stackoom
  简体   繁体   中英

Dealing with TLS on gRPC

 原文  2018-09-06 18:28:06       android/ ssl/ tls1.2/ grpc/ grpc-java

Question

I am connecting to a server which has TLS support with SSL certs. I am getting a SSL Handshake error on Android app client. I also use useTransportSecurity() to deal with TLS negotiation type. Is there any workaround to get away with this error without certificate pinning?

Error encountered: 

Caused by: java.lang.RuntimeException: protocol negotiation failed

    at io.grpc.okhttp.OkHttpProtocolNegotiator.negotiate(OkHttpProtocolNegotiator.java:96)

    at io.grpc.okhttp.OkHttpProtocolNegotiator$AndroidNegotiator.negotiate(OkHttpProtocolNegotiator.java:147)

    at io.grpc.okhttp.OkHttpTlsUpgrader.upgrade(OkHttpTlsUpgrader.java:63)

    at io.grpc.okhttp.OkHttpClientTransport$2.run(OkHttpClientTransport.java:474)

    at io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:123)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162) 

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636) 

    at java.lang.Thread.run(Thread.java:764)

And this is how I generate my channel : 

ManagedChannel mChannel = OkHttpChannelBuilder.forAddress(host, port)
        .useTransportSecurity()
        .build();



Appreciate your time and help.

3 answers

solution1
 1  2018-09-06 20:05:49

ALPN is failing during the TLS handshake, which prevents gRPC from negotiating HTTP/2. Either you aren't connecting to a gRPC / HTTP/2 server or your client's TLS library is too old.

Please review the SECURITY.md documentation. Namely, you probably want to "install" the Play Services Dynamic Security Provider into the runtime when your app starts.

solution2
 0  2018-09-06 19:39:05

it might be rather a matter how you create the server; see SECURITY.md for Mutual TLS ... 

Server server = NettyServerBuilder.forPort(8443)
    .sslContext(GrpcSslContexts.forServer(certChainFile, privateKeyFile)
    .trustManager(clientCAsFile)
    .clientAuth(ClientAuth.REQUIRE)
    .build());

solution3
 0  2018-09-08 06:33:14

Answering my own question.

This error comes from the ALPN TLS extension, which I needed my SSL endpoint to support. I was using NPN, and that is why I was unable to connect.

Posted by Carl Mastrangelo in grpc.io google groups

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Need TLS for GRPC network calls when running on host in Android Studio Android grpc error: TLS ALPN negotiation failed with protocols: [grpc-exp, h2] Retrofit and GRPC Dealing with Listeners Dealing with the ViewPager Android: grpc failed on Nexus 5 Building gRPC for Qt / Android Communication through gRPC/Protobuf Generic grpc requests in kotlin Secured connection in grpc
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM