在gRPC上处理TLS
[英]Dealing with TLS on gRPC
问题描述
I am connecting to a server which has TLS support with SSL certs. 
我正在连接到具有SSL证书的TLS支持的服务器。 I am getting a SSL Handshake error on Android app client. 我在Android应用程序客户端上收到SSL握手错误。 I also use useTransportSecurity() to deal with TLS negotiation type. 我还使用useTransportSecurity()处理TLS协商类型。 Is there any workaround to get away with this error without certificate pinning? 如果没有证书固定,是否有任何解决方法可以解决此错误?
Error encountered: 遇到错误:
Caused by: java.lang.RuntimeException: protocol negotiation failed
at io.grpc.okhttp.OkHttpProtocolNegotiator.negotiate(OkHttpProtocolNegotiator.java:96)
at io.grpc.okhttp.OkHttpProtocolNegotiator$AndroidNegotiator.negotiate(OkHttpProtocolNegotiator.java:147)
at io.grpc.okhttp.OkHttpTlsUpgrader.upgrade(OkHttpTlsUpgrader.java:63)
at io.grpc.okhttp.OkHttpClientTransport$2.run(OkHttpClientTransport.java:474)
at io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:123)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
And this is how I generate my channel : 这就是我生成频道的方式:
ManagedChannel mChannel = OkHttpChannelBuilder.forAddress(host, port)
.useTransportSecurity()
.build();
Appreciate your time and help. 感谢您的时间和帮助。
3 个解决方案
解决方案1
1 2018-09-06 20:05:49
ALPN is failing during the TLS handshake, which prevents gRPC from negotiating HTTP/2. TLS握手期间,ALPN失败,这阻止了gRPC协商HTTP / 2。 Either you aren't connecting to a gRPC / HTTP/2 server or your client's TLS library is too old. 您没有连接到gRPC / HTTP / 2服务器,或者客户端的TLS库太旧。
Please review the SECURITY.md documentation. 请查看SECURITY.md文档。 Namely, you probably want to "install" the Play Services Dynamic Security Provider into the runtime when your app starts. 即,您可能希望在应用启动时将Play Services动态安全提供程序“安装”到运行时。
解决方案2
0 2018-09-06 19:39:05
it might be rather a matter how you create the server; 如何创建服务器可能只是一个问题; see SECURITY.md for Mutual TLS ... 有关Mutual TLS请参阅SECURITY.md ...
Server server = NettyServerBuilder.forPort(8443)
.sslContext(GrpcSslContexts.forServer(certChainFile, privateKeyFile)
.trustManager(clientCAsFile)
.clientAuth(ClientAuth.REQUIRE)
.build());
解决方案3
0 2018-09-08 06:33:14
Answering my own question. 回答我自己的问题。
This error comes from the ALPN TLS extension, which I needed my SSL endpoint to support. 此错误来自ALPN TLS扩展,我需要我的SSL端点来支持。 I was using NPN, and that is why I was unable to connect. 我正在使用NPN,这就是为什么我无法连接。
Posted by Carl Mastrangelo in grpc.io google groups 由Carl Mastrangelo发表在grpc.io Google组中
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.