小编Dmi*_*hin的帖子

Android 5.0 Lollipop中的DefaultHttpClient似乎被打破了.它无法设置与先前版本的Android成功设置的某些网站的连接.

例如,我尝试连接到https://uralsg.megafon.ru

//Create httpclient like in https://stackoverflow.com/questions/18523784/ssl-tls-protocols-and-cipher-suites-with-the-androidhttpclient
HttpClient client = new DefaultHttpClient(manager, params);
HttpGet httpGet = new HttpGet("https://uralsg.megafon.ru");
HttpResponse client = httpclient.execute(httpGet);

此代码适用于Android 2.3-4.4,但在Android 5.0(设备和模拟器)上失败,错误连接被对等关闭.当然这是可以理解的,因为Android 5.0尝试将这个旧服务器与TLSv1.2和现代密码连接起来,并且它不支持它们.

好的,使用SSL/TLS协议中的示例代码和带有AndroidHttpClient的密码套件,我们将协议和密码限制为TLSv1和SSL_RSA_WITH_RC4_128_MD5.现在它失败了,出现了不同的错误:

javax.net.ssl.SSLHandshakeException: Handshake failed
caused by 
    error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac 
    (external/openssl/ssl/s3_pkt.c:1286 0x7f74c1ef16e0:0x00000003) 
    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake

当然,这段代码在Android 2.3-4.4上运行顺畅.

我用wireshark检查了流量:

302 4002.147873000  192.168.156.30  83.149.32.13    TLSv1   138 Client Hello
303 4002.185362000  83.149.32.13    192.168.156.30  TLSv1   133 Server Hello
304 4002.186700000  83.149.32.13    192.168.156.30  TLSv1   1244    Certificate
305 …

我在我的应用程序中使用了encription.我将私钥存储为字节数组并使用以下代码来恢复它:

PrivateKey private = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(s_privateKeyIn1t));

它适用于我所有的目标Android平台2.1 - > 4.0.4,但在Jelly Bean上失败了!

Jelly Bean引发了一个例外:

07-20 17:29:35.197: E/AnyBalance:Codec(990): Caused by: java.lang.RuntimeException: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
07-20 17:29:35.197: E/AnyBalance:Codec(990):    at org.apache.harmony.xnet.provider.jsse.NativeCrypto.d2i_PKCS8_PRIV_KEY_INFO(Native Method)
07-20 17:29:35.197: E/AnyBalance:Codec(990):    at org.apache.harmony.xnet.provider.jsse.OpenSSLRSAKeyFactory.engineGeneratePrivate(OpenSSLRSAKeyFactory.java:73)

怎么了？