javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7d84e10: Failure in SSL library解决

最新推荐文章于 2024-11-12 18:46:13 发布
转载 最新推荐文章于 2024-11-12 18:46:13 发布 · 1w 阅读 · 8

本文介绍了一个自定义的SSL套接字工厂类,用于解决Android应用中出现的SSL握手异常问题,通过禁用不安全的SSL协议版本和选择合理的密钥交换套件来提升安全性。 
异常信息
04-22 18:55:30.661 3949-3949/com.umeng.soexample.liuhao20190422 I/aaaa: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7d84e10: Failure in SSL library, usually a protocol error
    error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x96f15926:0x00000000)



//写一个类继承SSLSocket
public class SSL extends SSLSocketFactory {
    private SSLSocketFactory defaultFactory;
    // Android 5.0+ (API level21) provides reasonable default settings
    // but it still allows SSLv3
    // https://developer.android.com/about/versions/android-5.0-changes.html#ssl
    static String protocols[] = null, cipherSuites[] = null;

    static {
        try {
            SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
            if (socket != null) {
                /* set reasonable protocol versions */
                // - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <5.0)
                // - remove all SSL versions (especially SSLv3) because they're insecure now
                List<String> protocols = new LinkedList<>();
                for (String protocol : socket.getSupportedProtocols())
                    if (!protocol.toUpperCase().contains("SSL"))
                        protocols.add(protocol);
                SSL.protocols = protocols.toArray(new String[protocols.size()]);
                /* set up reasonable cipher suites */
                if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
                    // choose known secure cipher suites
                    List<String> allowedCiphers = Arrays.asList(
                            // TLS 1.2
                            "TLS_RSA_WITH_AES_256_GCM_SHA384",
                            "TLS_RSA_WITH_AES_128_GCM_SHA256",
                            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
                            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
                            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
                            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
                            "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256",
                            // maximum interoperability
                            "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
                            "TLS_RSA_WITH_AES_128_CBC_SHA",
                            // additionally
                            "TLS_RSA_WITH_AES_256_CBC_SHA",
                            "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
                            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
                            "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
                            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
                    List<String> availableCiphers = Arrays.asList(socket.getSupportedCipherSuites());
                    // take all allowed ciphers that are available and put them into preferredCiphers
                    HashSet<String> preferredCiphers = new HashSet<>(allowedCiphers);
                    preferredCiphers.retainAll(availableCiphers);
                    /* For maximum security, preferredCiphers should *replace* enabled ciphers (thus disabling
                     * ciphers which are enabled by default, but have become unsecure), but I guess for
                     * the security level of DAVdroid and maximum compatibility, disabling of insecure
                     * ciphers should be a server-side task */
                    // add preferred ciphers to enabled ciphers
                    HashSet<String> enabledCiphers = preferredCiphers;
                    enabledCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites())));
                    SSL.cipherSuites = enabledCiphers.toArray(new String[enabledCiphers.size()]);
                }
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public SSL(X509TrustManager tm) {
        try {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, (tm != null) ? new X509TrustManager[]{tm} : null, null);
            defaultFactory = sslContext.getSocketFactory();
        } catch (GeneralSecurityException e) {
            throw new AssertionError(); // The system has no TLS. Just give up.
        }
    }

    private void upgradeTLS(SSLSocket ssl) {
        // Android 5.0+ (API level21) provides reasonable default settings
        // but it still allows SSLv3
        // https://developer.android.com/about/versions/android-5.0-changes.html#ssl
        if (protocols != null) {
            ssl.setEnabledProtocols(protocols);
        }
        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP && cipherSuites != null) {
            ssl.setEnabledCipherSuites(cipherSuites);
        }
    }

    @Override public String[] getDefaultCipherSuites() {
        return cipherSuites;
    }

    @Override
    public String[] getSupportedCipherSuites() {
        return cipherSuites;
    }

    @Override
    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
        Socket ssl = defaultFactory.createSocket(s, host, port, autoClose);
        if (ssl instanceof SSLSocket){
            upgradeTLS((SSLSocket) ssl);
        }
        return ssl;
    }

    @Override
    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        Socket ssl = defaultFactory.createSocket(host, port);
        if (ssl instanceof SSLSocket){
            upgradeTLS((SSLSocket) ssl);
        }
        return ssl;
    }

    @Override
    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
        Socket ssl = defaultFactory.createSocket(host, port, localHost, localPort);
        if (ssl instanceof SSLSocket) {
            upgradeTLS((SSLSocket) ssl);
        }
        return ssl;
    }

    @Override
    public Socket createSocket(InetAddress host, int port) throws IOException {
        Socket ssl = defaultFactory.createSocket(host, port);
        if (ssl instanceof SSLSocket) {
            upgradeTLS((SSLSocket) ssl);
        }
        return ssl;
    }

