Android 4.1至4.4 KitKat-为API启用TLS1.2
在尝试禁用TLS1.0时,有KitKat设备需要访问我的API。我尝试过重写默认套接字工厂,但没有成功。我已尝试转换为okhttp。仍然不起作用。如何让Android KitKat连接到我的API?我在棒棒糖前的设备上也遇到了同样的问题。在我使用改型时,这里是针对OkHttp的解决方案Android 4.1至4.4 KitKat-为API启用TLS1.2,android,android-4.4-kitkat,tls1.2,pci-compliance,pci-dss,Android,Android 4.4 Kitkat,Tls1.2,Pci Compliance,Pci Dss,在尝试禁用TLS1.0时,有KitKat设备需要访问我的API。我尝试过重写默认套接字工厂,但没有成功。我已尝试转换为okhttp。仍然不起作用。如何让Android KitKat连接到我的API?我在棒棒糖前的设备上也遇到了同样的问题。在我使用改型时,这里是针对OkHttp的解决方案 Tls12SocketFactory.java: public class Tls12SocketFactory extends SSLSocketFactory { private static fin
Tls12SocketFactory.java
:
public class Tls12SocketFactory extends SSLSocketFactory {
private static final String[] TLS_V12_ONLY = {"TLSv1.2"};
final SSLSocketFactory delegate;
public Tls12SocketFactory(SSLSocketFactory base) {
this.delegate = base;
}
@Override
public String[] getDefaultCipherSuites() {
return delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return delegate.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return patch(delegate.createSocket(s, host, port, autoClose));
}
@Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
return patch(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
return patch(delegate.createSocket(host, port, localHost, localPort));
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return patch(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return patch(delegate.createSocket(address, port, localAddress, localPort));
}
private Socket patch(Socket s) {
if (s instanceof SSLSocket) {
((SSLSocket) s).setEnabledProtocols(TLS_V12_ONLY);
}
return s;
}
}
public class OkHttpUtills {
public static OkHttpClient createHttpClient() {
HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
logging.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient.Builder client = new OkHttpClient.Builder()
.followRedirects(true)
.followSslRedirects(true)
.addInterceptor(logging)
.cache(null)
.connectTimeout(15, TimeUnit.SECONDS)
.writeTimeout(15, TimeUnit.SECONDS)
.readTimeout(15, TimeUnit.SECONDS);
return enableTls12OnPreLollipop(client).build();
}
/**
* Enables TLSv1.2 protocol (which is disabled by default)
* on pre-Lollipop devices, as well as on Lollipop, because some issues can take place on Samsung devices.
*
* @param client OKHtp client builder
* @return
*/
private static OkHttpClient.Builder enableTls12OnPreLollipop(OkHttpClient.Builder client) {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN && Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP_MR1) {
try {
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, null, null);
client.sslSocketFactory(new Tls12SocketFactory(sc.getSocketFactory()));
ConnectionSpec cs = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
.tlsVersions(TlsVersion.TLS_1_2)
.build();
List<ConnectionSpec> specs = new ArrayList<>();
specs.add(cs);
specs.add(ConnectionSpec.COMPATIBLE_TLS);
specs.add(ConnectionSpec.CLEARTEXT);
client.connectionSpecs(specs);
} catch (Exception exc) {
Log.e("OkHttpTLSCompat", "Error while setting TLS 1.2", exc);
}
}
return client;
}
}
OkHttpUtils.java
:
public class Tls12SocketFactory extends SSLSocketFactory {
private static final String[] TLS_V12_ONLY = {"TLSv1.2"};
final SSLSocketFactory delegate;
public Tls12SocketFactory(SSLSocketFactory base) {
this.delegate = base;
}
@Override
public String[] getDefaultCipherSuites() {
return delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return delegate.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return patch(delegate.createSocket(s, host, port, autoClose));
}
@Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
return patch(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
return patch(delegate.createSocket(host, port, localHost, localPort));
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return patch(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return patch(delegate.createSocket(address, port, localAddress, localPort));
}
private Socket patch(Socket s) {
if (s instanceof SSLSocket) {
((SSLSocket) s).setEnabledProtocols(TLS_V12_ONLY);
}
return s;
}
}
public class OkHttpUtills {
public static OkHttpClient createHttpClient() {
HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
logging.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient.Builder client = new OkHttpClient.Builder()
.followRedirects(true)
.followSslRedirects(true)
.addInterceptor(logging)
.cache(null)
.connectTimeout(15, TimeUnit.SECONDS)
.writeTimeout(15, TimeUnit.SECONDS)
.readTimeout(15, TimeUnit.SECONDS);
return enableTls12OnPreLollipop(client).build();
}
/**
* Enables TLSv1.2 protocol (which is disabled by default)
* on pre-Lollipop devices, as well as on Lollipop, because some issues can take place on Samsung devices.
*
* @param client OKHtp client builder
* @return
*/
private static OkHttpClient.Builder enableTls12OnPreLollipop(OkHttpClient.Builder client) {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN && Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP_MR1) {
try {
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, null, null);
client.sslSocketFactory(new Tls12SocketFactory(sc.getSocketFactory()));
ConnectionSpec cs = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
.tlsVersions(TlsVersion.TLS_1_2)
.build();
List<ConnectionSpec> specs = new ArrayList<>();
specs.add(cs);
specs.add(ConnectionSpec.COMPATIBLE_TLS);
specs.add(ConnectionSpec.CLEARTEXT);
client.connectionSpecs(specs);
} catch (Exception exc) {
Log.e("OkHttpTLSCompat", "Error while setting TLS 1.2", exc);
}
}
return client;
}
}
公共类OkHttpUtills{
公共静态OkHttpClient createHttpClient(){
HttpLoggingInterceptor logging=新的HttpLoggingInterceptor();
logging.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient.Builder client=新的OkHttpClient.Builder()
.followRedirects(true)
.followslRedirects(true)
.addInterceptor(日志记录)
.cache(空)
.connectTimeout(15,时间单位为秒)
.writeTimeout(15,时间单位。秒)
.readTimeout(15,时间单位为秒);
返回enabletls12onprellollipop(client.build();
}
/**
*启用TLSv1.2协议(默认情况下禁用)
*在棒棒糖前的设备上,以及在棒棒糖上,因为一些问题可能发生在三星设备上。
*
*@param客户端OKHtp客户端生成器
*@返回
*/
私有静态OkHttpClient.Builder启用TLS12OnPrellolliPop(OkHttpClient.Builder客户端){
if(Build.VERSION.SDK\u INT>=Build.VERSION\u code.JELLY\u BEAN&&Build.VERSION.SDK\u INT
希望这能对您有所帮助。OkHttp 3.12.x将自动执行此操作,请参见作为旁注,此策略不适用于我的原因是因为我的AWS ALB配置使用了安全策略:ELBSecurityPolicy-TLS-1-2-2017-01我通过切换到ELBSecurityPolicy-TLS-1-1-2017-01解决了通信失败的问题,它提供了更多的密码。检查它是否对meThis有效是我唯一能找到解释为什么有些人对棒棒糖启用它的地方,因为一些问题可能发生在三星设备上。回答得很好!:)