我正在运行本地服务器(Android 应用程序中的嵌入式 https 服务器),它使用 .bks(自签名证书类型)。当 Android 应用程序尝试使用 ssl 连接时,它会出现以下错误。 在这里您还可以看到服务器日志打印启用的密码套件以及启用的协议(protocol)。 当我尝试使用 java 执行相同的测试用例时,一切正常。 只是,问题出在android中。任何帮助将不胜感激。 安卓版本 7.0 最小 SDK:22
I've already googled a lot with the following URL's but none of them helped me.
https://github.com/nelenkov/custom-cert-https/issues/1
https://stackoverflow.com/questions/11117486/wrong-version-of-keystore-on-android-call
http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html
https://stackoverflow.com/questions/11963852/wrong-version-of-key-store-error-how-can-i-create-a-version-1-keystore-certif/16050758
https://stackoverflow.com/questions/39275309/ssl-handshake-excetion-failure-in-ssl-library-usually-a-protocol-error
https://github.com/k9mail/k-9/issues/2146
http://callistaenterprise.se/blogg/teknik/2011/11/24/android-tlsssl-mutual-authentication/
https://developer.android.com/reference/java/security/KeyStore.html
https://developer.android.com/training/articles/security-ssl.html#nogotofail
https://developer.android.com/reference/javax/net/ssl/SSLSocket.html
https://www.synyx.de/blog/android-and-self-signed-ssl-certificates/
https://github.com/johnjohndoe/CampFahrplan/pull/1
https://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/
https://github.com/johnjohndoe/CampFahrplan/pull/1/files/06d3a93ca91bfe070fdd88fe8bf7b66b6ef6b5ba#diff-838fbd8111b382e1820f9f90e38407a1
https://stackoverflow.com/questions/7416096/android-webview-not-loading-an-https-url
https://stackoverflow.com/questions/29916962/javax-net-ssl-sslhandshakeexception-javax-net-ssl-sslprotocolexception-ssl-han
=======================================================
I/System.out: [Mon Mar 26 12:05:14 PDT 2018] TJWS httpd :: - ServerSocket[addr=::/::,localport=9161] is listening.
I/TJWSService: [2018-03-26 12:05:15.4 PDT] INFO [TJWSService(639)] - Serve running:true
I/TJWSService: [2018-03-26 12:05:15.4 PDT] INFO [TJWSService(639)] - TJWSServer has started!!!
D/SplashActivity: [2018-03-26 12:05:15.4 PDT] DEBUG [SplashActivity(655)] - com.rslakra.android.framework.events.AndroidEvent@58dc649
I/System.out: (HTTPLog)-Static: isSBSettingEnabled false
I/System.out: (HTTPLog)-Static: isSBSettingEnabled false
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledCipherSuites:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
I/System.out: TLS_ECDHE_RSA_WITH_RC4_128_SHA
I/System.out: TLS_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_128_CBC_SHA
I/System.out: SSL_RSA_WITH_RC4_128_SHA
I/System.out: TLS_PSK_WITH_RC4_128_SHA
I/System.out: SSL_RSA_WITH_RC4_128_MD5
I/System.out: SSL_RSA_WITH_3DES_EDE_CBC_SHA
I/System.out: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
I/System.out: TLS_FALLBACK_SCSV
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledProtocols:TLSv1
I/System.out: TLSv1.1
I/System.out: TLSv1.2
I/System.out: [Mon Mar 26 12:05:15 PDT 2018]
I/System.out: javax.net.ssl.SSLHandshakeException: Handshake failed
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:444)
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:713)
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:675)
I/System.out: at Acme.Serve.Serve$ServeConnection.<init>(Serve.java:2209)
I/System.out: at Acme.Serve.Serve.serve(Serve.java:991)
I/System.out: at com.rslakra.android.server.TJWSService$3.run(TJWSService.java:484)
I/System.out: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa6b56a00: Failure in SSL library, usually a protocol error
I/System.out: error:100000b8:SSL routines:OPENSSL_internal:NO_SHARED_CIPHER (external/boringssl/src/ssl/s3_srvr.c:1059 0x7fa503e253:0x00000000)
I/System.out: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
I/System.out: ... 5 more
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledCipherSuites:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
I/System.out: TLS_ECDHE_RSA_WITH_RC4_128_SHA
I/System.out: TLS_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_128_CBC_SHA
I/System.out: SSL_RSA_WITH_RC4_128_SHA
I/System.out: TLS_PSK_WITH_RC4_128_SHA
I/System.out: SSL_RSA_WITH_RC4_128_MD5
I/System.out: SSL_RSA_WITH_3DES_EDE_CBC_SHA
I/System.out: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
I/System.out: TLS_FALLBACK_SCSV
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledProtocols:TLSv1
I/System.out: TLSv1.1
I/System.out: TLSv1.2
I/System.out: [Mon Mar 26 12:05:15 PDT 2018]
I/System.out: javax.net.ssl.SSLHandshakeException: Handshake failed
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:444)
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:713)
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:675)
I/System.out: at Acme.Serve.Serve$ServeConnection.<init>(Serve.java:2209)
I/System.out: at Acme.Serve.Serve.serve(Serve.java:991)
