android上的HTTPS连接出现未知协议错误
[英]Unknown protocol error with HTTPS connection on android
问题描述
I am calling a REST service using HTTPS on an android application. 
我在Android应用程序上使用HTTPS调用REST服务。 I already have working code for this, but now that I am using a newly installed server hosting the REST service I can no longer establish a connection. 我已经有了这方面的工作代码,但现在我正在使用一个新安装的服务器来托管REST服务,我无法再建立连接。
Here is the exception: 这是一个例外:
javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x15b7768: Failure in SSL library, usually a protocol error
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:683 0x402e5cc3:0x00000000)
The application use the Apache classes to interact with the REST service. 该应用程序使用Apache类与REST服务进行交互。 I get this error even when using a dummy TrustManager that accepts any kind of certificate. 即使使用接受任何类型证书的虚拟TrustManager,我也会收到此错误。
When calling the REST Service from the Android Navigator, the connection is successfully established and works fine. 从Android Navigator调用REST服务时,连接成功建立并正常工作。
The Android phone is running the latest 4.0.3 Android from HTC. Android手机正在运行HTC最新的4.0.3 Android。
The REST Service is a hosted mod_perl application on Apache configured with SSL support. REST服务是Apache上托管的mod_perl应用程序,配置了SSL支持。
Browsing the OpenSSL source code at https://github.com/android/platform_external_openssl/blob/ics-mr0/ssl/s23_clnt.c does not give me any hints besides a low level problem. 浏览https://github.com/android/platform_external_openssl/blob/ics-mr0/ssl/s23_clnt.c中的OpenSSL源代码除了低级问题之外没有给我任何提示。
Any suggestion of how to debug this further ? 有关如何进一步调试的任何建议吗?
1 个解决方案
解决方案1
17 已采纳 2012-08-06 11:57:52
Ok I found what the problem is. 好的,我发现了问题所在。
Following the suggestion to use OpenSSL s_client it made me realize that I use the wrong port number for the connection. 根据建议使用OpenSSL s_client,它让我意识到我使用错误的端口号进行连接。 The new server is using the standard SSL port which was not the case for the other server I was using previously. 新服务器使用的是标准SSL端口,这与我以前使用的其他服务器不同。
As the server was not responding according to the SSL protocol, the response could not be decoded meaningfully by OpenSSL and thus the Unknown Protocol Error . 由于服务器没有根据SSL协议进行响应,因此OpenSSL无法有效地解码响应,从而Unknown Protocol Error 。
For the people wanting to know how I used OpenSSL s_client (in your shell do): 对于想知道我如何使用OpenSSL s_client的人(在你的shell中):
$ openssl s_client -connect myhost.example.com:443 -tls1 -servername myhost.example.com
The -servername option enlists Server Name Indication (SNI) to ensure the server provides the correct certificate if there are multiple sites hosted at the server. -servername选项包括服务器名称指示(SNI),以确保服务器上托管多个站点时服务器提供正确的证书。 SNI is a TLS 1.0 (and above) option, and -tls1_1 and -tls1_2 usually work, too. SNI是TLS 1.0(及以上)选项, -tls1_1和-tls1_2通常也可以使用。
Then a truck load of information is shown regarding the SSL connection just opened. 然后显示关于刚刚打开的SSL连接的卡车负载信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.