改进OkHttp SSLHandshakeException [英] Retrofit OkHttp SSLHandshakeException
问题描述
我使用OkHttp作为Retrofit的客户端。我无法点击某个https网址。此服务器仅支持TLS 1.0,以下密码
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_RC4_128_MD5
I am using OkHttp as the client in Retrofit. I am unable to hit a certain https url. This server supports TLS 1.0 only and the following ciphers TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5
以下是我实例化OkHttpClient的方法:
Here's how I am instantiating my OkHttpClient:
OkHttpClient client = new OkHttpClient();
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
client.setSslSocketFactory(sslSocketFactory);
client.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
} catch (Exception e) {
throw new RuntimeException(e);
}
return client;
}
我的应用程序不断抛出此异常:
And my app keeps throwing this exception:
javax.net.ssl.SSLProtocolException:SSL握手中止:ssl = 0x9742f000:SSL库失败,通常是协议错误
错误:14077410:SSL例程: SSL23_GET_SERVER_HELLO:sslv3警报握手失败(外部/ openssl / ssl / s23_clnt.c:770 0xab9fcc4d:0x00000000)
javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x9742f000: Failure in SSL library, usually a protocol error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:770 0xab9fcc4d:0x00000000)
推荐答案
OkHttp在默认配置中不再支持RC4,因为OkHttp v2.3(发行说明)。您可以使用 ConnectionSpec
( javadoc )启用它, ConnectionSpecTest.java
(源代码)显示了一些例子。
OkHttp no longer supports RC4 in its default config since OkHttp v2.3 (release notes). You can use the ConnectionSpec
(javadoc) to enable it, the ConnectionSpecTest.java
(source code) shows some examples.
这篇关于改进OkHttp SSLHandshakeException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!