android – 为什么Volley会回归到SSLV3?

前端之家收集整理的这篇文章主要介绍了android – 为什么Volley会回归到SSLV3?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我一直在监视我的应用程序错误,我看到以下错误太多次了
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8f0fc28: Failure in SSL library,usually a protocol error

错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败(外部/ openssl / ssl / s23_clnt.c:741 0xaa48cd5c:0x00000000)-javax.net.ssl.SSLHandshakeException:javax.net.ssl.SSLProtocolException:SSL握手中止: ssl = 0xb8f0fc28:SSL库失败,通常是协议错误
错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败(external / openssl / ssl / s23_clnt.c:741 0xaa48cd5c:0x00000000)

您可以看到错误是关于SSLV3和我的服务器仅支持TLSV1.2.

看起来在某些客户端Volley回归使用SSLV3(由于某种原因)并且他们得到了一个错误.

收到此错误用户在Android 4.4.2,4.4.4和4.1.1及更高版本上.

有趣的是,我也在同一个应用程序中使用DefaultHttpClient,但它似乎没有报告相同的问题.

我在Volley中使用默认的HurlStack

我见过以下……
Disable SSL as a protocol in HttpsURLConnection


https://code.google.com/p/android/issues/detail?id=78187

那么我的选择是什么?

>我的假设是否正确,Volley会回归到SSLV3?
>为什么凌空倒退到SSLV3?换句话说,导致回退的原始失败是什么以及如何解决
>我最近下载了Volley,但我不确定它是最新的.我如何找到我的版本?

有什么想法吗?

解决方法

您的服务器不支持SSLv3,因为它有一些安全问题,不应该使用.

在Kitkat之前使用Android版本时,必须使用套接字工厂删除SSLv3以用作默认配置:

public class VolleyToolBoxExtension extends Volley {
    /** Default on-disk cache directory. */
    private static final String DEFAULT_CACHE_DIR = "volley";

    /**
     * Creates a default instance of the worker pool and calls {@link RequestQueue#start()} on it.
     *
     * @param context A {@link Context} to use for creating the cache dir.
     * @param stack An {@link HttpStack} to use for the network,or null for default.
     * @return A started {@link RequestQueue} instance.
     */
    public static RequestQueue newRequestQueue(Context context,HttpStack stack) {
        File cacheDir = new File(context.getCacheDir(),DEFAULT_CACHE_DIR);
        String userAgent = "volley/0";
        try {
            String packageName = context.getPackageName();
            PackageInfo info = context.getPackageManager().getPackageInfo(packageName,0);
            userAgent = packageName + "/" + info.versionCode;
        } catch (PackageManager.NameNotFoundException e) {

        }
        if (stack == null) {
            if (Build.VERSION.SDK_INT >= 9) {
                if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
                    // Use a socket factory that removes sslv3
                    stack = new HurlStack(null,new NoSSLv3Compat.NoSSLv3Factory());
                } else {
                    stack = new HurlStack();
                }
            } else {
                // Prior to Gingerbread,HttpUrlConnection was unreliable.
                // See: http://android-developers.blogspot.com/2011/09/androids-http-clients.html
                stack = new HttpClientStack(AndroidHttpClient.newInstance(userAgent));
            }
        }
        Network network = new BasicNetwork(stack);
        RequestQueue queue = new RequestQueue(new DiskBasedCache(cacheDir),network);
        queue.start();
        return queue;
    }

    /**
     * Creates a default instance of the worker pool and calls {@link RequestQueue#start()} on it.
     *
     * @param context A {@link Context} to use for creating the cache dir.
     * @return A started {@link RequestQueue} instance.
     */
    public static RequestQueue newRequestQueue(Context context) {
        return newRequestQueue(context,null);
    }

}

可以在这里找到NoSSLv3Compat类:
https://github.com/Floens/volley/blob/master/src/com/android/volley/compat/NoSSLv3Compat.java

使用此扩展来创建请求队列:

/**
     * @return The Volley Request queue,the queue will be created if it is null
     */
    public RequestQueue getRequestQueue() {
        // lazy initialize the request queue,the queue instance will be
        // created when it is accessed for the first time
        if (mRequestQueue == null) {
            // Create the request queue
            mRequestQueue = VolleyToolBoxExtension.newRequestQueue(getApplicationContext());
        }

        return mRequestQueue;
    }

您也可以使用Retrofit而不是Volley,因为Square发布了支持TLS版本配置的2.1库版本:

http://square.github.io/retrofit/

猜你在找的Android相关文章