SSLSOcket在Android6.0中出错原因

发生情境：

通过sslsocket在Android API23以下正常通讯，但在Android6.0时，报错；错误信息如下：

Android端报错：

core_booster, getBoosterConfig = false
javax.net.ssl.SSLHandshakeException: Handshake failed
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
at com.android.org.conscrypt.OpenSSLSocketImpl.getOutputStream(OpenSSLSocketImpl.java:615)

Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7fa0a92880: Failure in SSL library, usually a protocol error
error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0x7f9e04c860:0x00000001)
error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:750 0x7f92721518:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)

服务端报错：

javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source)
at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at java.io.DataInputStream.readLine(Unknown Source)
at com.bbcvision.ssl.Server$ReceiveSocket.getHttpHeader(Server.java:209)
at com.bbcvision.ssl.Server$ReceiveSocket.run(Server.java:236)

原因：

Android6.0（API 23）KeyStore发生更改，不在支持DSA，但仍旧支持ECDSA。所以，查看你的SSLSocket签名算法是否包含DSA，是的话就换个。若有其它原因，欢迎交流。

Android Keystore Changes

With this release, the Android Keystore provider no
longer supports DSA. ECDSA is still supported.
Keys which do not require encryption at rest will no
longer be deleted when secure lock screen is disabled or
reset (for example, by the user or a Device Administrator).
Keys which require encryption at rest will be deleted during these events.

这是官方文档里的更改说明。