由于Android 5.0棒棒糖我无法通过SSL或使用TLSv1通信服务器（X509TrustManager） [英] Since Android Lollipop 5.0 I am not able to communicate to server (X509TrustManager) via SSL or TLSv1

问题描述

我希望有人能帮助我在这里。由于Android 5.0棒棒糖我无法通过SSL通信服务器（X509TrustManager）。
这似乎是应用程序是一个无限循环试图建立握手进入。这里是我的code：

I hope someone can help me here. Since Android Lollipop 5.0 I am not able to communicate to server (X509TrustManager) via SSL. It seems like the app is entering in a infinity loop trying to establish handshake. Here is my code:

    SSLContext sc;
SSLSocket sslsock;
Socket sock;

// Constructor
RfbProto(String h, int p) throws IOException{
        host = h;
        port = p;

        TrustManager[] trustAllCerts = new TrustManager[] {
                new X509TrustManager() {  
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {  
                        return null;  
                    }  
                    public void checkClientTrusted(X509Certificate[] certs, String authType){}
                    public void checkServerTrusted(X509Certificate[] certs, String authType){}
                }
        };  

        try {
            sc = SSLContext.getInstance("SSL");  
            sc.init(null, trustAllCerts, new java.security.SecureRandom());  
        } catch (Exception e) { }

        sock = new Socket();
        sock.connect(new InetSocketAddress(host, port), 5000);
        sock.setSoTimeout(10000);

        SSLSocketFactory factory = (SSLSocketFactory)sc.getSocketFactory();
        sslsock = (SSLSocket)factory.createSocket(sock, null, 0, false);

        is = new DataInputStream(new BufferedInputStream(sock.getInputStream(), 16384));
        os = sock.getOutputStream();    

        timing = false;
        timeWaitedIn100us = 5;
        timedKbits = 0;
    }

    public void enableSSL() throws IOException{

        this.sslEnabled = true;

        final SSLSocket fSock = sslsock;
        sslsock.addHandshakeCompletedListener(new HandshakeCompletedListener() {            
            @Override
            public void handshakeCompleted(HandshakeCompletedEvent event) {
                try {
                    Certificate[] peerCertificates = event.getPeerCertificates();
                    if (peerCertificates.length > 0) {
                        serverCertificate = (X509Certificate)peerCertificates[0];
                    }       
                    is = new DataInputStream(new BufferedInputStream(fSock.getInputStream(), 16384));
                    os = fSock.getOutputStream();

                } catch (SSLPeerUnverifiedException e) {
                    e.printStackTrace();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        });
        try {
            fSock.startHandshake();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

纵观的是Android 5.0的更改，也有一些变化在TLS / SSL默认配置，但我不知道从哪里开始。
任何帮助将是AP preciated

Looking at the Android 5.0 changes, there are some changes at the TLS/SSL default configuration, but I'm not sure where to start. Any help would be appreciated

推荐答案

特里出强制使用TLSv1 handhsake。自去年yeat SSL年底被假定为弱势（狮子狗），并在大量的服务器应用程序被禁用（例如，所有的支付组织，如签证/万事达卡）。

Trie out to force TLSv1 handhsake. Since end of last yeat SSL is assumed as vulnerable (POODLE) and in a lots of servers apps was disabled (eg, all payment organisations like Visa / MasterCard).

这篇关于由于Android 5.0棒棒糖我无法通过SSL或使用TLSv1通信服务器（X509TrustManager）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！