问题
I am using OkHttp as the client in Retrofit. I am unable to hit a certain https url. This server supports TLS 1.0 only and the following ciphers TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5
Here's how I am instantiating my OkHttpClient:
OkHttpClient client = new OkHttpClient();
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
client.setSslSocketFactory(sslSocketFactory);
client.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
} catch (Exception e) {
throw new RuntimeException(e);
}
return client;
}
And my app keeps throwing this exception:
javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x9742f000: Failure in SSL library, usually a protocol error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:770 0xab9fcc4d:0x00000000)
回答1:
OkHttp no longer supports RC4 in its default config since OkHttp v2.3 (release notes). You can use the ConnectionSpec (javadoc) to enable it, the ConnectionSpecTest.java (source code) shows some examples.
来源:https://stackoverflow.com/questions/33353251/retrofit-okhttp-sslhandshakeexception