根据Android for SSLSocket和SSLContext中的文档,API级别16支持TLS v1.1和v1.2协议,但默认情况下不启用。

http://developer.android.com/reference/javax/net/ssl/SSLSocket.html

http://developer.android.com/reference/javax/net/ssl/SSLContext.html

如何在运行Android 4.1或更高版本(但低于5.0)的设备上启用它?

我已经尝试创建一个自定义的SSLSocketFactory,它在Socket被创建时启用所有支持的协议,然后使用我的自定义实现:

HttpsURLConnection.setDefaultSSLSocketFactory(new MySSLSocketFactory());

public class MySSLSocketFactory extends SSLSocketFactory {

private SSLContext sc;

private SSLSocketFactory ssf;

public MySSLSocketFactory() {

try {

sc = SSLContext.getInstance("TLS");

sc.init(null, null, null);

ssf = sc.getSocketFactory();

} catch (NoSuchAlgorithmException e) {

e.printStackTrace();

} catch (KeyManagementException e) {

e.printStackTrace();

}

}

@Override

public Socket createSocket(Socket s, String host, int port, boolean autoClose)

throws IOException {

SSLSocket ss = (SSLSocket) ssf.createSocket(s, host, port, autoClose);

ss.setEnabledProtocols(ss.getSupportedProtocols());

ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());

return ss;

}

@Override

public String[] getDefaultCipherSuites() {

return ssf.getDefaultCipherSuites();

}

@Override

public String[] getSupportedCipherSuites() {

return ssf.getSupportedCipherSuites();

}

@Override

public Socket createSocket(String host, int port) throws IOException, UnknownHostException {

SSLSocket ss = (SSLSocket) ssf.createSocket(host, port);

ss.setEnabledProtocols(ss.getSupportedProtocols());

ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());

return ss;

}

@Override

public Socket createSocket(InetAddress host, int port) throws IOException {

SSLSocket ss = (SSLSocket) ssf.createSocket(host, port);

ss.setEnabledProtocols(ss.getSupportedProtocols());

ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());

return ss;

}

@Override

public Socket createSocket(String host, int port, InetAddress localHost, int localPort)

throws IOException, UnknownHostException {

SSLSocket ss = (SSLSocket) ssf.createSocket(host, port, localHost, localPort);

ss.setEnabledProtocols(ss.getSupportedProtocols());

ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());

return ss;

}

@Override

public Socket createSocket(InetAddress address, int port, InetAddress localAddress,

int localPort) throws IOException {

SSLSocket ss = (SSLSocket) ssf.createSocket(address, port, localAddress, localPort);

ss.setEnabledProtocols(ss.getSupportedProtocols());

ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());

return ss;

}

}

但是在尝试与仅启用TLS 1.2的服务器建立连接时仍然会出现异常。

这是我得到的例外:

03-09 09:21:38.427: W/System.err(2496):

javax.net.ssl.SSLHandshakeException:

javax.net.ssl.SSLProtocolException: SSL handshake aborted:

ssl=0xb7fa0620: Failure in SSL library, usually a protocol error

03-09 09:21:38.427: W/System.err(2496): error:14077410:SSL

routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

(external/openssl/ssl/s23_clnt.c:741 0xa90e6990:0x00000000)

Logo
华为开发者空间

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐

cover

Hermes进阶 医疗行业落地:LLM Wiki + Obsidian图谱建设脂肪性肝病智能知识网络

avatar 华为开发者空间
cover

【GaussDB】GaussDB逻辑操作符入门指南

avatar 华为开发者空间
cover

【GaussDB】GaussDB等保测评命令大集合

avatar 华为开发者空间