改造 OkHttp SSLHandshakeException
Retrofit OkHttp SSLHandshakeException
我在 Retrofit 中使用 OkHttp 作为客户端。我无法点击某个 https url。此服务器仅支持 TLS 1.0 和以下密码
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_RC4_128_MD5
以下是我实例化 OkHttpClient 的方式:
OkHttpClient client = new OkHttpClient();
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
client.setSslSocketFactory(sslSocketFactory);
client.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
} catch (Exception e) {
throw new RuntimeException(e);
}
return client;
}
我的应用一直抛出这个异常:
javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x9742f000: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:770 0xab9fcc4d:0x00000000)
OkHttp 在其默认配置中不再支持 RC4,因为 OkHttp v2.3 (release notes). You can use the ConnectionSpec
(javadoc) to enable it, the ConnectionSpecTest.java
(source code) 显示了一些示例。
我在 Retrofit 中使用 OkHttp 作为客户端。我无法点击某个 https url。此服务器仅支持 TLS 1.0 和以下密码 TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5
以下是我实例化 OkHttpClient 的方式:
OkHttpClient client = new OkHttpClient();
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
client.setSslSocketFactory(sslSocketFactory);
client.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
} catch (Exception e) {
throw new RuntimeException(e);
}
return client;
}
我的应用一直抛出这个异常:
javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x9742f000: Failure in SSL library, usually a protocol error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:770 0xab9fcc4d:0x00000000)
OkHttp 在其默认配置中不再支持 RC4,因为 OkHttp v2.3 (release notes). You can use the ConnectionSpec
(javadoc) to enable it, the ConnectionSpecTest.java
(source code) 显示了一些示例。