java - SSLProtocolException:SSL 握手终止:ssl=0xce70fa40:SSL 库失败,通常是协议错误
问题描述
对于 Android 7.0 和 7.1,我们的一台服务器出现以下错误
javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xce70fa40: Failure in SSL library, usually a protocol error
error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0xcf5dfda0:0x00000001)
error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0xe3062196:0x00000000)
这也是我的http-client代码看起来像在android应用程序中调用服务器
OkHttpClient httpClient = new OkHttpClient();
Request request = new Request.Builder().url(urlStr).build();
Response response = httpClient.newCall(request).execute();
Map<String, List<String>> headers = response.headers().toMultimap();
byte[] contents = null;
contents = response.body().toString().getBytes();
我已经尝试了 SO 上提到的所有可能的解决方案,但没有任何效果。如果我回到 Android 6.0 及更低版本,一切似乎都运行良好。我不确定这是否是密码套件问题。我将尝试获取wireshark 网络握手并将其发布在此处。
有人有什么主意吗?
这就是 nmap 提供的关于密码套件的内容
PORT STATE SERVICE
XXX/tcp open snpp
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
| TLSv1.1:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
| TLSv1.2:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
|_ least strength: C
解决方案
推荐阅读
- node.js - Node.js 不包括从 .bashrc 导出的 PATH
- regex - 正则表达式分隔符 "::" Tcl
- java - Visual Studio 2017 自动安装 Java SE 1.8,是否已获得许可?
- c++ - 返回一个 const 变量 - 它会导致问题吗?
- python - Pandas-Dask DataFrame 应用函数并返回列表
- wordpress - 将 Telegram 机器人消息发送到 Wordpress REST 端点?
- java - 检查矩形是否与文本相交
- javascript - 正则表达式检查字符密码重复频率
- qt - QStateMachine 自动转换或混合 boost::msm 与 QObject
- jmeter - 如何根据我的要求在 jmeter 中创建折线图?