I/System.out: at com.rslakra.android.server.TJWSService$3.run(TJWSService.java:484)
I/System.out: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa6b56a00: Failure in SSL library, usually a protocol error
I/System.out: error:1000009d:SSL routines:OPENSSL_internal:INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/ssl_lib.c:1475 0x7fa503e253:0x00000000)
I/System.out: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
I/System.out: ... 5 more
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledCipherSuites:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
I/System.out: TLS_ECDHE_RSA_WITH_RC4_128_SHA
I/System.out: TLS_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_128_CBC_SHA
I/System.out: SSL_RSA_WITH_RC4_128_SHA
I/System.out: TLS_PSK_WITH_RC4_128_SHA
I/System.out: SSL_RSA_WITH_RC4_128_MD5
I/System.out: SSL_RSA_WITH_3DES_EDE_CBC_SHA
I/System.out: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
I/System.out: TLS_FALLBACK_SCSV
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledProtocols:TLSv1
I/System.out: TLSv1.1
I/System.out: TLSv1.2
I/System.out: [Mon Mar 26 12:05:15 PDT 2018]
I/System.out: javax.net.ssl.SSLHandshakeException: Handshake failed
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:444)
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:713)
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:675)
I/System.out: at Acme.Serve.Serve$ServeConnection.<init>(Serve.java:2209)
I/System.out: at Acme.Serve.Serve.serve(Serve.java:991)
I/System.out: at com.rslakra.android.server.TJWSService$3.run(TJWSService.java:484)
I/System.out: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa6b56a00: Failure in SSL library, usually a protocol error
I/System.out: error:1000009d:SSL routines:OPENSSL_internal:INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/ssl_lib.c:1475 0x7fa503e253:0x00000000)
I/System.out: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
I/System.out: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
I/System.out: ... 5 more
E/TestConnection: [2018-03-26 12:05:15.5 PDT] ERROR [TestConnection(704)] - Handshake failed
javax.net.ssl.SSLHandshakeException: Handshake failed
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:444)
at com.android.okhttp.Connection.connectTls(Connection.java:1510)
at com.android.okhttp.Connection.connectSocket(Connection.java:1458)
at com.android.okhttp.Connection.connect(Connection.java:1413)
at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:1700)
at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:133)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:466)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:371)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:503)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:438)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:247)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java)
at com.rslakra.android.tjwsasapp.TestConnection.testSSLConnection(TestConnection.java:198)
at com.rslakra.android.tjwsasapp.SplashActivity.startMainActivity(SplashActivity.java:109)
at com.rslakra.android.tjwsasapp.SplashActivity.onEvent(SplashActivity.java:77)
at com.rslakra.android.framework.events.EventManager$EventHandler.handleMessage(EventManager.java:363)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:154)
at android.os.HandlerThread.run(HandlerThread.java:61)
Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
... 20 more
Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
... 20 more
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7fa0949e00: Failure in SSL library, usually a protocol error
error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0x7f91215060:0x00000001)
error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:800 0x7fa503e253:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
... 19 more
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7fa0949e00: Failure in SSL library, usually a protocol error
error:1000043e:SSL routines:OPENSSL_internal:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:641 0x7f91215060:0x00000001)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
... 19 more
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7fa0949e00: Failure in SSL library, usually a protocol error
error:1000043e:SSL routines:OPENSSL_internal:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:641 0x7f91215060:0x00000001)
at com.android.org.conscrypt.NativeCrypto.SSL_do_hands`enter code here`hake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
... 19 more
最佳答案
经过大量研究,我发现这个问题是由于无效的 .bks 文件引起的。我尝试使用 keytool 和 openssl 来生成 .bks 文件,但它们都不适合我。最后,我使用了“portecle-1.11”,它对我有用。
关于android - javax.net.ssl.SSLProtocolException : SSL handshake aborted: ssl=0x7fa6b56a00: Failure in SSL library, 通常是协议(protocol)错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49500178/