问题
I've an app that communicates with a server through an SSLSocket. From Android 6 I receive a SSLHandshakeException
javax.net.ssl.SSLHandshakeException: Handshake failed
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591)
at com.pandaproject.service.ClientSocket.sendPatient(ClientSocket.java:1355)
at com.pandaproject.service.ClientSocket.uploadPatient(ClientSocket.java:826)
at com.pandaproject.service.ClientSocket.<init>(ClientSocket.java:241)
at com.pandaproject.service.UploadObject.getFromServer(UploadObject.java:201)
at com.pandaproject.service.UploadObject.access$000(UploadObject.java:20)
at com.pandaproject.service.UploadObject$1.run(UploadObject.java:97)
at java.lang.Thread.run(Thread.java:818)
Caused by javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x9dea4280: Failure in SSL library, usually a protocol error
error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0xaee563c0:0x00000001)
error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:750 0xab2a450f:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(NativeCrypto.java)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591)
at com.pandaproject.service.ClientSocket.sendPatient(ClientSocket.java:1355)
at com.pandaproject.service.ClientSocket.uploadPatient(ClientSocket.java:826)
at com.pandaproject.service.ClientSocket.<init>(ClientSocket.java:241)
at com.pandaproject.service.UploadObject.getFromServer(UploadObject.java:201)
at com.pandaproject.service.UploadObject.access$000(UploadObject.java:20)
at com.pandaproject.service.UploadObject$1.run(UploadObject.java:97)
at java.lang.Thread.run(Thread.java:818)
And in the server side:
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1036)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:739)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.ObjectOutputStream$BlockDataOutputStream.drain(ObjectOutputStream.java:1877)
at java.io.ObjectOutputStream$BlockDataOutputStream.setBlockDataMode(ObjectOutputStream.java:1786)
at java.io.ObjectOutputStream.<init>(ObjectOutputStream.java:247)
This happens only with Android 6, it seems there is something different in the chiper suites
I'm pasting the Server and client code for better troubleshooting
Server code:
ServerSocket server = null;
Socket socket=null;
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
try{
char[] passphrase = "password".toCharArray();
String keyfile = "keyName";
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keyfile), passphrase);
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
ServerSocketFactory ssf = ctx.getServerSocketFactory();
server = ssf.createServerSocket(port);
}catch (IOException e){
e.printStackTrace();
}
while (true) {
socket = server.accept();
new Thread(new WorkerThread(socket));
}
Android code:
Socket clientSocket = null;
KeyStore store = KeyStore.getInstance("BKS");
InputStream in2 = ctx.getResources().openRawResource(
R.raw.server);
store.load(in2, "password".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
tmf.init(store);
SSLContext sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(null, tmf.getTrustManagers(),
new SecureRandom());
SSLSocketFactory sslsocketfactory = sslcontext
.getSocketFactory();
clientSocket = (SSLSocket) sslsocketfactory.createSocket(
Constants.SERVER_HOST, port);
ObjectInputStream obi = new ObjectInputStream(
clientSocket.getInputStream());
ObjectOutputStream obs = new ObjectOutputStream(
clientSocket.getOutputStream());
obs.writeObject("text");
obs.flush();
Any hint?
回答1:
According to this: https://github.com/iiordanov/remote-desktop-clients/issues/57
What seems to have happened is that annonimous DH cipher were dropped. So, you cannot use a certificates that are not in Android keystore anymore.
来源:https://stackoverflow.com/questions/33546496/sslhandshakeexception-sslprotocolexception-with-android-6-marshmallow