我使用以下代码创建服务器套接字并获取服务器公钥(服务器TLS版本为1.2(。
问题出在安卓<5.0 atsocket.startHandshake();
catch error : javax.net.ssl.SSLException: Connection closed by peer.
我搜索了很多,发现我必须强制Android <5使用TLSv1.2,但我不能这样做(+,+,+(。
SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket(hostname, 443);
socket.setSoTimeout(10000);
socket.startHandshake();
Certificate[] certs = socket.getSession().getPeerCertificates();
Certificate cert = certs[0];
PublicKey serverKey = cert.getPublicKey();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = context.getResources().getAssets().open("filename.cert");
Certificate ca;
ca = cf.generateCertificate(caInput);
if (String.valueOf(serverKey).equals(String.valueOf(ca.getPublicKey()))) {
My codes ...
}
我该怎么做?谢谢。
你应该在Android KitKat及以下版本上强制TLSv1.2,如下所示:
if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.KITKAT) {
socket.setEnabledProtocols(new String[]{"TLSv1.2"});
}
https://developer.android.com/reference/javax/net/ssl/SSLSocket.html
干杯!
最后,我必须将服务器SSL降级到TLSv1并解决问题。