AWS DynamoDbMapper错误...由以下原因引起:javax.net.ssl.SSLProtocolException:

时间:2016-01-12 06:32:53

标签: java android amazon-web-services ssl sslv3

我正在尝试从AWS实施DynamoDBMapper,但是当我尝试连接到AWS服务器时应用程序崩溃。

首先,我在Android Studio模拟器上运行Android 4.4.2,一切似乎都运行正常。没有问题。尽管如此,当我尝试在实际设备上运行时(在平板电脑上运行4.4.2 ......不知道制造商),我收到以下错误:

Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6bffcdf0: 
     Failure in SSL library, usually a protocol error error:140740B5:SSL 
     routines:SSL23_CLIENT_HELLO:no ciphers available (external/openssl/ssl/s23_clnt.c:486 0x68474ce0:0x00000000)

这是完整的堆栈跟踪:

Caused by: com.amazonaws.AmazonClientException: Unable to execute HTTP request: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6bffcdf0: Failure in SSL library, usually a protocol error error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available (external/openssl/ssl/s23_clnt.c:486 0x68474ce0:0x00000000)

    com.amazonaws.http.AmazonHttpClient.executeHelper              AmazonHttpClient.java:421
    com.amazonaws.http.AmazonHttpClient.execute                    AmazonHttpClient.java:196
    com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke  AmazonDynamoDBClient.java:3257
    com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.getItem AmazonDynamoDBClient.java:904
    com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper.load  DynamoDBMapper.java:393
    com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper.load  DynamoDBMapper.java:466
    com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper.load  DynamoDBMapper.java:340
    @@@@.@@@@@.@@@@$@@@@.doInBackground  MainActivity.java:1259
    @@@@.@@@@@.@@@@$@@@@.doInBackground  MainActivity.java:1237
    android.os.AsyncTask$2.call          AsyncTask.java:288
    java.util.concurrent.FutureTask.run  FutureTask.java:237
    ... 4 more

其次是:

Caused by: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6bffcdf0: Failure in SSL library, usually a protocol error error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available (external/openssl/ssl/s23_clnt.c:486 0x68474ce0:0x00000000)

    com.android.org.conscrypt.NativeCrypto.SSL_do_handshake          Native Method
    com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake       OpenSSLSocketImpl.java:406
    com.android.okhttp.Connection.upgradeToTls                       Connection.java:146
    com.android.okhttp.Connection.connect                            Connection.java:107
    com.android.okhttp.internal.http.HttpEngine.connect              HttpEngine.java:294
    com.android.okhttp.internal.http.HttpEngine.sendSocketRequest    HttpEngine.java:255
    com.android.okhttp.internal.http.HttpEngine.sendRequest          HttpEngine.java:206
    com.android.okhttp.internal.http.HttpURLConnectionImpl.execute   HttpURLConnectionImpl.java:345
    com.android.okhttp.internal.http.HttpURLConnectionImpl.connect   HttpURLConnectionImpl.java:89
    com.android.okhttp.internal.http.HttpURLConnectionImpl.getOutputStream   HttpURLConnectionImpl.java:197
    com.android.okhttp.internal.http.HttpsURLConnectionImpl.getOutputStream  HttpsURLConnectionImpl.java:254
    com.amazonaws.http.UrlHttpClient.writeContentToConnection        UrlHttpClient.java:128
    com.amazonaws.http.UrlHttpClient.execute                         UrlHttpClient.java:65
    com.amazonaws.http.AmazonHttpClient.executeHelper                AmazonHttpClient.java:353
    ... 14 more

这是我的源代码:

BasicAWSCredentials awsCredentials = new BasicAWSCredentials("abcdef12345","blahblahblah");
AmazonDynamoDBClient dynamoDBClient = new AmazonDynamoDBClient(awsCredentials);
DynamoDbMapper dbMapper = new DynamoDBMapper(dynamoDBClient);

//.... then eventually .....

AWSDriverNameTable awsDriverNameTable = dbMapper.load(AWSDriverNameTable.class, merchantID);

这是错误开始的最后一行代码。

现在,我已经浏览了SO和一些搜索引擎,并了解到一些Android设备回归到SSL v3,而我尝试连接的服务器使用TLS v1.0(去了www.ssllabs。 com并发现它确实使用了TLS 1.0)。这是另一个SO问题,有人似乎解决了一个与此类似的问题:

How to disable SSLv3 in android for HttpsUrlConnection?

因此,如果这是导致问题的原因(需要删除SSLv3),我该如何配置AmazonDynamoDbClient以仅使用TLS 1.0?我注意到您可以创建ClientConfiguration并使用:

clientConfiguration.getApacheHttpClientConfig().setSslSocketFactory(NoSSLv3SocketFactory);

并使用AmazonDynamoDbClient构造函数中的awsCredentials提供它。但是,它接受:

org.apache.http.conn.ssl.SSLSocketFactory

不是

javax.net.ssl.SSLSocketFactory

这是我提供的链接答案中使用的内容(更不用说Android Studio告诉我org.apache.http.conn.ssl.SSLSocketFactory已被弃用)。

无论如何,对此事的任何帮助都将非常感激。谢谢!

2 个答案:

答案 0 :(得分:0)

您可以使用org.apache.http.conn.ssl.SSLConnectionSocketFactory代替org.apache.http.conn.ssl.SSLSocketFactory

来自SSLSocketFactory的JavaDoc(https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html) -

  

已过时。   (4.3)使用SSLConnectionSocketFactory

答案 1 :(得分:0)

Cognito等一些服务支持TLSv1.0 +,而有些人认为DynamoDB仅支持TLSv1.0(不在上面)。如果您的设备支持TLSv1.0,那么它应该可以正常工作。既然你说代码在模拟器上工作但在平板电脑上没有,那么很难说问题出在哪里。我建议你试试这些:

  • 在浏览器中访问https://dynamodb.us-west-2.amazonaws.com。如果您的设备可以处理TLSv1.0,您应该看到healthy: dynamodb.us-west-2.amazonaws.com
  • 在其他设备上运行相同的代码。

评论中的一些注释:

  • 所有AWS服务均已弃用SSLv3。
  • 删除aws-java-sdk并使用aws-android-sdk。后者对Android有很多优化。
  • aws-android-sdk使用HttpURLConnection作为默认的HTTP库。

要测试服务支持的协议,请使用以下命令:

openssl s_client -connect dynamodb.us-west-2.amazonaws.com:443
相关问题
最新问题