如何告诉Android Volley中的TLS版本 [英] How do I tell the TLS version in Android Volley
问题描述
我的项目已经使用Android Volley网络框架很长一段时间,但最近我发现在互联网上发布了一个SSL 3.0协议错误。
My project has been using Android Volley network framework for a long time, but recently I found a SSL 3.0 protocol bug published on the Internet.
我想知道如何找出我的项目使用的TLS版本,以及如何确认库是否更新。
I want to know how can I find out what's the TLS version my project used, and how to confirm whether the library is updated.
这是我的源代码片段:
HttpStack stack = new HurlStack();
Network network = new BasicNetwork(stack);
mHttpRequestQueue = new RequestQueue(new NoCache(), network);
mHttpRequestQueue.start();
我认为重点在于HurlStack类,它取决于 org。 apache.http
包,但我无法弄清楚TLS / SSL的配置在哪里。
I think the point is in HurlStack class, and it depends on org.apache.http
package, but I can't figure out where TLS/SSL configuration is.
推荐答案
您可以通过创建自定义HTTPStack并在 Volley.newRequestQueue(context,httpStack)方法中设置堆栈来修改Volley中使用的TLS版本https://github.com/mcxiaoke/android-volley/blob/9aba4f5f861ab547751aa572c8559467dfa59270/src/main/java/com/android/volley/toolbox/Volley.java相对= nofollow noreferrer> Volley.java 。虽然,您只需要为Android版本16-19执行此操作。在v16之前,不支持TLS 1.2,在v19之后,默认情况下启用TLS 1.2。因此,您应该专注于为Android版本16-19手动将TLS设置为1.2。
You may modify the version of TLS used in Volley by creating a custom HTTPStack and setting the stack in the Volley.newRequestQueue(context, httpStack)
method in Volley.java. Although, you only need to do this for Android versions 16-19. Before v16, TLS 1.2 isn't supported and after v19, TLS 1.2 is enabled by default. So, you should focus on manually setting TLS to 1.2 for Android versions 16-19.
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN
&& Build.VERSION.SDK_INT <= Build.VERSION_CODES.KITKAT) {
try {
ProviderInstaller.installIfNeeded(getContext());
} catch (GooglePlayServicesRepairableException e) {
// Indicates that Google Play services is out of date, disabled, etc.
// Prompt the user to install/update/enable Google Play services.
GooglePlayServicesUtil.showErrorNotification(e.getConnectionStatusCode(), getContext());
// Notify the SyncManager that a soft error occurred.
syncResult.stats.numIOExceptions++;
return;
} catch (GooglePlayServicesNotAvailableException e) {
// Indicates a non-recoverable error; the ProviderInstaller is not able
// to install an up-to-date Provider.
// Notify the SyncManager that a hard error occurred.
syncResult.stats.numAuthExceptions++;
return;
}
HttpStack stack = null;
try {
stack = new HurlStack(null, new TLSSocketFactory());
} catch (KeyManagementException e) {
e.printStackTrace();
Log.d("Your Wrapper Class", "Could not create new stack for TLS v1.2");
stack = new HurlStack();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
Log.d("Your Wrapper Class", "Could not create new stack for TLS v1.2");
stack = new HurlStack();
}
requestQueue = Volley.newRequestQueue(context, stack);
} else {
requestQueue = Volley.newRequestQueue(context);
}
然后使用扩展SSLSocketFactory的TLSSocketFactory类,就像这里创建的Florian Krauthan一样,其中V1.2 TLS协议启用: HTTPS://gist.github .com / fkrauthan / ac8624466a4dee4fd02f#file-tlssocketfactory-java
And then use a TLSSocketFactory class which extends SSLSocketFactory like the one Florian Krauthan created here, where the v1.2 TLS protocol is enabled: https://gist.github.com/fkrauthan/ac8624466a4dee4fd02f#file-tlssocketfactory-java
这篇关于如何告诉Android Volley中的TLS版本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!