stackoom
  简体   繁体   中英

Using SSL in Android

 原文  2015-07-09 15:10:00       java/ android/ ssl/ ssl-certificate/ ca

Question

I am new to SSL. I am using the code given at https://developer.android.com/training/articles/security-ssl.html#HttpsExample and using it I am able to establish connection with my URL (verified by urlConnection.getResponseCode(), where urlConnection is of type HttpsURLConnection). Now my doubt is using this how do I ensure that I am communicating with the correct server? Without that I think there can still be MITM attack. In the link mentioned above there is some discussion about this, but I don't know how to check this using java code. Thanks for your valuable time and help.

1 answers

solution1
 0 ACCPTED  2015-07-09 15:14:00

To verify the right server, you've to pin the certificate. Please have a look at https://developer.android.com/training/articles/security-ssl.html#Pinning whereby a tutorial is given here http://www.thoughtcrime.org/blog/authenticity-is-broken-in-ssl-but-your-app-ha/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using SSL with Android App Using ssl with Apache Mina & android Android to server communication using SSL with Bouncy Castle Android Using NTLM over SSL failing Android: HTTPS (SSL) connection using HttpsURLConnection Using SSL with server client socket communication on android-j2se Using client/server certificates for two way authentication SSL socket on Android Android SSL https post Working with SSL Certificates in Android SSL No peer certificate Android
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM