场景:
升级retrofit及启用https后出现报错。
解决方案:
ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.COMPATIBLE_TLS)
.tlsVersions(TlsVersion.TLS_1_2, TlsVersion.TLS_1_1, TlsVersion.TLS_1_0)
.allEnabledCipherSuites()
.build();//解决在Android5.0版本以下https无法访问
ConnectionSpec spec1 = new ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build();//兼容http接口
httpClient.connectionSpecs(Arrays.asList(spec,spec1));
完整配置:
open fun setHttpClientBuilder(builder: OkHttpClient.Builder): OkHttpClient.Builder {
val spec = ConnectionSpec.Builder(ConnectionSpec.COMPATIBLE_TLS)
.tlsVersions(TlsVersion.TLS_1_2, TlsVersion.TLS_1_1, TlsVersion.TLS_1_0)
.allEnabledCipherSuites()
.build()
val spec1 = ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build()
builder.apply {
connectTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
readTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
writeTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
sslSocketFactory(
SSLSocketClient.getSSLSocketFactory(),
SSLSocketClient.getTrustAllCert()
)
hostnameVerifier(SSLSocketClient.getHostnameVerifier())
connectionSpecs(listOf(spec, spec1))
}
return builder
}
SSLSocketClient.java
public class SSLSocketClient {
public static X509TrustManager getTrustAllCert() {
return trustAllCert;
}
private static X509TrustManager trustAllCert;
//获取这个SSLSocketFactory
public static SSLSocketFactory getSSLSocketFactory() {
try {
trustAllCert = new MyTrustManager();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[]{trustAllCert}, new SecureRandom());
return sslContext.getSocketFactory();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
//实现X509TrustManager接口
public static class MyTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
// //获取TrustManager
// private static X509TrustManager getTrustManager() {
// return new X509TrustManager() {
// @Override
// public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
// }
//
// @Override
// public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
// }
//
// @Override
// public java.security.cert.X509Certificate[] getAcceptedIssuers() {
// return new java.security.cert.X509Certificate[]{};
// }
// };
// }
//获取HostnameVerifier
public static HostnameVerifier getHostnameVerifier() {
return (s, sslSession) -> true;
}
}
参考: