使用Android 6(marshmallow)的SSLHandshakeException SSLProtocolException

时间:2015-11-05 13:59:13

标签: java android sockets ssl android-6.0-marshmallow

我有一个通过SSLSocket与服务器通信的应用程序。 从Android 6我收到SSLHandshakeException 

javax.net.ssl.SSLHandshakeException: Handshake failed
       at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396)
       at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
       at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591)
       at com.pandaproject.service.ClientSocket.sendPatient(ClientSocket.java:1355)
       at com.pandaproject.service.ClientSocket.uploadPatient(ClientSocket.java:826)
       at com.pandaproject.service.ClientSocket.<init>(ClientSocket.java:241)
       at com.pandaproject.service.UploadObject.getFromServer(UploadObject.java:201)
       at com.pandaproject.service.UploadObject.access$000(UploadObject.java:20)
       at com.pandaproject.service.UploadObject$1.run(UploadObject.java:97)
       at java.lang.Thread.run(Thread.java:818)
Caused by javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x9dea4280: Failure in SSL library, usually a protocol error
error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0xaee563c0:0x00000001)
error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:750 0xab2a450f:0x00000000)
       at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(NativeCrypto.java)
       at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
       at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
       at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591)
       at com.pandaproject.service.ClientSocket.sendPatient(ClientSocket.java:1355)
       at com.pandaproject.service.ClientSocket.uploadPatient(ClientSocket.java:826)
       at com.pandaproject.service.ClientSocket.<init>(ClientSocket.java:241)
       at com.pandaproject.service.UploadObject.getFromServer(UploadObject.java:201)
       at com.pandaproject.service.UploadObject.access$000(UploadObject.java:20)
       at com.pandaproject.service.UploadObject$1.run(UploadObject.java:97)
       at java.lang.Thread.run(Thread.java:818)

在服务器端:

 javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1036)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:739)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.ObjectOutputStream$BlockDataOutputStream.drain(ObjectOutputStream.java:1877)
at java.io.ObjectOutputStream$BlockDataOutputStream.setBlockDataMode(ObjectOutputStream.java:1786)
at java.io.ObjectOutputStream.<init>(ObjectOutputStream.java:247)

这只发生在Android 6上,似乎chiper套件中有一些不同的东西

我正在粘贴服务器和客户端代码以便更好地进行故障排除

服务器代码:

ServerSocket server = null;
Socket socket=null;
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
try{
     char[] passphrase = "password".toCharArray();
     String keyfile = "keyName";
     ctx = SSLContext.getInstance("TLS");
     kmf = KeyManagerFactory.getInstance("SunX509");
     ks = KeyStore.getInstance("JKS");
     ks.load(new FileInputStream(keyfile), passphrase);
     kmf.init(ks, passphrase);
     ctx.init(kmf.getKeyManagers(), null, null);
     ServerSocketFactory ssf = ctx.getServerSocketFactory();
     server = ssf.createServerSocket(port);
}catch (IOException e){
     e.printStackTrace();
}               
while (true) {              
     socket = server.accept();
     new Thread(new WorkerThread(socket));                

}

Android代码:

  Socket clientSocket = null;
        KeyStore store = KeyStore.getInstance("BKS");
        InputStream in2 = ctx.getResources().openRawResource(
                R.raw.server);
        store.load(in2, "password".toCharArray());

        TrustManagerFactory tmf = TrustManagerFactory
                .getInstance(KeyManagerFactory.getDefaultAlgorithm());
        tmf.init(store);
        SSLContext sslcontext = SSLContext.getInstance("SSL");
        sslcontext.init(null, tmf.getTrustManagers(),
                new SecureRandom());
        SSLSocketFactory sslsocketfactory = sslcontext
                .getSocketFactory();
        clientSocket = (SSLSocket) sslsocketfactory.createSocket(
                Constants.SERVER_HOST, port);
        ObjectInputStream obi = new ObjectInputStream(
                clientSocket.getInputStream());
        ObjectOutputStream obs = new ObjectOutputStream(
                clientSocket.getOutputStream());

        obs.writeObject("text");
        obs.flush();

任何提示?

1 个答案:

答案 0 :(得分:2)

根据这个: https://github.com/iiordanov/remote-desktop-clients/issues/57

似乎已经发生的事情是,已经丢弃了常规的DH密码。 因此,您不能再使用不在Android密钥库中的证书。

相关问题
最新问题