javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7d84e10: Failure in SSL library解决

SSLProtocolException: SSL handshake aborted: ssl=0xb7d84e10: Failure in SSL library解决"/>

javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7d84e10: Failure in SSL library解决

异常信息
04-22 18:55:30.661 3949-3949/com.umeng.soexample.liuhao20190422 I/aaaa: javax.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7d84e10: Failure in SSL library, usually a protocol errorerror:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x96f15926:0x00000000)//写一个类继承SSLSocket
public class SSL extends SSLSocketFactory {private SSLSocketFactory defaultFactory;// Android 5.0+ (API level21) provides reasonable default settings// but it still allows SSLv3// .0-changes.html#sslstatic String protocols[] = null, cipherSuites[] = null;static {try {SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();if (socket != null) {/* set reasonable protocol versions */// - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <5.0)// - remove all SSL versions (especially SSLv3) because they're insecure nowList<String> protocols = new LinkedList<>();for (String protocol : socket.getSupportedProtocols())if (!protocol.toUpperCase().contains("SSL"))protocols.add(protocol);SSL.protocols = protocols.toArray(new String[protocols.size()]);/* set up reasonable cipher suites */if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {// choose known secure cipher suitesList<String> allowedCiphers = Arrays.asList(// TLS 1.2"TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256",// maximum interoperability"TLS_RSA_WITH_3DES_EDE_CBC_SHA","TLS_RSA_WITH_AES_128_CBC_SHA",// additionally"TLS_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");List<String> availableCiphers = Arrays.asList(socket.getSupportedCipherSuites());// take all allowed ciphers that are available and put them into preferredCiphersHashSet<String> preferredCiphers = new HashSet<>(allowedCiphers);preferredCiphers.retainAll(availableCiphers);/* For maximum security, preferredCiphers should *replace* enabled ciphers (thus disabling* ciphers which are enabled by default, but have become unsecure), but I guess for* the security level of DAVdroid and maximum compatibility, disabling of insecure* ciphers should be a server-side task */// add preferred ciphers to enabled ciphersHashSet<String> enabledCiphers = preferredCiphers;enabledCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites())));SSL.cipherSuites = enabledCiphers.toArray(new String[enabledCiphers.size()]);}}} catch (IOException e) {throw new RuntimeException(e);}}public SSL(X509TrustManager tm) {try {SSLContext sslContext = SSLContext.getInstance("TLS");sslContext.init(null, (tm != null) ? new X509TrustManager[]{tm} : null, null);defaultFactory = sslContext.getSocketFactory();} catch (GeneralSecurityException e) {throw new AssertionError(); // The system has no TLS. Just give up.}}private void upgradeTLS(SSLSocket ssl) {// Android 5.0+ (API level21) provides reasonable default settings// but it still allows SSLv3// .0-changes.html#sslif (protocols != null) {ssl.setEnabledProtocols(protocols);}if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP && cipherSuites != null) {ssl.setEnabledCipherSuites(cipherSuites);}}@Override public String[] getDefaultCipherSuites() {return cipherSuites;}@Overridepublic String[] getSupportedCipherSuites() {return cipherSuites;}@Overridepublic Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {Socket ssl = defaultFactory.createSocket(s, host, port, autoClose);if (ssl instanceof SSLSocket){upgradeTLS((SSLSocket) ssl);}return ssl;}@Overridepublic Socket createSocket(String host, int port) throws IOException, UnknownHostException {Socket ssl = defaultFactory.createSocket(host, port);if (ssl instanceof SSLSocket){upgradeTLS((SSLSocket) ssl);}return ssl;}@Overridepublic Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {Socket ssl = defaultFactory.createSocket(host, port, localHost, localPort);if (ssl instanceof SSLSocket) {upgradeTLS((SSLSocket) ssl);}return ssl;}@Overridepublic Socket createSocket(InetAddress host, int port) throws IOException {Socket ssl = defaultFactory.createSocket(host, port);if (ssl instanceof SSLSocket) {upgradeTLS((SSLSocket) ssl);}return ssl;}@Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {Socket ssl = defaultFactory.createSocket(address, port, localAddress, localPort);if (ssl instanceof SSLSocket){upgradeTLS((SSLSocket) ssl);}return ssl;}
}

//定义一个信任所有证书的TrustManager
final X509TrustManager trustAllCert = new X509TrustManager() {@Overridepublic void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {}@Overridepublic void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {}@Overridepublic java.security.cert.X509Certificate[] getAcceptedIssuers() {return new java.security.cert.X509Certificate[]{};}
};

OkHttpClient client = new OkHttpClient.Builder().sslSocketFactory(new SSL(trustAllCert), trustAllCert).hostnameVerifier(new HostnameVerifier() {             @Overridepublic boolean verify(String s, SSLSession sslSession) {return true;}}).build();