0以下的,正常情况下也不会有什么问题,但最近偶然发现一客户提供的https地址请求居然报错了,抛出了javax.net.ssl.SSLHandshakeExcep...
javax.net.ssl.SSLProtocolException: Received fatal alert: unexpected_message
10-20
javax.net.ssl.SSLProtocolException: Received fatal alert: unexpected_message是指SSL握手期间出现错误,通常是由于客户端和服务器之间的通信协议不兼容引起的。当客户端和服务器之间无法达成共识时,就会引发这...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值