使用OkHttp请求https在android4.4报错javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException

最新推荐文章于 2024-07-04 16:25:13 发布
最新推荐文章于 2024-07-04 16:25:13 发布
阅读量898 收藏 5
点赞数
分类专栏: java android 文章标签: java ssl https android
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u010393836/article/details/112969042
版权

使用OkHttp请求https在android4.4报错javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException

 

一、重写SSLSocketFactory

import android.os.Build;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;

public class SSLSocketFactoryCompat extends SSLSocketFactory {
    private SSLSocketFactory defaultFactory;
    // Android 5.0+ (API level21) provides reasonable default settings
    // but it still allows SSLv3
    // https://developer.android.com/about/versions/android-5.0-changes.html#ssl
    static String protocols[] = null, cipherSuites[] = null;

    static {
        try {
            SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
            if (socket != null) {
                /* set reasonable protocol versions */
                // - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <5.0)
                // - remove all SSL versions (especially SSLv3) because they're insecure now
                List<String> protocols = new LinkedList<>();
                for (String protocol : socket.getSupportedProtocols())
                    if (!protocol.toUpperCase().contains("SSL"))
                        protocols.add(protocol);
                SSLSocketFactoryCompat.protocols = protocols.toArray(new String[protocols.size()]);
                /* set up reasonable cipher suites */
                if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
                    // choose known secure cipher suites
                    List<String> allowedCiphers = Arrays.asList(
                            // TLS 1.2
                            "TLS_RSA_WITH_AES_256_GCM_SHA384",
                            "TLS_RSA_WITH_AES_128_GCM_SHA256",
                            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
                            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
                            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
                            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
                            "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256",
                            // maximum interoperability
                            "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
                            "TLS_RSA_WITH_AES_128_CBC_SHA",
                            // additionally
                            "TLS_RSA_WITH_AES_256_CBC_SHA",
                            "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
                            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
                            "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
                            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
                    List<String> availableCiphers = Arrays.asList(socket.getSupportedCipherSuites());
                    // take all allowed ciphers that are available and put them into preferredCiphers
                    HashSet<String> preferredCiphers = new HashSet<>(allowedCiphers);
                    preferredCiphers.retainAll(availableCiphers);
                    /* For maximum security, preferredCiphers should *replace* enabled ciphers (thus disabling
                     * ciphers which are enabled by default, but have become unsecure), but I guess for
                     * the security level of DAVdroid and maximum compatibility, disabling of insecure
                     * ciphers should be a server-side task */
                    // add preferred ciphers to enabled ciphers
                    HashSet<String> enabledCiphers = preferredCiphers;
                    enabledCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites())));
                    SSLSocketFactoryCompat.cipherSuites = enabledCiphers.toArray(new String[enabledCiphers.size()]);
                }
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public SSLSocketFactoryCompat(X509TrustManager tm) {
        try {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, (tm != null) ? new X509TrustManager[]{tm} : null, null);
            defaultFactory = sslContext.getSocketFactory();
        } catch (GeneralSecurityException e) {
            throw new AssertionError(); // The system has no TLS. Just give up.
        }
    }

    private void upgradeTLS(SSLSocket ssl) {
        // Android 5.0+ (API level21) provides reasonable default settings
        // but it still allows SSLv3
        // https://developer.android.com/about/versions/android-5.0-changes.html#ssl
        if (protocols != null) {
            ssl.setEnabledProtocols(protocols);
        }
        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP && cipherSuites != null) {
            ssl.setEnabledCipherSuites(cipherSuites);
        }
    }

    @Override
    public String[] getDefaultCipherSuites() {
        return cipherSuites;
    }

    @Override
    public String[] getSupportedCipherSuites() {
        return cipherSuites;
    }

    @Override
    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
        Socket ssl = defaultFactory.createSocket(s, host, port, autoClose);
        if (ssl instanceof SSLSocket)
            upgradeTLS((SSLSocket) ssl);
        return ssl;
    }

    @Override
    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        Socket ssl = defaultFactory.createSocket(host, port);
        if (ssl instanceof SSLSocket)
            upgradeTLS((SSLSocket) ssl);
        return ssl;
    }

