SSLv3的協議是不安全的,i之後讀some articles,我使用this solution刪除該協議。的Android HTTPS請求,SSL協議失敗
的方法刪除SSLV3:
@Override
public void setEnabledProtocols(String[] protocols) {
if (protocols != null && protocols.length == 1 && "SSLv3".equals(protocols[0])) {
// no way jose
// see issue https://code.google.com/p/android/issues/detail?id=78187
List<String> enabledProtocols = new ArrayList<String>(Arrays.asList(delegate.getEnabledProtocols()));
for (String pro : enabledProtocols) {
VolleyLog.d(pro);
}
if (enabledProtocols.size() > 1) {
enabledProtocols.remove("SSLv3");
VolleyLog.d("Removed SSLv3 from enabled protocols");
} else {
VolleyLog.d("SSL stuck with protocol available for " + String.valueOf(enabledProtocols));
}
protocols = enabledProtocols.toArray(new String[enabledProtocols.size()]);
}
super.setEnabledProtocols(protocols);
}
我使用排作爲HTTP客戶端,這裏是我的代碼初始化一個請求隊列:
HttpStack stack;
if (Build.VERSION.SDK_INT >= 9) {
// Use a socket factory that removes sslv3
// https://code.google.com/p/android/issues/detail?id=78187
stack = new HurlStack(null, new NoSSLv3Compat.NoSSLv3Factory());
} else {
// Prior to Gingerbread, HttpUrlConnection was unreliable.
// See: http://android-developers.blogspot.com/2011/09/androids-http-clients.html
stack = new HttpClientStack(AndroidHttpClient.newInstance(userAgent));
}
設備和環境
我使用小蜜M3與MIUI ROM,它基於Android 4.4.4。
當setEnabledProtocols方法被調用時,我打印了一些日誌:
D/Volley: [1444] NoSSLv3SSLSocket.setEnabledProtocols: SSLv3
D/Volley: [1444] NoSSLv3SSLSocket.setEnabledProtocols: TLSv1
D/Volley: [1444] NoSSLv3SSLSocket.setEnabledProtocols: Removed SSLv3 from enabled protocols
問題
當我嘗試加載此image,失敗,輸出:
NoConnectionError: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x77f49768: Failure in SSL library, usually a protocol error
E/CachedHttp: error:1409443E:SSL routines:SSL3_READ_BYTES:tlsv1 alert inappropriate fallback (external/openssl/ssl/s3_pkt.c:1256 0x77f4c280:0x00000003)
這個圖像服務器支持以下協議:
TLS 1.2、 TLS 1.1、 TLS 1.0、 SSL 3
你能幫我弄清楚嗎?
你讀過這http://stackoverflow.com/a/30302235/3919009? –
http://ramannanda.blogspot.com/2015/03/handling-and-identifying-ssl-handshake.html –