我试图在android中运行以下代码
URLConnection l_connection = null;
// Create connection
uzip=new UnZipData(mContext);
l_url = new URL(serverurl);
if ("https".equals(l_url.getProtocol())) {
System.out.println("<<<<<<<<<<<<< Before TLS >>>>>>>>>>>>");
sslcontext = SSLContext.getInstance("TLS");
System.out.println("<<<<<<<<<<<<< After TLS >>>>>>>>>>>>");
sslcontext.init(null,
new TrustManager[] { new CustomTrustManager()},
new java.security.SecureRandom());
HttpsURLConnection
.setDefaultHostnameVerifier(new CustomHostnameVerifier());
HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext
.getSocketFactory());
l_connection = (HttpsURLConnection) l_url.openConnection();
((HttpsURLConnection) l_connection).setRequestMethod("POST");
} else {
l_connection = (HttpURLConnection) l_url.openConnection();
((HttpURLConnection) l_connection).setRequestMethod("POST");
}
/*System.setProperty("http.agent", "Android_Phone");*/
l_connection.setConnectTimeout(10000);
l_connection.setRequestProperty("Content-Language", "en-US");
l_connection.setUseCaches(false);
l_connection.setDoInput(true);
l_connection.setDoOutput(true);
System.out.println("<<<<<<<<<<<<< Before Connection >>>>>>>>>>>>");
l_connection.connect();
在l_connection.connect(),它给出了这个SSLhandshakeException.有时候它有效,但大部分时间它都有例外.它只发生在Android 4.0模拟器上.我在Android 4.4和5.0上测试过,它运行正常.可能是什么原因造成的?请帮忙
堆栈跟踪
04-28 15:51:13.143: W/System.err(2915): javax.net.ssl.SSLHandshakeException: …ssl android sslhandshakeexception android-4.0.3-ice-cream-sandwich
Server:
TLS Version: v1.2
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Client:
JRE 1.7
当我尝试通过SSL直接从客户端连接到服务器时,我收到以下错误:
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
以下代码启用TLSv1.2
Set<String> enabledTLSSet = new HashSet<String>(Arrays.asList(sslsocket.getEnabledProtocols()));
enabledTLSSet.add("TLSv1.2");
sslsocket.setEnabledProtocols(enabledTLSSet.toArray(new String[enabledTLSSet.size()]));
以下代码启用了TLS_RSA_WITH_AES_256_CBC_SHA256密码套件:
Set<String> enabledCipherSuitesSet = new HashSet<String>(Arrays.asList(sslsocket.getEnabledCipherSuites()));
enabledCipherSuitesSet.add("TLS_RSA_WITH_AES_256_CBC_SHA256");
sslsocket.setEnabledCipherSuites(enabledCipherSuitesSet.toArray(new String[enabledCipherSuitesSet.size()]));
从Java代码执行上述两个操作后,我可以通过SSL成功连接到服务器.
是否有可能使/力TLSv1.2和TLS_RSA_WITH_AES_256_CBC_SHA256Java 7中,而无需通过性能,参数或调试道具改变任何Java代码?
我尝试了所有形式和组合(启用和禁用)以及失败的所有以下属性.
-Dhttps.protocols=TLSv1.2
-Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256
-Ddeployment.security.TLSv1.2=true
我正在执行类似下面的程序:
java -jar -Dhttps.protocols=TLSv1.2 -Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256 Ddeployment.security.TLSv1.2=true -Djavax.net.debug=ssl:handshake SSLPoker.jar <SERVER> 443
SSLPoker包含以下代码:
package com.ashok.ssl;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;
/**
* Establish a SSL connection to a host and …在我的java代码中,我正在使用命令创建一个SSL Context实例
SSLContext ctx = SSLContext.getInstance("TLS");
但在我的tomcat服务器中,我正在设置TLSv1.2,我收到握手错误.
我们如何使用这种方法支持所有TLS协议,就像在cpp中一样,我们有SSLV23客户端方法,它将支持所有协议.
我在Android应用程序上使用HTTPS调用REST服务.我已经有了这方面的工作代码,但现在我正在使用一个新安装的服务器来托管REST服务,我无法再建立连接.
这是一个例外:
javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x15b7768: Failure in SSL library, usually a protocol error
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:683 0x402e5cc3:0x00000000)
该应用程序使用Apache类与REST服务进行交互.即使使用接受任何类型证书的虚拟TrustManager,我也会收到此错误.
从Android Navigator调用REST服务时,连接成功建立并正常工作.
Android手机正在运行HTC最新的4.0.3 Android.
REST服务是Apache上托管的mod_perl应用程序,配置了SSL支持.
浏览https://github.com/android/platform_external_openssl/blob/ics-mr0/ssl/s23_clnt.c中的OpenSSL源代码除了低级问题之外没有给我任何提示.
有关如何进一步调试的任何建议吗?
