【发布时间】:2016-08-06 20:21:47
【问题描述】:
我有一个 targetSdkVersion 23 的应用,但在 Android N (apiLevel 24) 上启动时,所有到后端的连接都会引发异常:
javax.net.ssl.SSLHandshakeException: Handshake failed
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429)
at com.android.okhttp.Connection.connectTls(Connection.java:235)
at com.android.okhttp.Connection.connectSocket(Connection.java:199)
at com.android.okhttp.Connection.connect(Connection.java:172)
at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:367)
at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:130)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:457)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:126)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java)`
<...>
Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
... 23 more
Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
... 23 more
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7ffeec27f540: Failure in SSL library, usually a protocol error
error:100000f3:SSL routines:OPENSSL_internal:WRONG_CURVE (external/boringssl/src/ssl/s3_clnt.c:1205 0x7ffee9cef70a:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
... 22 more
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7ffeec27f540: Failure in SSL library, usually a protocol error
error:100000f3:SSL routines:OPENSSL_internal:WRONG_CURVE (external/boringssl/src/ssl/s3_clnt.c:1205 0x7ffee9cef70a:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
... 22 more
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7ffeec27f540: Failure in SSL library, usually a protocol error
error:100000f3:SSL routines:OPENSSL_internal:WRONG_CURVE (external/boringssl/src/ssl/s3_clnt.c:1205 0x7ffee9cef70a:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
... 22 more
我的后端证书仅支持 TLSv1 协议。这是 Android N 的问题吗?
已编辑 1: 将 targetSdkVersion 更改为 24 会得到相同的结果。
编辑 2: 我们的目标网址是https://med.firecracker.me/
【问题讨论】:
-
您已经截断了 Stacktrace,相关的内部异常(带有异常文本)丢失了。
-
我会先尝试将 targetSdkVersion 更改为 24,看看问题是否仍然存在。
-
将 targetSdkVersion 更改为 24 会得到相同的结果。
-
添加了完整的堆栈跟踪。谢谢。
-
没有“TLSv1”证书之类的东西。有 X.509 证书可用于多个 TLS 版本中的身份验证,包括 SSL 3.0、TLS 1.0、TLS 1.2 ... 至于错误本身:“WRONG_CURVE”可能会提供线索,但可能需要知道目标 URL 以获得更好的帮助。我的猜测是,当与较新的 Android N TLS 堆栈一起使用时,服务器无法按预期工作,这可能是服务器或 Android 中的错误。