您的位置: 首页  >  技术问答  >  javax.net.ssl.SSLException:SSL 握手中止连接在调用 Web 服务 Android 时由对等方重置

javax.net.ssl.SSLException:SSL 握手中止连接在调用 Web 服务 Android 时由对等方重置

分类: 技术问答 2022-05-05 13:17:16
问题描述:

我正在调用 https webservice 并且它之前工作正常,但是现在当我尝试调用它时,它给了我以下错误.

I am calling https webservice and its works fine before, but now when i am trying to call it its give me following errors.

日志错误:

12-23 06:28:11.969: W/System.err(3014): javax.net.ssl.SSLException: SSL handshake aborted: ssl=0x1cc160: I/O error during system call, Connection reset by peer
12-23 06:28:11.979: W/System.err(3014):     at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
12-23 06:28:11.979: W/System.err(3014):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:474)
12-23 06:28:11.979: W/System.err(3014):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:750)
12-23 06:28:11.979: W/System.err(3014):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:692)
12-23 06:28:11.979: W/System.err(3014):     at crittercism.android.aa.getInputStream(Unknown Source)
12-23 06:28:11.979: W/System.err(3014):     at org.apache.http.impl.io.SocketInputBuffer.<init>(SocketInputBuffer.java:93)
12-23 06:28:11.979: W/System.err(3014):     at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:83)
12-23 06:28:11.979: W/System.err(3014):     at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:170)
12-23 06:28:11.979: W/System.err(3014):     at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:106)
12-23 06:28:11.979: W/System.err(3014):     at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:129)
12-23 06:28:11.979: W/System.err(3014):     at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:171)
12-23 06:28:11.989: W/System.err(3014):     at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
12-23 06:28:11.989: W/System.err(3014):     at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
12-23 06:28:11.989: W/System.err(3014):     at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:359)
12-23 06:28:11.989: W/System.err(3014):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
12-23 06:28:11.989: W/System.err(3014):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
12-23 06:28:11.989: W/System.err(3014):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)

我正在使用以下代码调用 https 网络服务.

I am using following code for calling https webservice.

public static void trustAllHosts() {

        X509TrustManager easyTrustManager = new X509TrustManager() {

            public void checkClientTrusted(X509Certificate[] chain,
                    String authType) throws CertificateException {
                // Oh, I am easy!
            }

            public void checkServerTrusted(X509Certificate[] chain,
                    String authType) throws CertificateException {
                // Oh, I am easy!
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

        };

        // Create a trust manager that does not validate certificate chains
        TrustManager[] trustAllCerts = new TrustManager[] { easyTrustManager };

        // Install the all-trusting trust manager
        try {
            SSLContext sc = SSLContext.getInstance("TLS");

            sc.init(null, trustAllCerts, new java.security.SecureRandom());

            HttpsURLConnection
                    .setDefaultSSLSocketFactory(sc.getSocketFactory());

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static HttpClient getNewHttpClient() {
        try {
            KeyStore trustStore = KeyStore.getInstance(KeyStore
                    .getDefaultType());
            trustStore.load(null, null);

            SSLSocketFactory sf = new MySSLSocketFactory(trustStore);
            sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

            HttpParams params = new BasicHttpParams();
            HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
            HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);

            SchemeRegistry registry = new SchemeRegistry();
            registry.register(new Scheme("http", PlainSocketFactory
                    .getSocketFactory(), 80));
            registry.register(new Scheme("https", sf, 443));

            ClientConnectionManager ccm = new ThreadSafeClientConnManager(
                    params, registry);

            return new DefaultHttpClient(ccm, params);
        } catch (Exception e) {
            return new DefaultHttpClient();
        }
    }

MySSLSocketFactory.java

public class MySSLSocketFactory extends SSLSocketFactory {
    SSLContext sslContext = SSLContext.getInstance("TLS");

    public MySSLSocketFactory(KeyStore truststore)
            throws NoSuchAlgorithmException, KeyManagementException,
            KeyStoreException, UnrecoverableKeyException {
        super(truststore);

        TrustManager tm = new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] chain,
                    String authType) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] chain,
                    String authType) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };

        sslContext.init(null, new TrustManager[] { tm }, null);
    }

    @Override
    public Socket createSocket(Socket socket, String host, int port,
            boolean autoClose) throws IOException, UnknownHostException {
        return sslContext.getSocketFactory().createSocket(socket, host, port,
                autoClose);
    }

    @Override
    public Socket createSocket() throws IOException {
        return sslContext.getSocketFactory().createSocket();
    }
}

之前还可以,但是现在不行了.服务器中没有任何更改.

It is working fine before, but now it fails. There are no any changes made in server.

我已经参考了

  1. Android-Query - 随机 SSLExceptions
  2. 对等端的间歇性连接重置Android 连接到 .NET REST 端点时出错
  3. Android HTTPS 异常连接由对等方重置
  4. 为什么在使用移动数据连接时 HttpUrlConnection 会抛出 SSLException?

我已经在 wifi 和移动数据中对其进行了测试.应用程序在这两种情况下都不起作用.

I have tested it in both wifi and mobile data. Application not works in both.

如果之前有人遇到过这个问题,请帮我解决.

If anybody face this problem before then please help me to solve it.

我也遇到了同样的异常.我发现这是因为服务器不支持 TLS 1.0 协议.

I also got the same exception. I found that it was due to TLS 1.0 protocol was not supported by server.

我观察到 Android 设备的 http 连接失败,服务器不支持 TLS 1.0.我搜索了有关该错误的所有地方,但没有找到与此问题相关的任何内容.当TLS 1.0 协议 支持被添加到服务器时,问题解决了.您可以使用 https://www.ssllabs.com/ssltest.

I observed that Android device, http connection fails to the server where TLS 1.0 is not supported. I searched every where about the bug, but did not find anything related to this problem. And the problem was solved, when the TLS 1.0 protocol support was added to the server.You can check your server / hostname protocol support using https://www.ssllabs.com/ssltest.

相关推荐