在Android 4.4中启用TLS 1.2

前端之家收集整理的这篇文章主要介绍了在Android 4.4中启用TLS 1.2前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我使用Retrofit和OkHttp3来发出请求.我知道在 Android 4.4 TLS 1.1和TLS 1.2中没有启用defult.所以我想尝试启用它们.但到目前为止,我没有成功.我读到这可能是android工作室模拟器的一个问题,但是我无法在带有andoroid 4.4 rigthnow的真实设备上进行测试

这是我到目前为止所做的:

private <S> S createService(Class<S> serviceClass) {
    Retrofit retrofit = builder.client(getNewHttpClient()).build();
    return retrofit.create(serviceClass);
}

private OkHttpClient getNewHttpClient() {
    OkHttpClient.Builder clientBuilder = new OkHttpClient.Builder()
            .connectTimeout(10,TimeUnit.SECONDS)
            .writeTimeout(10,TimeUnit.SECONDS)
            .readTimeout(0,TimeUnit.MINUTES); // Disable timeouts for read

    return enableTls12OnPreLollipop(clientBuilder).build();
}


public static OkHttpClient.Builder enableTls12OnPreLollipop(OkHttpClient.Builder client) {
    if (Build.VERSION.SDK_INT == Build.VERSION_CODES.KITKAT) {
        try {
            client.sslSocketFactory(new TLSSocketFactory());

            ConnectionSpec cs = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
                    .tlsVersions(TlsVersion.TLS_1_2)
                    .build();

            List<ConnectionSpec> specs = new ArrayList<>();
            specs.add(cs);
            specs.add(ConnectionSpec.COMPATIBLE_TLS);
            specs.add(ConnectionSpec.CLEARTEXT);

            client.connectionSpecs(specs);
        } catch (Exception exc) {
            Log.e("OkHttpClientProvider","Error while enabling TLS 1.2",exc);
        }
    }

    return client;
}

TLSSocketFactory CLASS

public class TLSSocketFactory extends SSLSocketFactory {
private SSLSocketFactory delegate;

public TLSSocketFactory() throws KeyManagementException,NoSuchAlgorithmException {
    SSLContext context = SSLContext.getInstance("TLS");
    context.init(null,null,null);
    delegate = context.getSocketFactory();
}

@Override
public String[] getDefaultCipherSuites() {
    return delegate.getDefaultCipherSuites();
}

@Override
public String[] getSupportedCipherSuites() {
    return delegate.getSupportedCipherSuites();
}

@Override
public Socket createSocket(Socket s,String host,int port,boolean autoClose) throws IOException {
    return enableTLSOnSocket(delegate.createSocket(s,host,port,autoClose));
}

@Override
public Socket createSocket(String host,int port) throws IOException,UnknownHostException {
    return enableTLSOnSocket(delegate.createSocket(host,port));
}

@Override
public Socket createSocket(String host,InetAddress localHost,int localPort) throws IOException,localHost,localPort));
}

@Override
public Socket createSocket(InetAddress host,int port) throws IOException {
    return enableTLSOnSocket(delegate.createSocket(host,port));
}

@Override
public Socket createSocket(InetAddress address,InetAddress localAddress,int localPort) throws IOException {
    return enableTLSOnSocket(delegate.createSocket(address,localAddress,localPort));
}

private Socket enableTLSOnSocket(Socket socket) {
    if(socket != null && (socket instanceof SSLSocket)) {
        ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.1","TLSv1.2"});
    }
    return socket;
}
}

我试过this但没有用.

我的错误是:javax.net.ssl.SSLProtocolException:SSL握手中止:ssl = 0xb829bae0:SSL库失败,通常是协议错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败(external / openssl / ssl / s23_clnt. c:741 0x8d9e3990:0x00000000)

解决方法

请试试这个: https://developer.android.com/training/articles/security-gms-provider.html.

它使用的是https://developers.google.com/android/reference/com/google/android/gms/security/ProviderInstaller,您需要在项目中使用Google API.

您只需要在您的应用程序中调用

@Override
public void onCreate() {
    super.onCreate();
    try {
        ProviderInstaller.installIfNeeded(this);
    } catch (GooglePlayServicesRepairableException | GooglePlayServicesNotAvailableException e) {
        e.printStackTrace();
    }
}

您还应该删除自定义SSLfactory.

猜你在找的Android相关文章