查看此问题的底部以获取更多最新信息
我试图通过我的Jersey客户端拦截所有SSL握手(以便我可以获取有关它们的信息以及向用户呈现视觉信息,就像浏览器中的绿色锁定一样).不幸的是,看起来Jersey似乎没有使用我的SSLSocketFactory实现,因为没有调用任何createSocket方法.没有错误发生,只是没有任何记录.代码应该清楚:
调用+实例化:
this.httpClient = getHttpsClient(new DefaultSSLContextProvider());
Invocation.Builder invBuilder = httpClient.target(API_URL_PRIVATE + API_VERSION_2 + "markets").request(MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.TEXT_PLAIN, MediaType.TEXT_HTML);
invBuilder.header("Content-Type", "application/x-www-form-urlencoded");
invBuilder.header("User-Agent", USER_AGENT);
Response response = invBuilder.get();
logger.debug("response: " + response);
HttpClient的:
public Client getHttpsClient(SSLContextProvider sslContextProvider) throws KeyStoreException
{
ClientConfig config = new ClientConfig().connectorProvider(new HttpUrlConnectorProvider().connectionFactory(
url ->
{
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(sslContextProvider.getSSLSocketFactory());
return connection;
}));
return ClientBuilder.newBuilder()
.sslContext(sslContextProvider.getSSLContext())
.withConfig(config)
.build();
}
DefaultSSLContextProvider:
public class DefaultSSLContextProvider implements SSLContextProvider
{
private SSLContext sslContext;
private ObservableSSLSocketFactory observableSSLSocketFactory;
private static final Logger logger …"Java 1.7 TLS 1.1服务器"和"Java 1.8客户端"之间的SSL/TLS握手在我的环境中失败,服务器端出现以下异常:
java.security.NoSuchAlgorithmException:没有这样的算法:SunTls12MasterSecret for provider SunPKCS11-NSSfips
以下是我的环境中服务器和客户端的详细信息:
服务器:
客户:
题:
补充意见:
服务器端SSL调试日志:
我有用于安全websocket连接的spring-boot Tomcat服务器.服务器接受Android 4.4,iOS,Firefox和Chrome客户端,并且没有使用授权签名证书的失败.但是,Android 5.0无法通过SSL握手.
Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:436)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:1006)
at org.glassfish.grizzly.ssl.SSLConnectionContext.unwrap(SSLConnectionContext.java:172)
at org.glassfish.grizzly.ssl.SSLUtils.handshakeUnwrap(SSLUtils.java:263)
at org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(SSLBaseFilter.java:603)
at org.glassfish.grizzly.ssl.SSLFilter.doHandshakeStep(SSLFilter.java:312)
at org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(SSLBaseFilter.java:552)
at org.glassfish.grizzly.ssl.SSLBaseFilter.handleRead(SSLBaseFilter.java:273)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:565)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545)
at java.lang.Thread.run(Thread.java:818)
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xa1f34200: Failure in SSL library, usually a protocol error
error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message (external/openssl/ssl/s3_both.c:498 0xac526e61:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake_bio(Native Method)
at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:423)
我认为问题在于TLS或密码套件由于Android …
某些HTTP客户端接受此证书,而其他客户端则不接受.什么可以有所作为?
Java拒绝它.
((javax.net.ssl.HttpsURLConnection)new java.net.URL("https://www.lucidpress.com")
.openConnection())
.getInputStream()
javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:找不到与www.lucidpress.com匹配的主题备用DNS名称. at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1715)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:257) )sun.security.ssl.Handshaker.fatalSE(Handshaker.java:251)at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1168)at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java: 153)at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609)at sun.security.ssl.Handshaker.process_record(Handshaker.java:545)at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java) :963)at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1208)at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1235)at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl. java:1219)at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDele gateHttpsURLConnection.java:185)at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1139)at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
Python请求拒绝它.
import requests
requests.get('https://www.lucidpress.com')
Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 55, in get
return request('get', url, **kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 44, in request
return session.request(method=method, url=url, **kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 456, in request
resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 559, in send …我正在尝试使用Jsoup从站点获取数据.链接到该网站是点击这里!
这是我获取数据的代码.`
// WARNING: do it only if security isn't important, otherwise you have
// to follow this advices: http://stackoverflow.com/a/7745706/1363265
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager(){
public X509Certificate[] getAcceptedIssuers(){return null;}
public void checkClientTrusted(X509Certificate[] certs, String authType){}
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
;
}` …我正在尝试使用 php curl 连接到站点,但收到错误“无通用加密算法”。进一步调查,我认为这与NSS有关?我发现从命令行中,我可以重现错误(所以问题肯定出在 curl 而不是 php 包装器),但是如果我设置了 --ciphers ecdhe_ecdsa_aes_128_sha 那么它就可以工作:
[ec2-user@ip-10-181-165-22 current]$ curl -I https://sslspdy.com
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
[ec2-user@ip-10-181-165-22 current]$ curl -I --ciphers ecdhe_ecdsa_aes_128_sha https://sslspdy.com
HTTP/1.1 200 OK
Server: nginx centminmod
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubdomains
Date: Sat, 07 Feb 1970 22:34:32 GMT
X-Page-Speed: ngx_pagespeed
Cache-Control: max-age=0, no-cache
所以我的问题是,
为什么会这样?我无法在网上找到有关 ssl 密码如何在 curl 中工作的解释;似乎每一页都是在假设读者已经是该领域的专家的情况下编写的——不幸的是,像“你可能正在使用 NSS,所以尝试将 PKCS 切换为 FIPS”这样的句子对我来说是完全无法理解的,谷歌搜索将只解释单个组件(通常参考 20 年前的标准),而不是它们之间的关系。
有什么办法可以让 curl 告诉我它正在尝试哪些密码以及服务器将接受哪些密码?我试过在ssllabs上查找服务器,但似乎是说服务器接受所有密码,但显然不接受。
我需要将哪些选项传递给 …