java 请求https 握手失败_https握手失败案例（一）

OkHttpClient okHttpClient = new OkHttpClient.Builder()

.connectTimeout(15, TimeUnit.SECONDS)

.readTimeout(15, TimeUnit.SECONDS)

.writeTimeout(15, TimeUnit.SECONDS)

.addNetworkInterceptor(new StethoInterceptor())

.followSslRedirects(true)

.connectionSpecs(Collections.singletonList(getConnectionSpec()))

.build();

private static ConnectionSpec getConnectionSpec() {

ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)

.tlsVersions(TlsVersion.TLS_1_0)

.cipherSuites(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,

CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,

CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,

CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,

CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA)

.build();

return spec;

}

如果出现握手失败 ，出现日志信息为

10-17 11:41:32.771: W/System.err(32764): javax.net.ssl.SSLHandshakeException: Handshake failed

10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:441)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:241)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:198)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.buildConnection(RealConnection.java:174)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:114)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:193)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:129)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:98)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:109)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:124)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)

10-17 11:41:32.771: W/System.err(32764): at com.lzy.okgo.interceptor.LoggerInterceptor.intercept(LoggerInterceptor.java:40)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:170)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.RealCall.access$100(RealCall.java:33)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.RealCall$AsyncCall.execute(RealCall.java:120)

10-17 11:41:32.771: W/System.err(32764): at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32)

10-17 11:41:32.771: W/System.err(32764): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)

10-17 11:41:32.771: W/System.err(32764): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)

10-17 11:41:32.771: W/System.err(32764): at java.lang.Thread.run(Thread.java:818)

10-17 11:41:32.771: W/System.err(32764): Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed

10-17 11:41:32.771: W/System.err(32764): ... 29 more

10-17 11:41:32.771: W/System.err(32764): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xeec2db00: Failure in SSL library, usually a protocol error

10-17 11:41:32.771: W/System.err(32764): error:100c1069:SSL routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH (external/boringssl/src/ssl/s3_clnt.c:1244 0xee6cb7d7:0x00000000)

10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)

10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:353)

10-17 11:41:32.771: W/System.err(32764): ... 28 more

10-17 11:41:32.771: W/System.err(32764): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xeec2db00: Failure in SSL library, usually a protocol error

10-17 11:41:32.771: W/System.err(32764): error:100c1069:SSL routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH (external/boringssl/src/ssl/s3_clnt.c:1244 0xee6cb7d7:0x00000000)

10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)

10-17 11:41:32.771: W/System.err(32764): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:353)

10-17 11:41:32.771: W/System.err(32764): ... 28 more

可以修改客户端的  加密套件配置  能够解决此问题

* https三次握手:

* 客户端发送 TLS版本号 加密套件(这里) 随机数 hello

* 服务端根据客户端发送的加密套件、TLS版本号 选择对应的加密协议及套件 把加密协议、加密套件、随机数、服务端证书、hello发送给客户端

* 客户端收到信息后 生成随机数(通过公钥进行加密) 编码结速通知 握手结束通知

* 服务端 通过私钥解密 编码改变通知 握手结束通知

* 对称加密数据传输