1. 技术文章
  2. Android <= 4.4.2 and TLS 1.2

Android <= 4.4.2 and TLS 1.2

筅森魡賤 提交于 2019-12-05 10:38:39

问题


I did an app for a company and it supported API level 13+ (3.0+). It collects data from their CMS via XML and displays it on the app. This is done over HTTPS which worked fine until they upgraded their server to TLS 1.2. Now android versions below API level 20 won't fetch the XML because of SSLPeerUnverifiedException and a whole lot of phones can't see this app anymore.

Is there a way to get past SSLPeerUnverified while leaving TLS 1.2 enabled?

Note: The current SSL certificates are as follows:

AddTrust External CA Root
--> COMODO High-Assurance Secure Server CA
  --> *.appdomain.com

Most helpful SOF article so far: Implementing TLS 1.2 on Android 2.3.3


回答1:


Someone else on the team answered this but the result included the following:

  • SSLContext helper=null;
  • helper.init(null,null,null);
  • SSLContext.getInstance("TLSv1.2");
  • SSLEngine engine = helper.createSSLEngine();

Here's the function he used to check ssl and put everything in:

public void sslCheck() {

        int PLAY_SERVICES_RESOLUTION_REQUEST=9000;
        int resultCode = GooglePlayServicesUtil.isGooglePlayServicesAvailable(this);
        //Log.i("log_tag2", String.valueOf(resultCode));
        if (resultCode != ConnectionResult.SUCCESS) {
            if (GooglePlayServicesUtil.isUserRecoverableError(resultCode)) {
                Log.i("log_tag2","Not good!");
                if (MyAppActivity.instance != null) {
                    Log.i("log_tag2","but can fix");
                    GooglePlayServicesUtil.getErrorDialog(
                            resultCode,
                            MyAppActivity.instance,
                            PLAY_SERVICES_RESOLUTION_REQUEST).show();
                }
            }
        }
        else {
            Log.i("log_tag2","Already good!");
            try {
                ProviderInstaller.installIfNeeded(this);
                Log.i("log_tag", "1");
            } catch (GooglePlayServicesRepairableException e) {
                e.printStackTrace();
            } catch (GooglePlayServicesNotAvailableException e) {
                e.printStackTrace();
            }
            SSLContext helper=null;
            try {
                helper = SSLContext.getInstance("TLSv1.2");
                Log.i("log_tag","2");
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
            }
            try {
                helper.init(null,null,null);
                Log.i("log_tag", "3");
            } catch (KeyManagementException e) {
                e.printStackTrace();
            }
            SSLEngine engine = helper.createSSLEngine();
        }
    }


来源:https://stackoverflow.com/questions/32545073/android-4-4-2-and-tls-1-2

标签
android
ssl
tls1.2
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!