SSLSOcket在Android6.0中出错原因
2016-02-21 11:09
706 查看
发生情境:
通过sslsocket在Android API23以下正常通讯,但在Android6.0时,报错;错误信息如下:
Android端报错:
服务端报错:
原因:
Android6.0(API 23)KeyStore发生更改,不在支持DSA,但仍旧支持ECDSA。所以,查看你的SSLSocket签名算法是否包含DSA,是的话就换个。若有其它原因,欢迎交流。
Android Keystore Changes
这是官方文档里的更改说明。
通过sslsocket在Android API23以下正常通讯,但在Android6.0时,报错;错误信息如下:
Android端报错:
core_booster, getBoosterConfig = false javax.net.ssl.SSLHandshakeException: Handshake failed at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396) at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629) at com.android.org.conscrypt.OpenSSLSocketImpl.getOutputStream(OpenSSLSocketImpl.java:615) Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7fa0a92880: Failure in SSL library, usually a protocol error error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0x7f9e04c860:0x00000001) error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:750 0x7f92721518:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
服务端报错:
javax.net.ssl.SSLHandshakeException: no cipher suites in common at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source) at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source) at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker.process_record(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) at sun.security.ssl.AppInputStream.read(Unknown Source) at sun.security.ssl.AppInputStream.read(Unknown Source) at java.io.DataInputStream.readLine(Unknown Source) at com.bbcvision.ssl.Server$ReceiveSocket.getHttpHeader(Server.java:209) at com.bbcvision.ssl.Server$ReceiveSocket.run(Server.java:236)
原因:
Android6.0(API 23)KeyStore发生更改,不在支持DSA,但仍旧支持ECDSA。所以,查看你的SSLSocket签名算法是否包含DSA,是的话就换个。若有其它原因,欢迎交流。
Android Keystore Changes
With this release, the Android Keystore provider no longer supports DSA. ECDSA is still supported. Keys which do not require encryption at rest will no longer be deleted when secure lock screen is disabled or reset (for example, by the user or a Device Administrator). Keys which require encryption at rest will be deleted during these events.
这是官方文档里的更改说明。
相关文章推荐
- android-activity启动模式
- android五大布局
- Android 为应用创建、删除桌面快捷方式
- android菜单栏Menu
- android存储-sqlite
- Android汉字转拼音HanziToPinyin实测可用版
- android动画
- android意图Intent
- Android横竖屏幕切换小结
- android如何添加桌面图标和卸载程序后自动删除图标
- android监听事件
- android-文件存储
- android提示Toast的使用
- android四大组件之contentProvider
- android四大组件之service
- android四大组件之broadcast
- android四大组件之Activity
- android从图库(gallery)选择一张图片
- android MulticastLock
- Android 实现多个EditText互相监听遇到的问题及解决方法