javax.net.ssl.SSLException:SSL 握手中止连接在调用 Web 服务 Android 时由对等方重置
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20741405/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
javax.net.ssl.SSLException: SSL handshake aborted Connection reset by peer while calling webservice Android
提问by DreamsNeverDie
I am calling https webserviceand its works fine before, but now when i am trying to call it its give me following errors.
我正在调用https webservice并且它之前工作正常,但是现在当我尝试调用它时,它给了我以下错误。
Log Errors :
日志错误:
12-23 06:28:11.969: W/System.err(3014): javax.net.ssl.SSLException: SSL handshake aborted: ssl=0x1cc160: I/O error during system call, Connection reset by peer
12-23 06:28:11.979: W/System.err(3014): at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
12-23 06:28:11.979: W/System.err(3014): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:474)
12-23 06:28:11.979: W/System.err(3014): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:750)
12-23 06:28:11.979: W/System.err(3014): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:692)
12-23 06:28:11.979: W/System.err(3014): at crittercism.android.aa.getInputStream(Unknown Source)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.io.SocketInputBuffer.<init>(SocketInputBuffer.java:93)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:83)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:170)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:106)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:129)
12-23 06:28:11.979: W/System.err(3014): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:171)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:359)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
12-23 06:28:11.989: W/System.err(3014): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
I am using following code for calling https webservice.
我正在使用以下代码来调用 https 网络服务。
public static void trustAllHosts() {
X509TrustManager easyTrustManager = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
// Oh, I am easy!
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
// Oh, I am easy!
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { easyTrustManager };
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection
.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
e.printStackTrace();
}
}
public static HttpClient getNewHttpClient() {
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore
.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new MySSLSocketFactory(trustStore);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory
.getSocketFactory(), 80));
registry.register(new Scheme("https", sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(
params, registry);
return new DefaultHttpClient(ccm, params);
} catch (Exception e) {
return new DefaultHttpClient();
}
}
MySSLSocketFactory.java
MySSLSocketFactory.java
public class MySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public MySSLSocketFactory(KeyStore truststore)
throws NoSuchAlgorithmException, KeyManagementException,
KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
}
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port,
autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
}
It is working fine before, but now it fails. There are no any changes made in server.
以前运行良好,但现在失败了。服务器中没有任何更改。
I already refered
我已经参考了
- Android-Query - Random SSLExceptions
- Intermittent Connection Reset by Peer errors in Android connecting to .NET REST endpoint
- Android HTTPS exception Connection reset by peer
- Why is HttpUrlConnection throwing an SSLException while on a mobile data connection?
- Android-Query - 随机 SSLExceptions
- 连接到 .NET REST 端点的 Android 中的对等错误导致间歇性连接重置
- Android HTTPS 异常连接由对等方重置
- 为什么 HttpUrlConnection 在移动数据连接上抛出 SSLException?
I have tested it in both wifi and mobile data. Application not works in both.
我已经在wifi和移动数据中对其进行了测试。应用程序不适用于两者。
If anybody face this problem before then please help me to solve it.
如果有人在此之前遇到过这个问题,请帮助我解决它。
回答by kingAm
There could be 2 reasons:
可能有2个原因:
Certificates could be expired at client or server end.
证书可能在客户端或服务器端过期。
Solution: Extend expiry date of existing certificate or Exhange new certificates.
解决方案:延长现有证书的有效期或更换新证书。
Server port has been reset to some else port.
服务器端口已重置为其他端口。
Solution: I have faced this port change problem, normally due to server maintenance or patch update, sometimes port of the service get change. Ask the person who has provided you the wsdl to regenerate wsdl on their server and check the port no whether it is matching with existing wsdl at client side or not. Most probably this would be the case here.
解决方法:我遇到过这个端口变化的问题,一般是因为服务器维护或者补丁更新,有时服务的端口会发生变化。要求提供 wsdl 的人在他们的服务器上重新生成 wsdl 并检查端口号是否与客户端现有的 wsdl 匹配。很可能这里就是这种情况。
回答by Ankit
I also got the same exception. I found that it was due to TLS 1.0 protocolwas not supported by server.
我也有同样的例外。我发现这是因为服务器不支持TLS 1.0 协议。
I observed that Android device, http connection fails to the server where TLS 1.0is not supported. I searched every where about the bug, but did not find anything related to this problem. And the problem was solved, when the TLS 1.0 protocolsupport was added to the server.You can check your server / hostname protocol support using https://www.ssllabs.com/ssltest.
我观察到 Android 设备,http 连接无法连接到TLS 1.0不受支持的服务器。我搜索了有关该错误的所有地方,但没有找到与此问题相关的任何内容。当TLS 1.0 protocol支持添加到服务器时,问题就解决了。您可以使用https://www.ssllabs.com/ssltest检查您的服务器/主机名协议支持。
回答by Jorge Navarro
We had this same issue starting this morning and got it solved.
从今天早上开始,我们遇到了同样的问题,并得到了解决。
SSL on IIS 8
IIS 8 上的 SSL
- Every thing was working fine yesterday and last night our SSL was updated on the IIS site.
- While checking out the site Bindings to the SSL we noticed that IIS8 has a new checkbox "Require Server Name Indication", it was not checked so we proceeded to enable it.
- That triggered the problem.
- Went back to IIS, disabled the checkbox.... problem solved!
- 昨天一切正常,昨晚我们在 IIS 站点上更新了 SSL。
- 在检查站点绑定到 SSL 时,我们注意到 IIS8 有一个新的复选框“需要服务器名称指示”,它没有被选中,所以我们继续启用它。
- 这引发了问题。
- 回到IIS,禁用复选框....问题解决了!
回答by Hiren Patel
I was having the same issue for some Android devices. Found the solution by IIS server settings.
我在某些 Android 设备上遇到了同样的问题。通过IIS 服务器设置找到解决方案。
Steps:
脚步:
- Open IIS
- Select the site on which you are working
- Edit site binding
- Uncheck Required Server Name Identification
- Click OK
- 打开 IIS
- 选择您正在工作的站点
- 编辑站点绑定
- 取消选中所需的服务器名称标识
- 单击确定
Reference screenshot:
参考截图:
Hope this would helps you.
希望这会帮助你。
