政府與android 的互鬥: android 9 SSLHandshakeException: Handshake failed
From Android 9 Pie now, requests without encryption will never work.
And by default, the System will expect you to use TLS by default.
簡單講就是:android 9.0後一定要用https, 偏偏政府機構的ssl憑證有問題,
但政府機構不承認他們有問題...所以opendata 資料會取不到.
可說是政府與android的互鬥.
OkHttp或 urlconnect 報錯javax.net.ssl.SSLHandshakeException: Handshake failed
error message:
Failure in SSL library, usually a protocol errorerror:100000f0:SSL
routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL
problem: Error when connecting from Android to a server that does not support TLS 1.0
And by default, the System will expect you to use TLS by default.
簡單講就是:android 9.0後一定要用https, 偏偏政府機構的ssl憑證有問題,
但政府機構不承認他們有問題...所以opendata 資料會取不到.
可說是政府與android的互鬥.
OkHttp或 urlconnect 報錯javax.net.ssl.SSLHandshakeException: Handshake failed
error message:
Failure in SSL library, usually a protocol errorerror:100000f0:SSL
routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL
problem: Error when connecting from Android to a server that does not support TLS 1.0
solution step 1:
OkHttpClient client = new OkHttpClient.Builder() .connectionSpecs(Arrays.asList(ConnectionSpec.COMPATIBLE_TLS)) .build();Request request = new Request.Builder() .url(url) .build(); Response responses = null; responses = client.newCall(request).execute(); return responses.body().string(); but got another error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.javax.net.ssl.SSLHandshakeException: so, 判斷: 直接在電腦chrome看憑證,憑證是由 政府憑證管理中心所簽發,判斷是自訂簽章,導致android不支援 證書鏈配置錯誤,沒有安裝中間證書(intermediate certificate).
注意:以上方法太複雜,不用.因為對憑證的問題去竄改都不是好方法.我們還是改用http取代https,
所以要用下面的方法solution2.
solution 2:CLEARTEXT communication to server not permitted by network security policy 問題原因: Android P 限制了明文流量的網絡請求,
非加密的流量請求都會被系統禁止掉 W/System.err: java.io.IOException: Cleartext HTTP traffic to **** not permitted
不可以像其他人一樣信任所有證書的改法.這太危險且複雜. 改用http,不用https...當利用到政府opentata時. Fix Cleartext Traffic Error in Android 9 Pie To do this in Android 9 Pie you will have to set a networkSecurityConfig in your Manifest application tag like this: https://developer.android.com/training/articles/security-config 在res下新增一個 xml 目錄,然後創建一個名為:network_security_config.xml 文件 url部分改成你呼叫url domain:
然後在APP的AndroidManifest.xml文件下的application標籤增加以下屬性
<application
...
android:networkSecurityConfig="@xml/network_security_config"
>
run.. app
成功.在android 9系統 call http url.