我的 android 应用程序依赖 SNI 来访问正确的服务器,因此它需要 TLS 并且不能与 SSLv3 一起使用。我正在使用 okhttp 和改造,服务器日志表明 TLS 握手突然切换到 SSLv3,并且可能会保持这种方式一段时间,由于缺乏服务器名称指示支持,导致主机名验证重复失败。
我了解在某些情况下(哪些情况?)okhttp 停止使用 TLS 并切换到 SSL 作为后备。但是,在 SNI 的情况下这是不可接受的,有没有办法禁用回退?
示例 apache 日志:
[Wed May 07 18:00:12.799511 2014] [ssl:debug] [pid 20369:tid 140532403599104] ssl_engine_kernel.c(1891): [client <removed>:51431] AH02041: Protocol: TLSv1, Cipher: RC4-SHA (128/128 bits)
[Wed May 07 18:00:28.563170 2014] [ssl:debug] [pid 20455:tid 140532646553344] ssl_engine_kernel.c(1891): [client <removed>:51432] AH02041: Protocol: TLSv1, Cipher: RC4-SHA (128/128 bits)
[Wed May 07 18:00:45.884075 2014] [ssl:debug] [pid 20371:tid 140532445562624] ssl_engine_kernel.c(1891): [client <removed>:51433] AH02041: Protocol: TLSv1, Cipher: RC4-SHA (128/128 bits)
[Wed May 07 18:01:01.322657 2014] [ssl:debug] [pid 20455:tid 140532395206400] ssl_engine_kernel.c(1891): [client <removed>:51434] AH02041: Protocol: TLSv1, Cipher: RC4-SHA (128/128 bits)
[Wed May 07 18:01:18.361705 2014] [ssl:debug] [pid 20370:tid 140532462348032] ssl_engine_kernel.c(1891): [client <removed>:51435] AH02041: Protocol: TLSv1, Cipher: RC4-SHA (128/128 bits)
[Wed May 07 18:01:25.378294 2014] [ssl:debug] [pid 20371:tid 140532487526144] ssl_engine_kernel.c(1891): [client <removed>:51436] AH02041: Protocol: SSLv3, Cipher: RC4-SHA (128/128 bits)
[Wed May 07 18:01:40.807100 2014] [ssl:debug] [pid 20369:tid 140532445562624] ssl_engine_kernel.c(1891): [client <removed>:51437] AH02041: Protocol: SSLv3, Cipher: RC4-SHA (128/128 bits)
[Wed May 07 18:01:41.154782 2014] [ssl:debug] [pid 20371:tid 140532479133440] ssl_engine_kernel.c(1891): [client <removed>:51438] AH02041: Protocol: SSLv3, Cipher: RC4-SHA (128/128 bits)
[Wed May 07 18:01:56.695645 2014] [ssl:debug] [pid 20369:tid 140532504311552] ssl_engine_kernel.c(1891): [client <removed>:51439] AH02041: Protocol: SSLv3, Cipher: RC4-SHA (128/128 bits)
[Wed May 07 18:01:57.252515 2014] [ssl:debug] [pid 20455:tid 140532521096960] ssl_engine_kernel.c(1891): [client <removed>:51440] AH02041: Protocol: SSLv3, Cipher: RC4-SHA (128/128 bits)