issue-Android6.0#SSLHandshakeException

最新推荐文章于 2024-06-20 11:17:42 发布

weixin_34324081

最新推荐文章于 2024-06-20 11:17:42 发布

阅读量81

点赞数

文章标签：移动开发 java python

原文链接：https://my.oschina.net/smalant/blog/750713

版权

2019独角兽企业重金招聘Python工程师标准>>>

方案一

解决办法（仅适用于web服务器为tomcat的情况，其他web服务器根据原理自行配置）

修改Tomcat服务器conf/server.xml文件中和Https有关的Connector节点，添加ciphers用于指定密钥：

<Connector 
    SSLEnabled="......" 
    clientAuth="......" 
    connectionTimeout="......" 
    keystoreFile="......"
    keystorePass="......" 
    maxThreads="......" 
    port="......" 
    protocol="......" 
    redirectPort="......" 
    scheme="......" 
    secure="......" 
    <!--此处为要新增代码-->
    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA"
    sslProtocol="......" 
    truststoreFile="......"
    truststorePass="......"
/>

原理参考：http://blog.csdn.net/duanbokan/article/details/50911148

方案二

public class EasySSLSocketFactory extends SSLSocketFactory {
        SSLContext sslContext = SSLContext.getInstance("TLS");

        @SuppressWarnings("WeakerAccess")
        public EasySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
            super(truststore);
            TrustManager tm = new X509TrustManager() {
                public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                }

                public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                }

                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };

            sslContext.init(null, new TrustManager[]{tm}, null);
        }

        @Override
        public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
            return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
        }

        @Override
        public Socket createSocket() throws IOException {
            return sslContext.getSocketFactory().createSocket();
        }
    }

    private EasySSLSocketFactory getSSLSocketFactory() {
        try {
            /// We initialize a default Keystore
            KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
            // We load the KeyStore
            trustStore.load(null, null);
            // We initialize a new SSLSocketFacrory
            EasySSLSocketFactory socketFactory = new EasySSLSocketFactory(trustStore);
            // We set that all host names are allowed in the socket factory
            socketFactory.setHostnameVerifier(EasySSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            // We set the SSL Factory

            return socketFactory;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

转载于:https://my.oschina.net/smalant/blog/750713