logo标签列表

安卓SSL握手异常:在安卓6.0.1上握手失败

androidsslsslhandshakeexception
3
自从一周前进行请求时,我收到了SSLHandshakeException错误。在互联网上搜索,没有找到解决问题的方法。代码以前可以工作,没有任何更改就停止了工作。SSL证书有效,在浏览器上和Android设备上都可以使用,但是应用程序无法使用。
我在Android 6.0.1上的Nexus 5上运行该应用程序。该应用程序使用Volley来发出请求,只是正常的东西。
最奇怪的事情是,当从设备中删除该应用程序,然后运行该应用程序时,它能够工作。但之后就不行了。
完整的堆栈跟踪:
com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: Handshake failed
      at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:151)
      at com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:112)
    Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396)
      at com.android.okhttp.internal.http.SocketConnector.connectTls(SocketConnector.java:103)
      at com.android.okhttp.Connection.connect(Connection.java:143)
      at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:185)
      at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
      at com.android.okhttp.internal.http.HttpEngine.nextConnection(HttpEngine.java:341)
      at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330)
      at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:248)
      at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:437)
      at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:388)
      at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponseCode(HttpURLConnectionImpl.java:501)
      at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getResponseCode(DelegatingHttpsURLConnection.java:105)
      at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java)
      at com.android.volley.toolbox.HurlStack.performRequest(HurlStack.java:110)
      at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:96)
      at com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:112) 
    Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
      ... 16 more
      Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
        ... 16 more
      Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
        ... 16 more
      Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xab1e5c00: Failure in SSL library, usually a protocol error
    error:100c543e:SSL routines:ssl3_read_bytes:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:972 0xab4705c0:0x00000001)
      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
        ... 15 more
    Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xab1e5c00: Failure in SSL library, usually a protocol error
    error:100c543e:SSL routines:ssl3_read_bytes:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:972 0xab4705c0:0x00000001)
      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
      ... 15 more
    Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xab1e5c00: Failure in SSL library, usually a protocol error
    error:100c543e:SSL routines:ssl3_read_bytes:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:972 0xab4705c0:0x00000001)
      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
      ... 15 more
    Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xab1e5c00: Failure in SSL library, usually a protocol error
    error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0xab4705c0:0x00000001)
    error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:750 0xab23259f:0x00000000)
      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
      ... 15 more
1个回答
2
如此解释:https://github.com/square/okhttp/issues/1582#issuecomment-97104082 您可能处于以下情况之一:

  1. 您访问名为 https://example.com 的网站,但您最终进入的是一个看似位于 https://example.com 的网站,但它向您提供了一个来自 https://no-example.com 的证书。OkHttp 将正确地拒绝此连接。在像 Chrome 这样的浏览器中,您将在控制台中看到类似“这不是您认为的页面”的警告

  2. 其他异常显示服务器提供了证书,但由于根证书未在客户端设备上(或已过期),因此不能信任该证书

您需要更多地调试 SSL 问题,可能是由于服务器上错误的证书配置或客户端上缺少/过期的证书。当您确定问题所在时,可以尝试类似此内容
嗨MatPag,感谢您的回复。1.我们已经检查过了,证书是有效的(在Chrome上也是如此)。我们已经向我们的证书供应商询问是否知道什么情况。2.您知道如何调试客户端缺失/过期的证书吗? - TomWebDev
你应该能够在互联网上找到一些示例,了解如何获取证书,并将其与客户端上安装的证书进行匹配,以查看是否缺失。在这种情况下,您应该手动将证书添加到受信任的证书列表中。如果需要帮助,请阅读此处 - MatPag
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接