{"id":1256,"date":"2023-03-18T09:47:19","date_gmt":"2023-03-18T01:47:19","guid":{"rendered":"https:\/\/www.appblog.cn\/?p=1256"},"modified":"2023-04-29T09:28:23","modified_gmt":"2023-04-29T01:28:23","slug":"solution-for-okhttp-not-supporting-tls-protocol-on-android-4-4-and-below","status":"publish","type":"post","link":"https:\/\/www.appblog.cn\/index.php\/2023\/03\/18\/solution-for-okhttp-not-supporting-tls-protocol-on-android-4-4-and-below\/","title":{"rendered":"OkHttp\u5728Android 4.4\u53ca\u4ee5\u4e0b\u4e0d\u652f\u6301TLS\u534f\u8bae\u7684\u89e3\u51b3\u65b9\u6cd5"},"content":{"rendered":"

\u95ee\u9898\u63cf\u8ff0<\/h2>\n

Glide\u52a0\u8f7dhttps\u56fe\u7247\uff1ahttps:\/\/futurestud.io\/tutorials\/glide-module-example-accepting-self-signed-https-certificates#0<\/a><\/p>\n

OkHttp\u5728Android 4.4\u53ca\u4ee5\u4e0b\u8bf7\u6c42https\u62a5\u9519\uff1a<\/p>\n

