我发现android 4与ssl不能很好地兼容,当试图用https联系api时会导致崩溃
javax.net.ssl.SSLException:SSL握手中止:ssl = 0xb8dbad20:系统调用期间的I / O错误,同级连接重置
这是我从其他类似问题尝试的:
if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22) {
try {
Logger.e("under lolipop");
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager[] { new MyTrustManager() }, new SecureRandom());
client.sslSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
Logger.e("HTTPS"+ e.getMessage() );
}
}
哪个没有影响结果
和
if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22) {
try {
client.sslSocketFactory(new TLSSocketFactory(), (X509TrustManager)trustAllCerts[0])
.build();
Logger.e("SETUP TRUST SSL");
return client.build();
} catch (KeyManagementException e) {
Logger.e("SETUP TRUST SSL Failed "+e.getMessage());
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
Logger.e("SETUP TRUST SSL Failed "+e.getMessage());
e.printStackTrace();
}
}
return client.build();
}
final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
} };
此代码提供了不同的错误:
java.security.cert.CertPathValidatorException:未找到证书路径的信任锚。
无论如何要解决这个问题,我必须支持android 4并使用https,
任何帮助都可以!
不久前我在Android 4.4上遇到了类似的问题,当时我们的后端放弃了对TLS 1.0和1.1的支持。我通过安装带有Google Play Services ProviderInstaller的新安全提供程序解决了这个问题。
在你的应用程序gradle.build文件中添加
implementation "com.google.android.gms:play-services-auth:16.0.1"
在你的启动活动中尽早调用ProviderInstaller.installIfNeeded()。以下是尝试安装提供程序的示例方法:
private static void installGooglePlayServicesProvider(Context context) {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) { //Devices with Android 5.1+ should support TLS 1.x out of the box
try {
ProviderInstaller.installIfNeeded(context);
} catch (GooglePlayServicesRepairableException e) {
Log.e("ProviderInstaller", "Google Play Services is out of date!", e);
GoogleApiAvailability.getInstance().showErrorNotification(context, e.getConnectionStatusCode());
} catch (GooglePlayServicesNotAvailableException e) {
Log.e("ProviderInstaller", "Google Play Services is unavailable!", e);
}
}
}
有关ProviderInstaller的更多信息,请参阅Goolge开发人员页面:Patch the security provider with ProviderInstaller
使用TLS 1.2时,您可能必须强制在某些设备上启用支持。看看下面的acticle和他们的Tls12SocketFactory实现:Working with TLS 1.2 on Android 4.4 and Lower
Okhttp 3.13.x已经放弃了对TLS1.2及更低版本的支持,仅支持Android API 21+。您必须使用Okhttp 3.12.x版本分支才能将其与Android 4.x设备一起使用。
更多here