    @Override
    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
        Socket ssl = defaultFactory.createSocket(host, port, localHost, localPort);
        if (ssl instanceof SSLSocket)
            upgradeTLS((SSLSocket) ssl);
        return ssl;
    }

    @Override
    public Socket createSocket(InetAddress host, int port) throws IOException {
        Socket ssl = defaultFactory.createSocket(host, port);
        if (ssl instanceof SSLSocket)
            upgradeTLS((SSLSocket) ssl);
        return ssl;
    }

    @Override
    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
        Socket ssl = defaultFactory.createSocket(address, port, localAddress, localPort);
        if (ssl instanceof SSLSocket)
            upgradeTLS((SSLSocket) ssl);
        return ssl;
    }
}

使用方式:

/**
     * OkHttp在4.4及以下不支持TLS协议的解决方法
     *  javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException
     * @param okhttpBuilder
     */
    private synchronized static void setOkHttpSsl(OkHttpClient.Builder okhttpBuilder) {
        try {
            // 自定义一个信任所有证书的TrustManager,添加SSLSocketFactory的时候要用到
            final X509TrustManager trustAllCert =
                    new X509TrustManager() {
                        @Override
                        public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                        }

                        @Override
                        public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                        }

                        @Override
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return new java.security.cert.X509Certificate[]{};
                        }
                    };
            final SSLSocketFactory sslSocketFactory = new SSLSocketFactoryCompat(trustAllCert);
            okhttpBuilder.sslSocketFactory(sslSocketFactory, trustAllCert);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

 

