如何在Android应用程序中启用TLS 1.2支持(在Android 4.1 JB上运行) [英] How to enable TLS 1.2 support in an Android application (running on Android 4.1 JB)
问题描述
根据Android中 SSLSocket
和 SSLContext
的文档,TLS v1.1和v1.2协议是API级别16+支持,但默认情况下不启用。
http://developer.android.com/reference/javax/net/ssl/ SSLSocket.html
http://developer.android.com/reference /javax/net/ssl/SSLContext.html
As per the docs in Android for SSLSocket
and SSLContext
, TLS v1.1 and v1.2 protocols are supported in API level 16+, but are not enabled by default.
http://developer.android.com/reference/javax/net/ssl/SSLSocket.html
http://developer.android.com/reference/javax/net/ssl/SSLContext.html
如何在运行Android 4.1或更高版本(但低于5.0)的设备上启用它?
How do I enable it on a device running Android 4.1 or later (but below 5.0)?
我试过创建一个自定义的SSLSocketFactory,它可以在创建 Socket
时启用所有支持的协议,然后再使用我的自定义实现为:
I have tried creating a custom SSLSocketFactory which enables all the supported protocols when Socket
's are created and later use my custom implementation as:
HttpsURLConnection.setDefaultSSLSocketFactory(new MySSLSocketFactory());
HttpsURLConnection.setDefaultSSLSocketFactory(new MySSLSocketFactory());
public class MySSLSocketFactory extends SSLSocketFactory {
private SSLContext sc;
private SSLSocketFactory ssf;
public MySSLSocketFactory() {
try {
sc = SSLContext.getInstance("TLS");
sc.init(null, null, null);
ssf = sc.getSocketFactory();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose)
throws IOException {
SSLSocket ss = (SSLSocket) ssf.createSocket(s, host, port, autoClose);
ss.setEnabledProtocols(ss.getSupportedProtocols());
ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());
return ss;
}
@Override
public String[] getDefaultCipherSuites() {
return ssf.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return ssf.getSupportedCipherSuites();
}
@Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
SSLSocket ss = (SSLSocket) ssf.createSocket(host, port);
ss.setEnabledProtocols(ss.getSupportedProtocols());
ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());
return ss;
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
SSLSocket ss = (SSLSocket) ssf.createSocket(host, port);
ss.setEnabledProtocols(ss.getSupportedProtocols());
ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());
return ss;
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort)
throws IOException, UnknownHostException {
SSLSocket ss = (SSLSocket) ssf.createSocket(host, port, localHost, localPort);
ss.setEnabledProtocols(ss.getSupportedProtocols());
ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());
return ss;
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress,
int localPort) throws IOException {
SSLSocket ss = (SSLSocket) ssf.createSocket(address, port, localAddress, localPort);
ss.setEnabledProtocols(ss.getSupportedProtocols());
ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());
return ss;
}
}
但是在尝试建立一个与已启用仅TLS 1.2 的服务器连接。
But it still gives an exception while trying to establish a connection with a server on which Only TLS 1.2 is enabled.
以下是我获得的例外情况:
Here is the exception I get:
03-09 09:21:38.427:W / System.err(2496):
javax.net.ssl.SSLHandshakeException:
javax.net .ssl.SSLProtocolException:SSL握手中止:
ssl = 0xb7fa0620:SSL库失败,通常是协议错误
03-09 09:21:38.427: W/System.err(2496): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7fa0620: Failure in SSL library, usually a protocol error
03-09 09:21:38.427: W / System.err(2496):错误:14077410:SSL
例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败
(外部/ openssl / ssl / s23_clnt.c:741 0xa90e6990:0x00000000)
03-09 09:21:38.427: W/System.err(2496): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0xa90e6990:0x00000000)
推荐答案
启用TLSv1.1和TLSv1.2的两种方法:
2 ways to enable TLSv1.1 and TLSv1.2:
- 使用本指南:
http:// blog。 dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/ - 使用这个类
https://github.com/erickok/transdroid/blob/master/app/src/main/java/org/transdroid/daemon/util/TlsSniSocketFactory.java
schemeRegistry.register(new Scheme(https,new TlsSniSocketFactory(),port));
- use this guideline: http://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/
- use this class
https://github.com/erickok/transdroid/blob/master/app/src/main/java/org/transdroid/daemon/util/TlsSniSocketFactory.java
schemeRegistry.register(new Scheme("https", new TlsSniSocketFactory(), port));
这篇关于如何在Android应用程序中启用TLS 1.2支持(在Android 4.1 JB上运行)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!