Android 7中的SSLException但不是6

Question

我正在处理向服务器发出各种请求的应用程序。当我的手机运行的是android 6时，应用程序能够向服务器发出请求，但是在更新到Android 7后，它无法与服务器执行握手。

javax.net.ssl.SSLHandshakeException: Handshake failed 
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429) 
at com.android.okhttp.Connection.connectTls(Connection.java:235) 
at com.android.okhttp.Connection.connectSocket(Connection.java:199) 
at com.android.okhttp.Connection.connect(Connection.java:172) 
at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:367) 
at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:130) 
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329) 
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246) 
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:457) 
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:405) 
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:243) 
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210) 
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java) 
at api.mynewleafapi.webapi.MNLStatics$override.getBackgroundForTree(MNLStatics.java:229) 
at api.mynewleafapi.webapi.MNLStatics$override.access$dispatch(MNLStatics.java) 
at api.mynewleafapi.webapi.MNLStatics.getBackgroundForTree(MNLStatics.java:0) 
at com.android.mynewleaf.recov.ui.fragment.usermain.UserMainProfileViewFragment$2.run(UserMainProfileViewFragment.java:146) 
Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed 
    ... 17 more 
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x786ae841c0: Failure in SSL library, usually a protocol error 
error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0x786ae12de0:0x00000001) 
error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0x786880dfce:0x00000000) 
    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) 
     ... 16 more 
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x786ae841c0: Failure in SSL library, usually a protocol error 
error:100000af:SSL routines:OPENSSL_internal:NO_CIPHERS_AVAILABLE (external/boringssl/src/ssl/s3_clnt.c:624 0x786880dfce:0x00000000) 
    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) 
    ... 16 more 

这是肯定的握手失败：

在我的Nexus 5X，logcat的呼吁的HttpURLConnection的getInputStream()方法时产生以下堆栈跟踪。我知道我连接的心室服务器使用的是TLS_ECDHE_ECDSA_WITH_AES_128_GCM，它位于我要求String[] array = factory.getDefaultCipherSuites();的支持密码套件列表中。我已经能够在运行Android 7的其他设备上重现此问题，但该问题未在Android 6及更低版本上显示。这怎么解决？

Answer 1

您可以参考以下链接了解：https://developer.android.com/about/versions/nougat/android-7.0-changes.html#other

的Android 7.0向默认TLS/SSL配置HTTPS和其他TLS/SSL流量以下更改应用使用：

RC4加密算法套房现在被禁用。 CHACHA20-POLY1305密码套件现已启用。 当服务器未协商现代密码套件时，RC4在默认情况下处于禁用状态可能会导致HTTPS或TLS/SSL连接中断。首选的解决方案是改进服务器的配置，以实现更强大和更现代的密码套件和协议。理想情况下，应该启用TLSv1.2和AES-GCM，并且应该启用前向保密密码套件（ECDHE）并且首选。

另一种方法是修改应用程序以使用自定义SSLSocketFactory与服务器进行通信。工厂应该被设计为创建SSLSocket实例，除了缺省密码套件之外，还启用服务器所需的一些密码套件。