在Android 4.1上改进2 TLS 1.1

时间:2017-01-09 19:29:31

标签: android retrofit2 okhttp3

我尝试使用以下代码设置支持的TLS版本:

ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
            .tlsVersions(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2, TlsVersion.TLS_1_1)
            .cipherSuites(
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                    CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                    CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                    CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                    CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
                    CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                    CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
            .build();

    builder.connectionSpecs(Collections.singletonList(spec));

我使用这些库:

compile 'com.squareup.okhttp3:okhttp:3.5.0'
compile 'com.squareup.retrofit2:retrofit:2.1.0'

但我得到了这个例外:

  

HTTP FAILED:java.net.UnknownServiceException:无法找到可接受的协议。 isFallback =假,模式= [ConnectionSpec的(密码组= [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256],tlsVersions = [TLS_1_3,TLS_1_2,TLS_1_1],supportsTlsExtensions = true)],支持的协议= [SSLv3,TLSv1]

你能帮帮我吗,如何在android 4.1上使用TLS 1.1或TLS 1.2?

1 个答案:

答案 0 :(得分:0)

我试图深入研究SSLSocketfactory并找到fkrauthan的TLSSocketFactory。按原样投入我的项目。

从不同来源汇总并创建" MyTrustManager"。

OkHttpClient.Builder httpClient = new OkHttpClient.Builder();
setSSLSocketFactory(httpClient);

}

设置MyTrustManger 

private static void setSSLSocketFactory(OkHttpClient.Builder httpClient) {
    try {
        MyTrustManager myTrustManager = new MyTrustManager();
        TrustManager trustManager = myTrustManager.trustManagerForCertificates(
                myTrustManager.trustedCertificatesInputStream());
        httpClient.sslSocketFactory(new TLSSocketFactory(), (X509TrustManager) trustManager);
    } catch (GeneralSecurityException e) {
        e.printStackTrace();
    }
}

这里是setSSLSocketFactory 

filteredImage: function () {
   return this.flickrImage.filter((flickrImage) => {
      return this.flickrImage.title.match(this.search)
   });
}
相关问题
最新问题