OkHttpClient okHttpClient = new OkHttpClient.Builder()
.connectTimeout(15, TimeUnit.SECONDS)
.readTimeout(15, TimeUnit.SECONDS)
.writeTimeout(15, TimeUnit.SECONDS)
.addNetworkInterceptor(new StethoInterceptor())
.followSslRedirects(true)
.connectionSpecs(Collections.singletonList(getConnectionSpec()))
.build();
private static ConnectionSpec getConnectionSpec() {
ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
.tlsVersions(TlsVersion.TLS_1_0)
.cipherSuites(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA)
.build();
return spec;
}
如果出現握手失敗 ,出現日志信息為
10-17 11:41:32.771: W/System.err(32764): javax.net.ssl.SSLHandshakeException: Handshake failed
10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:441)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:241)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:198)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.buildConnection(RealConnection.java:174)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:114)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:193)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:129)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:98)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:109)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:124)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
10-17 11:41:32.771: W/System.err(32764): at com.lzy.okgo.interceptor.LoggerInterceptor.intercept(LoggerInterceptor.java:40)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:170)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.RealCall.access$100(RealCall.java:33)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.RealCall$AsyncCall.execute(RealCall.java:120)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32)
10-17 11:41:32.771: W/System.err(32764): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
10-17 11:41:32.771: W/System.err(32764): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
10-17 11:41:32.771: W/System.err(32764): at java.lang.Thread.run(Thread.java:818)
10-17 11:41:32.771: W/System.err(32764): Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
10-17 11:41:32.771: W/System.err(32764): ... 29 more
10-17 11:41:32.771: W/System.err(32764): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xeec2db00: Failure in SSL library, usually a protocol error
10-17 11:41:32.771: W/System.err(32764): error:100c1069:SSL routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH (external/boringssl/src/ssl/s3_clnt.c:1244 0xee6cb7d7:0x00000000)
10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:353)
10-17 11:41:32.771: W/System.err(32764): ... 28 more
10-17 11:41:32.771: W/System.err(32764): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xeec2db00: Failure in SSL library, usually a protocol error
10-17 11:41:32.771: W/System.err(32764): error:100c1069:SSL routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH (external/boringssl/src/ssl/s3_clnt.c:1244 0xee6cb7d7:0x00000000)
10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:353)
10-17 11:41:32.771: W/System.err(32764): ... 28 more
可以修改客戶端的 加密套件配置 能夠解決此問題
* https三次握手:
* 客戶端發送 TLS版本號 加密套件(這里) 隨機數 hello
* 服務端根據客戶端發送的加密套件、TLS版本號 選擇對應的加密協議及套件 把加密協議、加密套件、隨機數、服務端證書、hello發送給客戶端
* 客戶端收到信息后 生成隨機數(通過公鑰進行加密) 編碼結速通知 握手結束通知
* 服務端 通過私鑰解密 編碼改變通知 握手結束通知
* 對稱加密數據傳輸