参考:https://blog.csdn.net/weixin_54087854/article/details/134625241
https://blog.csdn.net/weixin_35647799/article/details/117684065
Android4.4.2发送https请求时,出现错误:
javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7eabc88: Failure in SSL library, usually a protocol error error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version (external/openssl/ssl/s23_clnt.c:741 0xa4fb8d5c:0x00000000)
SSLSocket的setEnabledProtocols配置支持TLSv1.1,TLSv1.2协议
辅助类
import android.os.Build;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class SSLSocketFactoryCompat extends SSLSocketFactory {
private static final String[] TLS_V12_ONLY = {"TLSv1.2"};
private final SSLSocketFactory delegate;
public SSLSocketFactoryCompat() throws KeyManagementException, NoSuchAlgorithmException {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, null, null);
delegate = sc.getSocketFactory();
}
public SSLSocketFactoryCompat(SSLSocketFactory delegate) {
if (delegate == null) {
throw new NullPointerException();
}
this.delegate = delegate;
}
@Override
public String[] getDefaultCipherSuites() {
return delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return delegate.getSupportedCipherSuites();
}
private Socket enableTls12(Socket socket) {
if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 20) {
if (socket instanceof SSLSocket) {
((SSLSocket) socket).setEnabledProtocols(TLS_V12_ONLY);
}
}
return socket;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return enableTls12(delegate.createSocket(s, host, port, autoClose));
}
@Override
public Socket createSocket(String host, int port) throws IOException {
return enableTls12(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
return enableTls12(delegate.createSocket(host, port, localHost, localPort));
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return enableTls12(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return enableTls12(delegate.createSocket(address, port, localAddress, localPort));
}
}
TrustAllCerts类
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
public class TrustAllCerts implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) {}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) {}
@Override
public X509Certificate[] getAcceptedIssuers() {return new X509Certificate[0];}
}
创建OkHttpClient方法
OkHttpClient okHttpClient = null;
//日志拦截器
LoggingInterceptor loggingInterceptor = new LoggingInterceptor();
GzipRequestInterceptor gzipRequestInterceptor = new GzipRequestInterceptor();
// 邢帅杰 update 2023-08-08 新增用于https证书信任
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.connectTimeout(timeout, TimeUnit.SECONDS);//响应时间
builder.readTimeout(timeout, TimeUnit.SECONDS);//读取时间
builder.addInterceptor(loggingInterceptor);//添加日志拦截器
// 信任https证书
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
//信任所有https证书
TrustAllCerts trustAllCerts = new TrustAllCerts();
//安卓系统版本号
String androidVer = String.valueOf(android.os.Build.VERSION.RELEASE);//安卓4:4.4.2
//sdk版本号
int sdkVer = Build.VERSION.SDK_INT;//安卓4:19
//创建管理器
//如果是安卓4,强制启用TLSv1.2
try {
SSLContext sslContext = null;
SSLSocketFactory factory = null;
if (sdkVer == 19 || "4.4.2".equals(androidVer) || androidVer.startsWith("4.")) {
sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, new TrustManager[]{trustAllCerts}, new SecureRandom());
//为OkHttpClient设置sslSocketFactory
factory = new SSLSocketFactoryCompat(sslContext.getSocketFactory());
} else {
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{trustAllCerts}, new SecureRandom());
factory = sslContext.getSocketFactory();
}
builder.sslSocketFactory(factory, trustAllCerts);
okHttpClient = builder.build();
} catch (Exception e) {
e.printStackTrace();
}
标签:String,Android4.4,发送,delegate,https,import,Override,new,public From: https://www.cnblogs.com/xsj1989/p/18626880