    @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
        Socket ssl = defaultFactory.createSocket(address, port, localAddress, localPort);
        if (ssl instanceof SSLSocket){
            upgradeTLS((SSLSocket) ssl);
        }
        return ssl;
    }
}
//定义一个信任所有证书的TrustManager
final X509TrustManager trustAllCert = new X509TrustManager() {
    @Override
    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
    }

    @Override
    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
    }

    @Override
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return new java.security.cert.X509Certificate[]{};
    }
};
OkHttpClient client = new OkHttpClient.Builder()
        .sslSocketFactory(new SSL(trustAllCert), trustAllCert)
        .hostnameVerifier(new HostnameVerifier() {             @Override
             public boolean verify(String s, SSLSession sslSession) {
                return true;
             }
         }).build();
liuhao032
关注
Empty issuer DN not allowed in X509Certificates
隔壁老瓦的专栏
04-16 3644
Exception in thread "main" io.kubernetes.client.openapi.ApiException: javax.net.ssl.SSLProtocolException: Empty issuer DN not allowed in X509Certificates at io.kubernetes.client.openapi.ApiClient.execute(ApiClient.java:886) at io.kubernetes.client.openap..
解决 X509Certificates 编程中不允许使用空发行者DN的问题
CyberBladeX的博客
09-10 1517
在进行X.509证书编程时,有时可能会遇到"Empty issuer DN not allowed in X509Certificates"(X509Certificates中不允许使用空发行者DN)的错误。为了解决这个问题,我们需要确保提供有效的发行者DN。总结起来,如果在X509Certificates编程中遇到"Empty issuer DN not allowed"错误,你需要确保提供有效的发行者DN。通过使用合适的编程语言和相应的库,创建证书时设置发行者的DN,可以避免此错误的发生。
Android异常处理javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x41ea4068: Failure in SSL
Blue_Tong的博客
10-22 2592
Android异常处理: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x41ea4068: Failure in SSL library, usually a protocol error log如下: 10-19 17:40:47.610 805-826/com.example.ipawsplay W/System.err: error:14077410:SSL routines:SSL23_
javax.net.ssl.SSLProtocolException: SSL handshake aborted
Kinsomy的博客
01-26 1万+
问题出现 前几天在接入新版api的时候,在Android 4.4版本的机型上测试的时候,网络请求捕获了一个异常,SSLProtocolException,具体的异常信息是 com.base.http.exception.NetworkRespException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=
javax.net.ssl.SSLProtocolException:SSL handshake aborted
andoop的博客
03-15 5459
在做微信登录的时候遇到了这样的问题:javax.net.ssl.SSLProtocolException:SSL handshake aborted解决方案:手机连接的WiFi有代理,把代理去掉就搞定了
精选资源
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure的一个解决方案-附件资源
03-05
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure的一个解决方案-附件资源
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair 解决方法总结
08-25
然而,当你遇到“javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair”的错误时,这意味着在建立SSL/TLS连接时,Diffie-Hellman(DH)密钥交换算法遇到了问题。DH是一种非对称...
精选资源
解决webMagic0.7.3 出现javax.net.ssl.SSLException: Received fatal alert: protocol_version的问题-附件资源
03-02
解决webMagic0.7.3 出现javax.net.ssl.SSLException: Received fatal alert: protocol_version的问题-附件资源
OkHttpUtils: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8f02e68: Failure in S
guozhaohui628
01-16 5624
1. 问题   碰到这个问题是我们公司用的是https,证书是赛门铁克的证书是tls1.2,然后我用的是okhttp,然后在android5.0以上没问题,请求都是可以的,但是在android5.0以下,连登陆都登不进,也不闪退,点击登陆没反应,然后报如上的异常,后面各种查资料,终于找到靠谱的,其中很多人其实都不知道,在瞎说。最权威的解释在这里httpsTLS,真心感谢这位博主。 2. 原因
https请求握手失败,javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException
huashanjuji的专栏
12-06 3476
在与银行支付系统通讯中,客户端前期运行正常,后来在银行系统更新以后,发现支付接口不能正常通讯。具体报错如下:javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x73f10468: Failure in SSL library, usually a ...
FreeRDP的安装配置(错误信息:SSL_read: Failure in SSL library (protocol error?))
weixin_34010566的博客
01-11 3089
最新文章:Virson's Blog 使用xfreerdp [serveripaddress]命令,连接xp/windows 2003都正常,但是在连接win7/2008时总是出错: ;-------------------------------------------------------------------------------- root@pg-vm:/etc/ld.so.c...