<\/p>\n

javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x610df808: Failure in SSL library, usually a protocol error\n    error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external\/openssl\/ssl\/s23_clnt.c:741 0x410f976a:0x00000000)<\/code><\/pre>\n
\u95ee\u9898\u539f\u56e0<\/h2>\n
\u7531\u4e8e\u96c6\u6210\u7684 SSL \u5e93\u7248\u672c\u4e0d\u540c\uff0c\u4e0d\u540c Android \u7248\u672c\u7684\u9ed8\u8ba4 SSL\/TLS \u7248\u672c\u914d\u7f6e\u5982\u4e0b\u8868\uff1a<\/p>\n\n\n\n\n\n\n\n\n
Protocol<\/th>\nSupported (API Levels)<\/th>\nEnabled by default (API Levels)<\/th>\n<\/tr>\n<\/thead>\n
SSLv3<\/td>\n1\u201325<\/td>\n1\u201322<\/td>\n<\/tr>\n
TLSv1<\/td>\n1+<\/td>\n1+<\/td>\n<\/tr>\n
TLSv1.1<\/td>\n16+<\/td>\n20+<\/td>\n<\/tr>\n
TLSv1.2<\/td>\n16+<\/td>\n20+<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\u5728 Android 5.0 \u4e4b\u524d\uff0c\u6700\u9ad8\u652f\u6301\u7684 SSL\/TLS \u7248\u672c\u4e3a TLSv1\uff0c\u800c\u8fd9\u4e2a\u7248\u672c\u5b9e\u9645\u4e0a\u662f\u4e00\u4e2a\u5b89\u5168\u6027\u5e76\u4e0d\u662f\u592a\u597d\u7684\u7248\u672c\uff0c\u5f53\u524d\u5df2\u7ecf\u6709\u8bb8\u591a\u7f51\u7ad9\u914d\u7f6e\u4e3a\u4e0d\u518d\u652f\u6301\u8fd9\u79cd\u8001\u7248\u672c\u7684 SSL\/TLS\u3002<\/p>\n
\u5728 Android 4.X \u7684\u8bbe\u5907\u4e0a\uff0c\u4f7f\u7528\u76f8\u540c\u7248\u672c\u7684 OkHttp \u8bbf\u95ee\u6700\u4f4e\u652f\u6301 TLSv1.1 \u53ca\u66f4\u4f4e SSL\/TLS \u7248\u672c\u7684 HTTPS \u670d\u52a1\u5668\u65f6\uff0cHTTPS \u8fde\u63a5\u4f1a\u5728\u63e1\u624b\u9636\u6bb5\u5931\u8d25\u3002<\/p>\n
\u95ee\u9898\u89e3\u51b3<\/h2>\n
\u4e3a\u8bf7\u6c42\u7684\u7f51\u7edc\u5ba2\u6237\u7aef\u8bbe\u7f6e\u4e00\u4e2a\u7279\u6b8a\u7684SSLSocketFactory<\/h3>\n
public class Tls12SocketFactory extends SSLSocketFactory {\n    private static final String[] TLS_SUPPORT_VERSION = {"TLSv1.1", "TLSv1.2"};\n\n    final SSLSocketFactory delegate;\n\n    public Tls12SocketFactory(SSLSocketFactory base) {\n        this.delegate = base;\n    }\n\n    @Override\n    public String[] getDefaultCipherSuites() {\n        return delegate.getDefaultCipherSuites();\n    }\n\n    @Override\n    public String[] getSupportedCipherSuites() {\n        return delegate.getSupportedCipherSuites();\n    }\n\n    @Override\n    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {\n        return patch(delegate.createSocket(s, host, port, autoClose));\n    }\n\n    @Override\n    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {\n        return patch(delegate.createSocket(host, port));\n    }\n\n    @Override\n    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {\n        return patch(delegate.createSocket(host, port, localHost, localPort));\n    }\n\n    @Override\n    public Socket createSocket(InetAddress host, int port) throws IOException {\n        return patch(delegate.createSocket(host, port));\n    }\n\n    @Override\n    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {\n        return patch(delegate.createSocket(address, port, localAddress, localPort));\n    }\n\n    private Socket patch(Socket s) {\n        if (s instanceof SSLSocket) {\n            ((SSLSocket) s).setEnabledProtocols(TLS_SUPPORT_VERSION);\n        }\n        return s;\n    }\n}<\/code><\/pre>\n
\u8bbe\u7f6eOkHttpClient<\/h3>\n
public class SSLHelper {\n\n    private static X509TrustManager getDefaultTrustManager() {\n        try {\n            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(\n                    TrustManagerFactory.getDefaultAlgorithm());\n            trustManagerFactory.init((KeyStore) null);\n            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();\n            if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {\n                throw new IllegalStateException("Unexpected default trust managers:"\n                        + Arrays.toString(trustManagers));\n            }\n            return (X509TrustManager) trustManagers[0];\n        } catch (GeneralSecurityException e) {\n            throw new AssertionError(); \/\/ The system has no TLS. Just give up.\n        }\n    }\n\n    private static TrustManager[] getTrustManagers(InputStream... certificates) {\n        if (certificates == null || certificates.length <= 0) return null;\n        try {\n            \/\/\u6784\u9020CertificateFactory\u5bf9\u8c61\n            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");\n            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());\n            keyStore.load(null);\n            int index = 0;\n            for (InputStream certificate : certificates) {\n                String certificateAlias = Integer.toString(index++);\n                \/\/\u5f97\u5230Certificate\u5e76\u653e\u5165\u5230keyStore\u4e2d\n                keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));\n                try {\n                    if (certificate != null)\n                        certificate.close();\n                } catch (IOException e) {\n                }\n            }\n            \/\/\u5229\u7528keyStore\u521d\u59cb\u5316TrustManagerFactory\n            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());\n            trustManagerFactory.init(keyStore);\n            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();\n            return trustManagers;\n        } catch (NoSuchAlgorithmException e) {\n            e.printStackTrace();\n        } catch (CertificateException e) {\n            e.printStackTrace();\n        } catch (KeyStoreException e) {\n            e.printStackTrace();\n        } catch (Exception e) {\n            e.printStackTrace();\n        }\n        return null;\n    }\n\n    public static OkHttpClient.Builder enableTls12OnPreLollipop(OkHttpClient.Builder client, InputStream... certificates) {\n        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN && Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {\n            Tls12SocketFactory socketFactory = null;\n            TrustManager[] trustManagers = null;\n            try {\n                trustManagers = getTrustManagers(certificates);\n                SSLContext sslContext = SSLContext.getInstance("TLS");\n                sslContext.init(null, trustManagers, null);\n                socketFactory = new Tls12SocketFactory(sslContext.getSocketFactory());\n                client.sslSocketFactory(socketFactory, (X509TrustManager) trustManagers[0]);\n            } catch (Exception e) {\n                Log.e("yezhou", "Error while setting TLS", e);\n                if (trustManagers != null) {\n                    try {\n                        SSLContext sc = SSLContext.getInstance("TLSv1.2");\n                        sc.init(null, trustManagers, null);\n                        socketFactory = new Tls12SocketFactory(sc.getSocketFactory());\n                        client.sslSocketFactory(socketFactory, (X509TrustManager) trustManagers[0]);\n                    } catch (Exception e12) {\n                        Log.e("yezhou", "Error while setting TLS 1.2", e12);\n                    }\n                }\n            }\n\n            ConnectionSpec cs = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)\n                    .tlsVersions(TlsVersion.TLS_1_2)\n                    .build();\n\n            List<ConnectionSpec> specs = new ArrayList<>();\n            specs.add(cs);\n            specs.add(ConnectionSpec.COMPATIBLE_TLS);\n            specs.add(ConnectionSpec.CLEARTEXT);\n\n            client.connectionSpecs(specs);\n        }\n        return client;\n    }\n}<\/code><\/pre>\n
\u521d\u59cb\u5316OkHttpClient<\/h3>\n
private OkHttpClient initOkHttpClient()  {\n    OkHttpClient builder = OkHttpClient.Builder()\n    OkHttpClient.Builder clientBuilder = new OkHttpClient.Builder()\n            .followRedirects(true)\n            .followSslRedirects(true)\n            .retryOnConnectionFailure(true)\n            .cache(null)\n            .connectTimeout(10L, TimeUnit.SECONDS)  \/\/\u8bbe\u7f6e\u8bfb\u53d6\u8d85\u65f6\u65f6\u95f4\n            .writeTimeout(10L, TimeUnit.SECONDS)  \/\/\u8bbe\u7f6e\u5199\u7684\u8d85\u65f6\u65f6\u95f4\n            .readTimeout(10L, TimeUnit.SECONDS);  \/\/\u8bbe\u7f6e\u8fde\u63a5\u8d85\u65f6\u65f6\u95f4\n\n    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN && Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {\n        InputStream is = null;\n        try {\n            is = context.getAssets().open("appblog.cer");\n        } catch (IOException e) {\n            e.printStackTrace();\n        }\n        SSLHelper.enableTls12OnPreLollipop(clientBuilder, is);\n    }\n    return builder.build()\n}<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
\u95ee\u9898\u63cf\u8ff0 Glide\u52a0\u8f7dhttps\u56fe\u7247\uff1ahttps:\/\/futurestud.io\/tutorials\/gli […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[116],"tags":[],"class_list":["post-1256","post","type-post","status-publish","format-standard","hentry","category-okhttp"],"_links":{"self":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1256"}],"version-history":[{"count":0,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1256\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}