【发布时间】:2016-01-25 23:53:08
【问题描述】:
我在 Retrofit 中使用 OkHttp 作为客户端。我无法访问某个 https 网址。此服务器仅支持 TLS 1.0 和以下密码 TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5
这是我实例化 OkHttpClient 的方式:
OkHttpClient client = new OkHttpClient();
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
client.setSslSocketFactory(sslSocketFactory);
client.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
} catch (Exception e) {
throw new RuntimeException(e);
}
return client;
}
我的应用不断抛出这个异常:
javax.net.ssl.SSLProtocolException:SSL 握手中止:ssl=0x9742f000:SSL 库失败,通常是协议错误 错误:14077410:SSL 例程:SSL23_GET_SERVER_HELLO:sslv3 警报握手失败(外部/openssl/ssl/s23_clnt.c:770 0xab9fcc4d:0x00000000)
【问题讨论】:
标签: android ssl https retrofit okhttp