SSL_read: Failure in SSL library (protocol error?)
github_34572149的博客
03-26 1924
SSL_read: Failure in SSL library (protocol error?)
javax.net.ssl.SSLException: SSL handshake aborted
阿瑟
06-05 1万+
该问题是OKhttp在Android4.4及以下的系统上遇到的,完整错误日志如下:javax.net.ssl.SSLException: SSL handshake aborted: ssl=0x5877e128: I/O error during system call, Connection reset by peer 05-31 15:20:24.928 8305-9031/? W/Syst...
javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
晴空的专栏
09-10 8258
服务器频繁抛出错误信息如下:
jenkins配置SVN时报错:javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
会写代码的大叔
06-05 3857
最近在学习jenkins,在配置SVN时发现老是会报错: javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name 这个错误在使用idea的svn插件时遇到过,只要在java参数里面添加下面代码: -Djsse.enableSNIExtension=false 在jenkins里面用下
使用OkHttp请求https在android4.4报错javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException
q1581375053的博客
09-06 3181
对于HTTPS的请求我们一般都是采取忽略的策略,一般而言直接实现X509TrustManager接口,简单的以SSLContext获取SSLSocketFactory就可以的了,实测6.0以上还未遇到过什么奇葩的问题,6.0以下的,正常情况下也不会有什么问题,但最近偶然发现一客户提供的https地址请求居然报错了,抛出了javax.net.ssl.SSLHandshakeExcep...
【Java报错已解决javax.net.ssl.SSLHandshakeException: SSL
鸽芷咕的博客
11-12 3069
在Java开发中,尤其是涉及到网络通信且使用了SSL/TLS加密的场景时,遇到“javax.net.ssl.SSLHandshakeException: SSL”这个报错,就像在安全通信的高速公路上遇到了路障,让开发者和环境配置者十分头疼。这个异常表明在SSL握手过程中出现了问题,而SSL握手是建立安全连接的关键步骤,直接影响到数据传输的安全性和可靠性。无论是在客户端与服务器之间的通信,还是在不同服务之间的内部通信中,解决这个问题对于保障系统的正常运行至关重要。
Android 4.4 网络请求报错:javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL hand
qq_27494201的博客
04-06 1232
链接:https://pan.baidu.com/s/1otsDIFbAe6rgckFeJdVeDw。参考上面这条连接即可解决问题或者参考我的Demo。
关于javax.net.ssl.SSLProtocolException
热门推荐
Xcrow の blog
07-16 1万+
javax.net.ssl.SSLProtocolException: handshakealert: unrecognized_name  解决方案 设置系统属性:System.setProperty ("jsse.enableSNIExtension", "false"); 搞定。
javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
最新发布
08-30
`javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name` 错误通常是由于客户端在 SSL/TLS 握手过程中发送了一个服务器无法识别的 SNI(Server Name Indication)扩展导致的。以下是一些可能的解决方法: ### 禁用 SNI 如果服务器不支持 SNI,可以在客户端代码中禁用 SNI。以下是一个 Java 示例: ```java import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLParameters; import java.io.IOException; import java.net.URL; public class DisableSNIExample { public static void main(String[] args) throws Exception { URL url = new URL("https://your-url.com"); HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, null, null); SSLParameters sslParameters = new SSLParameters(); sslParameters.setServerNames(null); // 禁用 SNI conn.setSSLSocketFactory(sslContext.getSocketFactory()); conn.setSSLParameters(sslParameters); try { conn.connect(); System.out.println("Connected successfully"); } catch (IOException e) { e.printStackTrace(); } } } ``` ### 升级 JDK 版本 较新的 JDK 版本可能会修复一些与 SNI 相关的问题。可以尝试将 JDK 升级到最新的稳定版本。 ### 检查服务器配置 确保服务器端正确配置了 SNI 支持。如果服务器不支持 SNI,可能需要联系服务器管理员进行相应的配置调整。 ### 检查域名和证书 确保使用的域名和证书是正确的,并且证书没有过期或存在其他问题。 ### 指定 TLS 版本 类似于解决 `SSLHandshakeException` 的方法,可以尝试指定使用的 TLS 版本: ```java import org.apache.http.client.HttpClient; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContexts; import javax.net.ssl.SSLContext; import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; public class SpecifyTLSVersionExample { public static HttpClient getHttpClient() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException { SSLContext sslContext = SSLContexts.custom() .loadTrustMaterial(null, new TrustSelfSignedStrategy()) .build(); SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory( sslContext, new String[]{"TLSv1.2"}, null, NoopHostnameVerifier.INSTANCE ); return HttpClients.custom() .setSSLSocketFactory(scsf) .build(); } } ```
评论 3
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值