我正在尝试在服务器和Android客户端之间创建TLS v1.2通信。 我建立了TLS v1.0连接有任何问题,但我不能得到v1.2。 这是服务器代码:
char[] passphrase = "myComplexPass1".toCharArray();
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(new FileInputStream("cacerts"), passphrase);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keystore, passphrase);
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
SSLContext sslContext.init(keyManagers, null, null);
SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(port);
sslServerSocket.setEnabledProtocols(new String [] { "TLSv1", "TLSv1.1", "TLSv1.2" });
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(false);
sslServerSocket.setNeedClientAuth(false);
sslSocket = (SSLSocket)sslServerSocket.accept();
虽然这是客户端代码:
char[] passphrase = "myComplexPass1".toCharArray();
KeyStore keystore = KeyStore.getInstance("BKS");
keystore.load(this.getApplicationContext().getResources().openRawResource(R.raw.jb), passphrase);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, passphrase);
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
Log.d("Context Protocol",sslContext.getProtocol());//this prints correctly TLS v1.2!
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
TrustManager[] trustManagers = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
{
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
{
}
}
};
sslContext.init(keyManagers, trustManagers, new SecureRandom());
SSLSocketFactory sslSocketFactory = (SSLSocketFactory) sslContext.getSocketFactory();
SSLSocket skt = (SSLSocket) sslSocketFactory.createSocket(HOST, PORT);
skt.setKeepAlive(true);
客户端代码,在我的电脑上运行在JRE7上的java客户端编写,完美有效,我看到带有正确密码的getProtocol(服务器端)TLSv1.2,由tlsv1.2支持。 android上的相同代码构成了tlsv1.0连接! 我真的不理解。 在Java客户端JRE7工作,在Android ONLY tlsv1.0上 有什么建议吗?
这是我的第一个问题,我搜索了很多。可能我的格式不正确:(
答案 0 :(得分:10)
有点迟到要回答这个问题,但也许其他人需要回答。
我遇到了同样的问题。无论您是否为SSLContext.init()方法提供TLSv1.2,我尝试过的某些Android版本都不支持TLS 1.2。您必须使用setEnabledProtocols()在客户端套接字上启用它,就像对服务器套接字一样。对我来说,我是在我创建的自定义SSLSocketFactory中完成的:
public class MySSLSocketFactory extends SSLSocketFactory
throws NoSuchAlgorithmException {
private SSLContext mSSLContext;
public MySSLSocketFactory(KeyManager km) {
...
mSSLContext = SSLContext.getInstance("TLSv1.2");
...
mSSLContext.init(new KeyManager[] {km}, null, null);
...
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
throws IOException {
SSLSocket s = (SSLSocket)mSSLContext.getSocketFactory().createSocket(socket, host, port, autoClose);
s.setEnabledProtocols(new String[] {"TLSv1.2"} );
return s;
}
...
}