Android app不支持sni协议
2021-03-03Linux90root108°c
A+ A-前段时间到http://www.rapidssl.com网站购买通配ssl证书. 例如:
域 名: android.90root.com(app域名)
ssl证书: *.90root.com
ssl配置: cat httpd-ssl.conf <VirtualHost *:443> DocumentRoot "/home/work/web/android.90root.com/Public/" ServerName android.90root.com:443 ErrorLog “/opt/lampp/logs/android.error_log" TransferLog "/opt/lampp/logs/android.access_log" SSLEngine on SSLProtocol All -SSLv2 -SSLv3 SSLCertificateFile "/home/work/etc/ssl_cert/90root.new.crt" SSLCertificateKeyFile "/home/work/etc/ssl_cert/90root.com.key" SSLCertificateChainFile "/home/work/etc/ssl_cert/90root.com.intermediate.new.crt" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/opt/lampp/cgi-bin"> SSLOptions +StdEnvVars </Directory> <Directory "/home/work/web/android.90root.com/Public/"> Options FollowSymLinks IncludesNOEXEC Indexes DirectoryIndex index.php index.html AllowOverride All Order Deny,Allow Allow from all RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/opt/lampp/logs/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
拿android手机访问android.90root.com 提示证书不被信用. 用android打开90root的app软件,提示如下:

因为手机端app(iOS、android)域名都是基于https访问的,如下:

经过一番谷歌,同事到https://cryptoreport.rapidssl.com/checker/views/certCheck.jsp 测试android.90root.com域名ssl配置是否正确, 该网站提示ssl配置有误会反馈一个链接, 点击下载证书, 替换服务端证书即可.
看到这里android app已经解决了,是因为ssl证书导致的. 接下来又出现类似情况
购买XXXddos防御系统, 将app(iOS、android)域名全解析到ddos服务商, android app再一次请求不到服务端数据, 怀疑ddos服务商ssl证书没有配置正确, 经过一番确认,ddos服务商说android app要支持sni协议. sni不知道是什么的自己百度..... ddos服务商提供一个参考链接http://blog.dev001.net/post/67082904181/android-using-sni-and-tlsv12-with-apache
android开发人员在代码里添加头部请求协议

再次登陆android app能够请求到服务端数据.
标签:Linux