andeoid4.x強制使用TLSv1.2
阿新 • • 發佈:2019-02-08
最近做安全性比較高的專案,上級最近出臺新規要求必須Https+TLSv1.2,
由於android20才開始預設使用TLS1.2,4..0-5.0一下預設的都是TLS1.0,
遇到一些坑費了點時間,網上查了好多資料,沒有比較完整清晰的資料,
所以解決後記錄一下,方便自己方便大家,好了下邊正文開始。
首先明確一點要限制TLS版本需要設定的是什麼,是SSLSocket;
第二在哪設定,需要重寫SSLSocketFactory(注:javax.net.ssl.SSLSocketFactory;而不是org.apache.http.conn.ssl.SSLSocketFactory;
我選擇的不一定是絕對但一定是最簡單省事的,當然後者你要是能實現請聯絡我,我會補充上去);
第三就是重寫的.SSLSocketFactory的原始碼
public class MySSLSocketFactory extends SSLSocketFactory{ private SSLSocketFactory internalSSLSocketFactory; private SSLContext context; public MySSLSocketFactory(KeyManager[] km, TrustManager[] tm, SecureRandom sr) throws KeyManagementException, NoSuchAlgorithmException { context = SSLContext.getInstance("TLSv1.2"); context.init(km, tm, sr); internalSSLSocketFactory = context.getSocketFactory(); } @Override public String[] getDefaultCipherSuites() { return internalSSLSocketFactory.getDefaultCipherSuites(); } @Override public String[] getSupportedCipherSuites() { return internalSSLSocketFactory.getSupportedCipherSuites(); } @Override public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { SSLSocket sslSocket=(SSLSocket) context.getSocketFactory().createSocket(s, host, port, autoClose); sslSocket.setEnabledProtocols(new String[]{"TLSv1.2"}); return sslSocket; } @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { SSLSocket sslSocket=(SSLSocket) context.getSocketFactory().createSocket(host,port); sslSocket.setEnabledProtocols(new String[]{"TLSv1.2"}); return sslSocket; } @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { SSLSocket sslSocket=(SSLSocket) context.getSocketFactory().createSocket(host, port, localHost, localPort); sslSocket.setEnabledProtocols(new String[]{"TLSv1.2"}); return sslSocket; } @Override public Socket createSocket(InetAddress host, int port) throws IOException { SSLSocket sslSocket=(SSLSocket) context.getSocketFactory().createSocket(host, port); sslSocket.setEnabledProtocols(new String[]{"TLSv1.2"}); return sslSocket; } @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { SSLSocket sslSocket=(SSLSocket) context.getSocketFactory().createSocket(address, port, localAddress, localPort); sslSocket.setEnabledProtocols(new String[]{"TLSv1.2"}); return sslSocket; } }
由於我用的volley框架KeyManager,TrustManager
這兩個引數在外面已經設定好了所以我選擇直接傳過來;
在下一步就是把你專案中所有SSLSocketFactory
換成我們自己的MySSLSocketFactory就好了;
這樣就實現的限制android4.x強制使用TLSv1.2了;
我用的是volley,但是okhttp等也都是可以的,原理一樣;
專案保密只能貼這些了,如果有不瞭解的請給我發郵件詢問;
感謝觀看,如果你在使用過程中遇到什麼問題歡迎與我交流,
郵箱是[email protected],如果有什麼好的建議也請聯絡我