TLS v1.2上的Android客户端/服务器
我正在尝试在服务器和Android客户端之间创建TLS v1.2通信。 我建立了一个TLS v1.0连接有任何问题,但我不能得到v1.2。 这是服务器代码:
char[] passphrase = "myComplexPass1".toCharArray(); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(new FileInputStream("cacerts"), passphrase); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keystore, passphrase); SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); SSLContext sslContext.init(keyManagers, null, null); SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(port); sslServerSocket.setEnabledProtocols(new String [] { "TLSv1", "TLSv1.1", "TLSv1.2" }); sslServerSocket.setUseClientMode(false); sslServerSocket.setWantClientAuth(false); sslServerSocket.setNeedClientAuth(false); sslSocket = (SSLSocket)sslServerSocket.accept(); 虽然这是客户端代码:
char[] passphrase = "myComplexPass1".toCharArray(); KeyStore keystore = KeyStore.getInstance("BKS"); keystore.load(this.getApplicationContext().getResources().openRawResource(R.raw.jb), passphrase); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keystore, passphrase); SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); Log.d("Context Protocol",sslContext.getProtocol());//this prints correctly TLS v1.2! KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); TrustManager[] trustManagers = new TrustManager[]{ new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; sslContext.init(keyManagers, trustManagers, new SecureRandom()); SSLSocketFactory sslSocketFactory = (SSLSocketFactory) sslContext.getSocketFactory(); SSLSocket skt = (SSLSocket) sslSocketFactory.createSocket(HOST, PORT); skt.setKeepAlive(true);
客户端代码,在我的电脑上运行在JRE7上的java客户端编写,完美有效,我看到带有正确密码的getProtocol(服务器端)TLSv1.2,由tlsv1.2支持。 android上的相同代码构成了tlsv1.0连接! 我真的不理解。 在Java客户端JRE7工作,在Android上只有tlsv1.0任何建议吗?
这是我的第一个问题,我搜索了很多。 可能我的格式不正确:(
有点迟到要回答这个,但也许其他人需要回答。
我遇到了同样的问题。 无论您是否向SSLContext.init()方法提供TLSv1.2,我尝试过的某些Android版本都不启用TLS 1.2。 您必须使用setEnabledProtocols()在客户端套接字上启用它,就像对服务器套接字一样。 对我来说,我是在我创建的自定义SSLSocketFactory :
public class MySSLSocketFactory extends SSLSocketFactory throws NoSuchAlgorithmException { private SSLContext mSSLContext; public MySSLSocketFactory(KeyManager km) { ... mSSLContext = SSLContext.getInstance("TLSv1.2"); ... mSSLContext.init(new KeyManager[] {km}, null, null); ... } @Override public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException { SSLSocket s = (SSLSocket)mSSLContext.getSocketFactory().createSocket(socket, host, port, autoClose); s.setEnabledProtocols(new String[] {"TLSv1.2"} ); return s; } ... }