Android 4.4.2 Подтверждение SSL отменено

Код работает на моем эмуляторе Genymotion Android 4.4.4, но не на устройстве, которое я использую (4.4.2).

Я пробовал много обходных решений "доверять всем сертификатам", но безрезультатно (я не думаю, что это проблема в любом случае, так как сертификат AOK).

Я думаю, что я определил шифр (используя трассировку wirehark с моего рабочего стола); TLS 0x00 0x1E, который кажется несколько редок?

Любая идея, как исправить?

Здесь мой код

StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder().permitAll().build();
StrictMode.setThreadPolicy(policy);
CloseableHttpClient client = HttpClientBuilder.create().setSSLSocketFactory(sslsf).build();
String baseURL = "https://mysite.co.uk/api/";
HttpGetHC4 request = new HttpGetHC4(baseURL + "/authenticate?user=abcd&password=1234");
CloseableHttpResponse response = client.execute(request);

И ошибка;

 javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6abff398: Failure in SSL library, usually a protocol error
 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x684dfce0:0x00000000)
     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:449)
     at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:340)
     at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:281)
     at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:124)
     at org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:322)
     at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:373)
     at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:225)
     at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
     at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
     at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
     at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:178)
     at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
     at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
     at com.example.lee.printticket.Main$OrderAsyncTask.onPostExecute(Main.java:239)
     at com.example.lee.printticket.Main$OrderAsyncTask.onPostExecute(Main.java:189)
     at android.os.AsyncTask.finish(AsyncTask.java:632)
     at android.os.AsyncTask.access$600(AsyncTask.java:177)
     at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:645)
     at android.os.Handler.dispatchMessage(Handler.java:102)
     at android.os.Looper.loop(Looper.java:136)
     at android.app.ActivityThread.main(ActivityThread.java:5017)
     at java.lang.reflect.Method.invokeNative(Native Method)
     at java.lang.reflect.Method.invoke(Method.java:515)
     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:785)
     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:601)
     at dalvik.system.NativeStart.main(Native Method)
 Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6abff398: Failure in SSL library, usually a protocol error
 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x684dfce0:0x00000000)
     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:406)
    ... 25 more

ИЗМЕНИТЬ

Попытка использования другой техники/библиотеки;

        RequestQueue queue = Volley.newRequestQueue(this);
        String url ="https://mysite.co.uk/api/authenticate?user=abcd&password=1234";

        // Request a string response from the provided URL.
        StringRequest stringRequest = new StringRequest(Request.Method.GET, url,
                new Response.Listener<String>() {
                    @Override
                    public void onResponse(String response) {
                        // Display the first 500 characters of the response string.
                        Log.d("response: ", response);
                    }
                }, new Response.ErrorListener() {
            @Override
            public void onErrorResponse(VolleyError error) {
                Log.d("response: ", error.toString());
            }
        });
        // Add the request to the RequestQueue.
        queue.add(stringRequest);

Returns;

D/response:: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6ad51be0: Failure in SSL library, usually a protocol error
D/response:: error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available (external/openssl/ssl/s23_clnt.c:486 0x684dfce0:0x00000000)

Или с помощью NoSSLv3SocketFactory hack из Javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL-рукопожатие отменено: ошибка в библиотеке SSL, обычно ошибка протокола;

        HttpStack stack = new HurlStack(null, new NoSSLv3SocketFactory());
        RequestQueue queue = Volley.newRequestQueue(this, stack);

Returns;

D/response:: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6ae51d30: Failure in SSL library, usually a protocol error
D/response:: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x684dfce0:0x00000000)

Ответы

Ответ 1

Попробуйте следующее:

public class ClientSSLSocketFactory {

    public static SSLSocketFactory getSocketFactory(Context context) {
        try {
            X509TrustManager tm = new X509TrustManager() {
                public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
                }

                public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
                }

                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            };
            SSLContext ctx = SSLContext.getInstance("TLS");
            ctx.init(null, new TrustManager[]{tm}, new SecureRandom());

            SSLSocketFactory ssf = SSLCertificateSocketFactory.getDefault(10000, new SSLSessionCache(context));
            return ssf;
        } catch (Exception ex) {
            Log.e("ssl", "Error during the getSocketFactory");
            ex.printStackTrace();
            return null;
        }
    }
}

И при создании очереди:

sRequestQueue = Volley.newRequestQueue(context, new HurlStack(null, ClientSSLSocketFactory.getSocketFactory()));

Надеюсь, что это поможет.