我一直在监控我的应用错误,并且我看到以下错误次数
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8f0fc28: Failure in SSL library, usually a protocol error
错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败(external / openssl / ssl / s23_clnt.c:741 0xaa48cd5c:0x00000000)-javax.net.ssl.SSLHandshakeException:javax.net.ssl.SSLProtocolException:SSL握手中止:ssl = 0xb8f0fc28:SSL库失败,通常是协议错误 错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败(外部/ openssl / ssl / s23_clnt.c:741 0xaa48cd5c:0x00000000)
您可以看到错误是关于SSLV3而我的服务器仅支持TLSV1.2。
在某些客户看来,Volley会回归使用SSLV3(出于某种原因)并且他们会收到错误。
发生此错误的用户在Android 4.4.2,4.4.4和4.1.1及更高版本上。
有趣的是,我也在同一个应用程序中使用DefaultHttpClient,但它似乎没有报告相同的问题。
我在Volley中使用默认的HurlStack
我见过以下...... Disable SSL as a protocol in HttpsURLConnection
和 https://code.google.com/p/android/issues/detail?id=78187
那么我的选择是什么?
我的假设是否正确,Volley会回归到SSLV3?
为什么凌空倒退到SSLV3?换句话说,导致回退的原始失败是什么以及如何解决它?
我最近下载了Volley,但我不确定它是最新的。我如何找到我的版本?
有什么想法吗?
答案 0 :(得分:2)
您的服务器不支持SSLv3,因为它存在一些安全问题,因此不应使用。
在Kitkat之前使用Android版本时,必须使用套接字工厂删除SSLv3作为默认配置:
public class VolleyToolboxExtension extends Volley {
/** Default on-disk cache directory. */
private static final String DEFAULT_CACHE_DIR = "volley";
/**
* Creates a default instance of the worker pool and calls {@link RequestQueue#start()} on it.
*
* @param context A {@link Context} to use for creating the cache dir.
* @param stack An {@link HttpStack} to use for the network, or null for default.
* @return A started {@link RequestQueue} instance.
*/
public static RequestQueue newRequestQueue(Context context, HttpStack stack) {
File cacheDir = new File(context.getCacheDir(), DEFAULT_CACHE_DIR);
String userAgent = "volley/0";
try {
String packageName = context.getPackageName();
PackageInfo info = context.getPackageManager().getPackageInfo(packageName, 0);
userAgent = packageName + "/" + info.versionCode;
} catch (PackageManager.NameNotFoundException e) {
}
if (stack == null) {
if (Build.VERSION.SDK_INT >= 9) {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
// Use a socket factory that removes sslv3
stack = new HurlStack(null, new NoSSLv3Compat.NoSSLv3Factory());
} else {
stack = new HurlStack();
}
} else {
// Prior to Gingerbread, HttpUrlConnection was unreliable.
// See: http://android-developers.blogspot.com/2011/09/androids-http-clients.html
stack = new HttpClientStack(AndroidHttpClient.newInstance(userAgent));
}
}
Network network = new BasicNetwork(stack);
RequestQueue queue = new RequestQueue(new DiskBasedCache(cacheDir), network);
queue.start();
return queue;
}
/**
* Creates a default instance of the worker pool and calls {@link RequestQueue#start()} on it.
*
* @param context A {@link Context} to use for creating the cache dir.
* @return A started {@link RequestQueue} instance.
*/
public static RequestQueue newRequestQueue(Context context) {
return newRequestQueue(context, null);
}
}
可以在这里找到NoSSLv3Compat类: https://github.com/Floens/volley/blob/master/src/com/android/volley/compat/NoSSLv3Compat.java
使用此扩展程序创建请求队列:
/**
* @return The Volley Request queue, the queue will be created if it is null
*/
public RequestQueue getRequestQueue() {
// lazy initialize the request queue, the queue instance will be
// created when it is accessed for the first time
if (mRequestQueue == null) {
// Create the request queue
mRequestQueue = VolleyToolboxExtension.newRequestQueue(getApplicationContext());
}
return mRequestQueue;
}
你也可以使用Retrofit而不是Volley,因为Square发布了支持TLS版本配置的2.1版本的这个版本: