javax.net.ssl.SSLProtocolException:SSL握手已中止:ssl = 0x7fa2258640:SSL库失败,通常是协议错误 [英] javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa2258640: Failure in SSL library, usually a protocol error
问题描述
我正在尝试一个演示Android应用程序来连接servlet(本地服务器和aws实例),从而产生握手失败错误.我也尝试过凌空抽射和http客户端.相关代码和logcat结果如下.目前,我正在使用Android版本7.1和Redmi 5A手机进行测试.
import android.support.v7.app.AppCompatActivity;导入android.os.Bundle;导入java.io.BufferedReader;导入java.io.InputStreamReader;导入java.io.OutputStreamWriter;导入java.net.URL;导入java.net.URLConnection;导入android.app.Activity;导入android.os.Bundle;导入android.util.Log;导入android.view.View;导入android.view.View.OnClickListener;导入android.widget.Button;导入android.widget.EditText;导入android.widget.Toast;公共类MainActivity扩展了AppCompatActivity {@Override受保护的void onCreate(Bundle savedInstanceState){super.onCreate(savedInstanceState);setContentView(R.layout.activity_main);执行();}无效execute(){新线程(新Runnable(){公共无效run(){尝试 {URL url =新URL("https://192.168.0.7:9999/WebS/welcome/test");URLConnection连接= url.openConnection();字符串inputString ="hello服务器";//inputString = URLEncoder.encode(inputString,"UTF-8");Log.d("inputString",inputString);connection.setDoOutput(true);OutputStreamWriter out =新的OutputStreamWriter(connection.getOutputStream());out.write(inputString);out.close();BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));Toast.makeText(MainActivity.this,in.toString(),Toast.LENGTH_LONG).show();附寄();} catch(Exception e){Log.e("YOUR_APP_LOG_TAG",我出错了",e);}}}).开始();}} Logcat结果:
app_url E/YOUR_APP_LOG_TAG:我遇到了错误javax.net.ssl.SSLHandshakeException:握手失败在com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429)在com.android.okhttp.Connection.connectTls(Connection.java:235)在com.android.okhttp.Connection.connectSocket(Connection.java:199)在com.android.okhttp.Connection.connect(Connection.java:172)在com.android.okhttp.Connection.connectAndSetOwner(Connection.java:367)在com.android.okhttp.OkHttpClient $ 1.connectAndSetOwner(OkHttpClient.java:130)在com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330)在com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:247)在com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:457)在com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:126)在com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:257)在com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)在com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java)在com.example.cg_dte.app_url.MainActivity $ 1.run(MainActivity.java:41)在java.lang.Thread.run(Thread.java:760)禁止:javax.net.ssl.SSLHandshakeException:握手失败...另外15个禁止:javax.net.ssl.SSLHandshakeException:握手失败...另外15个引起原因:javax.net.ssl.SSLProtocolException:SSL握手已中止:ssl = 0x7fa2258640:SSL库失败,通常是协议错误错误:100000f7:SSL例程:OPENSSL_internal:WRONG_VERSION_NUMBER(外部/无聊的ssl/src/ssl/tls_record.c:192 0x7f94590e7e:0x00000000)在com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native方法)在com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)...另外14个引起原因:javax.net.ssl.SSLProtocolException:SSL握手已中止:ssl = 0x7fa2258640:SSL库失败,通常是协议错误错误:100000f7:SSL例程:OPENSSL_internal:WRONG_VERSION_NUMBER(外部/无聊的ssl/src/ssl/tls_record.c:192 0x7f94590e7e:0x00000000)在com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native方法)在com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)...另外14个引起原因:javax.net.ssl.SSLProtocolException:SSL握手已中止:ssl = 0x7fa2258640:SSL库失败,通常是协议错误错误:100000f7:SSL例程:OPENSSL_internal:WRONG_VERSION_NUMBER(外部/无聊的ssl/src/ssl/tls_record.c:192 0x7f94590e7e:0x00000000)在com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native方法)在com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)...另外14个
URL url =新URL("https://192.168.0.7:9999/WebS/welcome/test"); 此URL还包含端口规范(端口9999).确保您的SSL服务器实例(HTTPS协议)配置为在该端口上侦听,也许您是错误地连接到服务器的非SSL实例(HTTP协议).
尝试例如不安全的 URL url =新的URL("http://192.168.0.7:9999/WebS/welcome/test"); 来查看通信是否在该协议上使用HTTP协议地址.如果是,则需要连接到HTTPS的其他端口.最简单的选择是首先尝试使用默认的SSL端口(443),即删除端口号: URL url = new URL("https://192.168.0.7/WebS/welcome/test");
您也可以在自己喜欢的浏览器中尝试所有这些变种的url,以查看它的想法(我个人使用的是Firefox,带有指向HTTP的端口的url确实产生了有关错误证书长度的奇怪错误,等等...一旦我将URL固定为指向HTTPS实例,由于使用的自签名证书,firefox只会报告不安全的连接,这是预期的并且可以理解的.
没有进一步配置移动应用程序的正确HTTPS URL可能会因 javax.net.ssl.SSLHandshakeException:java.security.cert.CertPathValidatorException:找不到证书路径的信任锚而失败.-如果您在本地服务器上使用自签名证书.哪个是不同的问题,并且有很多关于如何处理该问题的文档(以及总体上如何固定证书,检查域名和创建安全连接的文档).
但是 WRONG_VERSION_NUMBER(external/boringssl/src/ssl/tls_record.c:建议您无意中连接到服务器的未加密HTTP实例,因此SSL握手是完全混乱的./p>
I am trying a demo Android app to connect servlet (both local server and aws instance) it gives Handshake failed error. I have tried with volley and http client also. The relevant code and logcat result is following. Currently I am using Android version 7.1 and redmi 5A cellphone for testing.
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.net.URLConnection;
import android.app.Activity;
import android.os.Bundle;
import android.util.Log;
import android.view.View;
import android.view.View.OnClickListener;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
execute();
}
void execute() {
new Thread(new Runnable() {
public void run() {
try {
URL url = new URL("https://192.168.0.7:9999/WebS/welcome/test");
URLConnection connection = url.openConnection();
String inputString = "hello server";
//inputString = URLEncoder.encode(inputString, "UTF-8");
Log.d("inputString", inputString);
connection.setDoOutput(true);
OutputStreamWriter out = new OutputStreamWriter(connection.getOutputStream());
out.write(inputString);
out.close();
BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
Toast.makeText(MainActivity.this, in.toString(), Toast.LENGTH_LONG).show();
in.close();
} catch (Exception e) {
Log.e("YOUR_APP_LOG_TAG", "I got an error", e);
}
}
}).start();}}
Logcat result:
app_url E/YOUR_APP_LOG_TAG: I got an error javax.net.ssl.SSLHandshakeException: Handshake failed at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429) at com.android.okhttp.Connection.connectTls(Connection.java:235) at com.android.okhttp.Connection.connectSocket(Connection.java:199) at com.android.okhttp.Connection.connect(Connection.java:172) at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:367) at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:130) at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330) at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:247) at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:457) at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:126) at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:257) at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218) at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java) at com.example.cg_dte.app_url.MainActivity$1.run(MainActivity.java:41) at java.lang.Thread.run(Thread.java:760) Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed ... 15 more Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed ... 15 more Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa2258640: Failure in SSL library, usually a protocol error error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER (external/boringssl/src/ssl/tls_record.c:192 0x7f94590e7e:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) ... 14 more Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa2258640: Failure in SSL library, usually a protocol error error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER (external/boringssl/src/ssl/tls_record.c:192 0x7f94590e7e:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) ... 14 more Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa2258640: Failure in SSL library, usually a protocol error error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER (external/boringssl/src/ssl/tls_record.c:192 0x7f94590e7e:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) ... 14 more
URL url = new URL("https://192.168.0.7:9999/WebS/welcome/test");
This url contains also the port specification (port 9999). Make sure your SSL server instance (HTTPS protocol) is configured to listen at that port, maybe you are by mistake connecting to the non-SSL instance of your server (HTTP protocol).
Try for example insecure URL url = new URL("http://192.168.0.7:9999/WebS/welcome/test"); to see if the communication works with HTTP protocol on that address. If yes, then you need to connect to different port for HTTPS. The easiest bet is to try first with default SSL port (443), i.e. just remove the port number: URL url = new URL("https://192.168.0.7/WebS/welcome/test");
You can also try all these varianst of url in your favourite browser to see what it does think about it (I'm using personally firefox, the url with port pointing to HTTP did produce weird errors about wrong certificate length, etc... once I fixed my url to point to the HTTPS instance, the firefox did report only insecure connection due to self-signed certificate used, which was expected and understandable.
The correct HTTPS url, without further extra configuration of mobile app, will probably fail with javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. - if you are using self-signed certificate for your local server. Which is different problem and there's lot of documentation how to deal with that (and overall how to pin certificates, check domain names and create secure connection).
But the WRONG_VERSION_NUMBER (external/boringssl/src/ssl/tls_record.c: suggest you are connecting by accident to the unencrypted HTTP instance of your server, then the SSL handshake is completely confused.
这篇关于javax.net.ssl.SSLProtocolException:SSL握手已中止:ssl = 0x7fa2258640:SSL库失败,通常是协议错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
