在Android中使用TLS并禁用SSL
我想在android客户端和delphi服务器之间创建一个安全连接。建议使用TLS1.1或TLS1.2以及自签名的证书 目前,sdk的最低版本是19 我找到了如何连接自签名证书的方法。但android客户端似乎总是试图连接SSLv3。我试着禁用SSLv3,只使用TLS,但我没有找到一个合适的解决方案,它支持自签名证书 注意:没有任何安全层或SSLv3,如果我告诉服务器使用none或SSLv3,则连接正常在Android中使用TLS并禁用SSL,android,ssl,httpurlconnection,httpsurlconnection,tls1.2,Android,Ssl,Httpurlconnection,Httpsurlconnection,Tls1.2,我想在android客户端和delphi服务器之间创建一个安全连接。建议使用TLS1.1或TLS1.2以及自签名的证书 目前,sdk的最低版本是19 我找到了如何连接自签名证书的方法。但android客户端似乎总是试图连接SSLv3。我试着禁用SSLv3,只使用TLS,但我没有找到一个合适的解决方案,它支持自签名证书 注意:没有任何安全层或SSLv3,如果我告诉服务器使用none或SSLv3,则连接正常 11-25 13:19:10.418 10247-10291/de.gold_softwar
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x71698c50: Failure in SSL library, usually a protocol error
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x388da166:0x00000000)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:448)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at com.android.okhttp.Connection.upgradeToTls(Connection.java:146)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at com.android.okhttp.Connection.connect(Connection.java:107)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:89)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:161)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at de.gold_software.wartungsmanager.server.TestController$TestAsyncTask.doInBackground(TestController.java:119)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at de.gold_software.wartungsmanager.server.TestController$TestAsyncTask.doInBackground(TestController.java:66)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at android.os.AsyncTask$2.call(AsyncTask.java:288)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at java.util.concurrent.FutureTask.run(FutureTask.java:237)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
11-25 13:19:10.418 10247-10291/de.gold_software.wartungsmanager W/System.err: at java.lang.Thread.run(Thread.java:841)
CertificateFactory cf = CertificateFactory.getInstance("X.509");
caInput = new BufferedInputStream(getMyContext().getResources().openRawResource(R.raw.proxyserver));
Certificate ca = cf.generateCertificate(caInput);
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, tmf.getTrustManagers(), null);
URL url = new URL("https://192.168.1.177:443");
conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(context.getSocketFactory());
conn.setReadTimeout(10000);
conn.setConnectTimeout(15000);
conn.setRequestMethod("POST");
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setRequestProperty("Content-Type", "text/plain; charset=utf-8");
conn.connect();
SSLContext context = SSLContext.getInstance("TLS");
SSLContext context=SSLContext.getInstance(“TLSv1.2”)
另一件事可能是:
System.setProperty("https.protocols", "TLS"); //somewhere in Java code, in main f.e.
甚至可能
System.setProperty("https.protocols", "TLSv1"); //worked by me
但请小心,此设置将保存很长时间
另外,在Java JRE文件夹中,您可以找到文件JRE/lib/security/Java.security,您可以在其中找到这样一行并对其进行更改,或者只添加这一行(仅当不存在时):
或者结合最后两种解决方案
jdk.tls.disabledAlgorithms=SSLv3