zyq_依之素
关注
专栏目录
Android之提示javax.net.ssl.SSLHandshakeException: Chain validation failed
码莎拉蒂
05-19 5295
1、问题 个别手机用OkDownload下载Bilibili网址视频的时候下载失败,但是大部分手机下载没问题。 在继承的DownloadListener4WithSpeed类的重写taskEnd函数里面。 override fun taskEnd(task: DownloadTask, cause: EndCause, realCause: Exception?, taskSpeed: SpeedCalculator) { L.e("DownloadListenerWithSpeed
关于javax.net.ssl.SSLProtocolException
Xcrow の blog
07-16 1万+
javax.net.ssl.SSLProtocolExceptionhandshakealert: unrecognized_name  解决方案 设置系统属性:System.setProperty ("jsse.enableSNIExtension", "false"); 搞定。
https请求握手失败,javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException
huashanjuji的专栏
12-06 3134
在与银行支付系统通讯中,客户端前期运行正常,后来在银行系统更新以后,发现支付接口不能正常通讯。具体报错如下:javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x73f10468: Failure in SSL library, usually a ...
javax.net.ssl.SSLHandshakeException: 解决方式
最新发布
被生活耽误的旅行者
07-04 1599
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
OkHttp4.4及以下不支持TLS协议的解决方法
weixin_30268071的博客
09-18 701
错误信息如下: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x79f145b0: Failure in SSL library, usually a protocol error error:1407742E:SSL rou...
Fresco 在Android 4.4 版本 加载https图片问题 javax.net.ssl.SSLHandshakeException
K_Hello的博客
10-16 3387
由于Android系统的不同版本支持的TLS 版本不同,导致Fresco 加载https图片(图片来源于不同服务器,并且配置不一样)出现SSLHandshakeException TLS 用于在两个通信应用程序之间提供保密性和数据完整性。TLS 1.0可以理解成SSL3.0 的升级版SSL3.1,TLS已有1.0,1.1,1.2,1.3版本。HTTPS与HTTP区别 – TLS/SSL 不同版本的...
Android 4.4 网络请求报错javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL hand
qq_27494201的博客
04-06 1041
链接:https://pan.baidu.com/s/1otsDIFbAe6rgckFeJdVeDw。参考上面这条连接即可解决问题或者参考我的Demo。
Android低版本(4.4okhttp 网络适配
weixin_54087854的博客
11-26 1870
改造一下/*a.cer是浏览器导出的CA根证书(这里没有用到,另外一个解决方法 安装到设备中的)j.pem证书中存储了服务器的公钥等信息,并没有经过CA机构的加密,一般是由服务器导出*/// 默认创建代理方式// 自定义证书校验// 自定义证书验证@Override@Overrideif (!(null!//判断证书是否是本地信任列表里颁发的证书(系统默认的验证)try {
报错javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException
迪迪调调的博客
04-13 1万+
下载https的图片报错javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException
OkHttp报错javax.net.ssl.SSLHandshakeException: Handshake failed
热门推荐
平凡之路
09-29 3万+
背景今天学习了一下OkHttp,在使用OkHttp调用https接口的时候,报了SSLHandshakeException的异常,看了网上的资料,主要是服务器端使用了未被信任的证书,然后我就在寻找一种简单快速的解决方案。鸿洋老师在博客里详细阐述了OkHttp访问https的问题,在这里我就不做过多阐述了。现在给大家贴出我的解决方案
android 获取url内容 5.0,获取javax.net.ssl.SSLHandshakeExceptionAndroid 5.0...
weixin_34586802的博客
05-27 903
首先,我已经搜索了互联网并且已经调试了3天.这是确切的错误,javax.net.ssl.SSLHandshakeException: Connection closed by peerat com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)at com.android.org.conscrypt.OpenSS...
JAVA_javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
weixin_33672109的博客
09-09 503
tomcat访问https请求返回:   [java] view plain copy   javax.net.ssl.SSLProtocolExceptionhandshake alert:  unrecognized_name           at sun.security.ssl.ClientHandshaker.handshakeAlert(Clien...
Android 4.4 以下,OkHttp访问Https报错,设置了sslSocketFactory仍无效的解决方法
LittleFogCat的专栏
03-04 1293
Android4.4以下,使用OkHttp可能会报错SSL handshake aborted: ssl=0x6b712c90: Failure in SSL library, usually a protocol error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Java调用ssl异常,javax.net.ssl.SSLHandshakeException: No appropriate protocol
djs00717的专栏
06-24 2003
找到jdk 1.8安装目录,找到C:\Program Files\Java\jre里面的lib\security 下面有个java.security。找到对应的SSLv3,删除掉,重启项目就好了。现象:sqlserver 2017 安装在docker里,系统是mac 13,java 1.8.371运行java程序提示上面ssl错误,根据百度提供的方法,修改文件,重启程序搞定。发现是jdk1.8版本导致SSL调用权限上有问题,新电脑装的jdk是jdk1.8.0_291,版本比较高。
jenkins配置SVN时报错javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
会写代码的大叔
06-05 3736
最近在学习jenkins,在配置SVN时发现老是会报错javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name 这个错误在使用idea的svn插件时遇到过,只要在java参数里面添加下面代码: -Djsse.enableSNIExtension=false 在jenkins里面用下
Android 4.4系统HTTPS证书校验
梦翼-的博客
09-24 3850
Android系统在建立HTTPS三次握手后会进行证书校验,接下来根据android 7.0系统代码来看一下证书校验流程   从org.conscrypt.TrustManagerImpl开始介绍 1、证书校验入口函数  @Override public void checkServerTrusted(X509Certificate[] chain, String authType)
Https4.4以下手机上不好用问题,用okhttp进行设置可以解决
lgwy855的博客
12-10 847
经过很多测试,httpclient,httpsUrlconnection 设置ssl工厂都没看到作用,有部分文章说4.4以下手机默认不支持https,用okhttp之后进行如下这是可以起作用,附件为工厂类 public synchronized  OkHttpClient getClient(){                  if (okHttpClient == null) {
Android 不同机型兼容问题 Android vivo4.4版本对okhttp包兼容问题
简公子的博客
09-09 1660
1、Android vivo4.4版本对okhttp包兼容问题,报错java.lang.ExceptionInInitializerError; 解决:原来的依赖为: implementation 'com.squareup.okhttp3:okhttp:4.0.1',调整为:implementation 'com.squareup.okhttp3:okhttp:3.12.0'; 兼容问题,...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值