OkHttpClient okHttpClient = new OkHttpClient.Builder()
.connectTimeout(15, TimeUnit.SECONDS)
.readTimeout(15, TimeUnit.SECONDS)
.writeTimeout(15, TimeUnit.SECONDS)
.addNetworkInterceptor(new StethoInterceptor())
.followSslRedirects(true)
.connectionSpecs(Collections.singletonList(getConnectionSpec()))
.build();
private static ConnectionSpec getConnectionSpec() {
ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
.tlsVersions(TlsVersion.TLS_1_0)
.cipherSuites(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA)
.build();
return spec;
}
如果出现握手失败 ,出现日志信息为
10-17 11:41:32.771: W/System.err(32764): javax.net.ssl.SSLHandshakeException: Handshake failed
10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:441)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:241)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:198)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.buildConnection(RealConnection.java:174)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:114)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:193)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:129)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:98)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:109)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:124)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
10-17 11:41:32.771: W/System.err(32764): at com.lzy.okgo.interceptor.LoggerInterceptor.intercept(LoggerInterceptor.java:40)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:170)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.RealCall.access$100(RealCall.java:33)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.RealCall$AsyncCall.execute(RealCall.java:120)
10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32)
10-17 11:41:32.771: W/System.err(32764): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
10-17 11:41:32.771: W/System.err(32764): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
10-17 11:41:32.771: W/System.err(32764): at java.lang.Thread.run(Thread.java:818)
10-17 11:41:32.771: W/System.err(32764): Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
10-17 11:41:32.771: W/System.err(32764): ... 29 more
10-17 11:41:32.771: W/System.err(32764): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xeec2db00: Failure in SSL library, usually a protocol error
10-17 11:41:32.771: W/System.err(32764): error:100c1069:SSL routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH (external/boringssl/src/ssl/s3_clnt.c:1244 0xee6cb7d7:0x00000000)
10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:353)
10-17 11:41:32.771: W/System.err(32764): ... 28 more
10-17 11:41:32.771: W/System.err(32764): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xeec2db00: Failure in SSL library, usually a protocol error
10-17 11:41:32.771: W/System.err(32764): error:100c1069:SSL routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH (external/boringssl/src/ssl/s3_clnt.c:1244 0xee6cb7d7:0x00000000)
10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:353)
10-17 11:41:32.771: W/System.err(32764): ... 28 more
可以修改客户端的 加密套件配置 能够解决此问题
* https三次握手:
* 客户端发送 TLS版本号 加密套件(这里) 随机数 hello
* 服务端根据客户端发送的加密套件、TLS版本号 选择对应的加密协议及套件 把加密协议、加密套件、随机数、服务端证书、hello发送给客户端
* 客户端收到信息后 生成随机数(通过公钥进行加密) 编码结速通知 握手结束通知
* 服务端 通过私钥解密 编码改变通知 握手结束通知
* 对称加密数据传输