我在Retrofit中使用OkHttp作为客户端。我无法访问特定的https url。该服务器仅支持TLS 1.0和以下密码 TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5
下面是我实例化OkHttpClient的方式:
OkHttpClient client = new OkHttpClient();
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
client.setSslSocketFactory(sslSocketFactory);
client.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
} catch (Exception e) {
throw new RuntimeException(e);
}
return client;
}
我的应用程序一直抛出这个异常:
注:该异常可能是由于 SSL 版本不兼容导致的。javax.net.ssl.SSLProtocolException: SSL 握手中止: ssl=0x9742f000: SSL 库中的故障,通常是协议错误 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:770 0xab9fcc4d:0x00000000)
supportsTlsExtensions(true)是关键。你帮我节省了很多时间,谢谢! - IgorGanapolsky