Question

我正在尝试使用Mina和android。到目前为止一切正常。现在我正在尝试动态地使用SSLFilter添加SSL支持。我的问题是在设备上，我得到'isSSLStarted''true'但是当我发送消息时，我的连接被关闭了。任何人都可以帮我分析和解决这个问题？这是由于握手失败吗？如何检查握手是否成功。

更多细节。我正在使用JSON通信。

SSLContext c = SSLContext.getInstance( "TLS" );
c.init(null, null, null);          
 SslFilter sslFilter = new SslFilter(c);
sslFilter.setUseClientMode(true);
session.getFilterChain().addFirst("mySSL", sslFilter);
session.setAttribute(SslFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE);
--sending msg in JSON
assert session.getAttribute(SslFilter.DISABLE_ENCRYPTION_ONCE) == null;
Log.v(TAG,"isSslStarted:"+sslFilter.isSslStarted(session));

==＆GT;它给出了真实。

提前致谢。

当我尝试使用普通java连接时，我遇到了以下问题。

javax.net.ssl.SSLHandshakeException: SSL handshake failed.
    at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:487)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
    at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:410)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:710)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:664)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:653)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1124)
    at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:744)

Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
    at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
    at org.apache.mina.filter.ssl.SslHandler.unwrap(SslHandler.java:728)
    at org.apache.mina.filter.ssl.SslHandler.unwrapHandshake(SslHandler.java:666)
    at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:552)
    at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:351)
    at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:468)

Answer 1

调用“write”方法时，

isSSLStarted标志将被删除...您可以浏览此链接：

http://mina.apache.org/mina-project/apidocs/org/apache/mina/filter/ssl/SslFilter.html?_sm_au_=iNMNsvHrtNLTFqfF#DISABLE_ENCRYPTION_ONCE

Answer 2

最后，我能够使用普通的java成功握手。我的实现类似于以下内容。

public void startTLS() {

    try {
        sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, trustCerts, null);
    } catch(NoSuchAlgorithmException nsa) {
        System.out.println("Exception : No Such Algorithm");
    } catch(KeyManagementException kme) {
        System.out.println("Exception : KeyManagementException:");
    }//try-catch


    IoFilterChain chain = session.getFilterChain();
    SslFilter sslFilter = (SslFilter) chain.get("sslFilter");

    if (sslFilter == null) {
        sslFilter = new SslFilter(sslContext);
        sslFilter.setUseClientMode(true);
        if ((cipherSuites != null) && !cipherSuites.isEmpty()) {
            sslFilter.setEnabledCipherSuites(cipherSuites.toArray( new String[cipherSuites.size()] )); 
        } 

        chain.addFirst("sslFilter", sslFilter);

    }else {
        try {
            sslFilter.startSsl(this.session);
        } catch(SSLException se) {
            System.out.println("SslException:"+se);
        }
    }//if-else

}//startTLS

但Android失败了。看起来这是一个古老的已知问题。

http://code.google.com/p/android/issues/detail?id=4914

https://issues.apache.org/jira/browse/DIRMINA-972

如果我犯了任何错误，请告诉我。

谢谢。

使用ssl与Apache Mina＆amp;安卓

2 个答案: