那些遇到过的问题

相关疑难解决方法(0)

制作SSLEngine在Android(4.4.2)上使用TLSv1.2?

伙计们,我希望有一些显而易见的东西让我失踪,我希望有人能够解决一些问题.我试图让TLSv1.2在SSL + NIO上下文中运行(使用AndroidAsync库),所以我试图通过SSLEngine启用它.我可以运行这样的代码:

        SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
        sslContext.init(null, null, null);
        String[] protocols = sslContext.getSupportedSSLParameters().getProtocols();
        for (String protocol : protocols) {
            Timber.d("Context supported protocol: " + protocol);
        }

        SSLEngine engine = sslContext.createSSLEngine();
        String[] supportedProtocols = engine.getSupportedProtocols();
        for (String protocol : supportedProtocols) {
            Timber.d("Engine supported protocol: " + protocol);
        }
Run Code Online (Sandbox Code Playgroud)

我最终在logcat上看到了这个:

06-22 21:56:27.715    1117-1117/? D/XXX? Context supported protocol: SSLv3
06-22 21:56:27.715    1117-1117/? D/XXX? Context supported protocol: TLSv1
06-22 21:56:27.725    1117-1117/? D/XXX? Context supported protocol: TLSv1.1
06-22 21:56:27.725    1117-1117/? D/XXX? Context …
Run Code Online (Sandbox Code Playgroud)

android sslengine

Gle*_*len
2017 05-23
22
推荐指数
2
解决办法
2万
查看次数

在HttpsURLConnection中禁用SSL作为协议

由于POODLE漏洞,我在Amazon AWS中托管的服务器不再支持SSLv3.

因此,我的Android应用程序对服务器执行的第一个HTTPS连接会在建立连接时导致错误.

Error reading server response: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x77d8ab68: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x7339ad74:0x00000000)
       [....]
Caused by: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x77d8ab68: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x7339ad74:0x00000000)
       at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:448)
       at com.android.okhttp.Connection.upgradeToTls(Connection.java:146)
       at com.android.okhttp.Connection.connect(Connection.java:107)
       at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294)
       at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255)
       at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206)
Run Code Online (Sandbox Code Playgroud)

该错误仅在第一个请求中发生.后续请求工作了一段时间.

为了解决这个问题,我试图从Android客户端接受的协议列表中删除SSL,并确保我只使用TLS.为此,我设置了一个自定义SSLSocketFactory,它从启用的协议和支持的密码套件列表中删除SSL.

/**
 * SSLSocketFactory that wraps one existing SSLSocketFactory and delegetes into it …
Run Code Online (Sandbox Code Playgroud)

ssl android amazon-web-services sslsocketfactory poodle-attack

GaR*_*eTa
lucky-day
16
推荐指数
2
解决办法
3万
查看次数

标签 统计

android ×2

amazon-web-services ×1

poodle-attack ×1

ssl ×1

sslengine ×1

sslsocketfactory ×1