Android app不支持sni协议
2021-03-03Linux90root108°c
A+ A-前段时间到http://www.rapidssl.com网站购买通配ssl证书. 例如:
域 名: android.90root.com(app域名)
ssl证书: *.90root.com
ssl配置: cat httpd-ssl.conf
<VirtualHost *:443>
DocumentRoot "/home/work/web/android.90root.com/Public/"
ServerName android.90root.com:443
ErrorLog “/opt/lampp/logs/android.error_log"
TransferLog "/opt/lampp/logs/android.access_log"
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile "/home/work/etc/ssl_cert/90root.new.crt"
SSLCertificateKeyFile "/home/work/etc/ssl_cert/90root.com.key"
SSLCertificateChainFile "/home/work/etc/ssl_cert/90root.com.intermediate.new.crt"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/lampp/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<Directory "/home/work/web/android.90root.com/Public/">
Options FollowSymLinks IncludesNOEXEC Indexes
DirectoryIndex index.php index.html
AllowOverride All
Order Deny,Allow
Allow from all
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/opt/lampp/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>拿android手机访问android.90root.com 提示证书不被信用. 用android打开90root的app软件,提示如下:
因为手机端app(iOS、android)域名都是基于https访问的,如下:
经过一番谷歌,同事到https://cryptoreport.rapidssl.com/checker/views/certCheck.jsp 测试android.90root.com域名ssl配置是否正确, 该网站提示ssl配置有误会反馈一个链接, 点击下载证书, 替换服务端证书即可.
看到这里android app已经解决了,是因为ssl证书导致的. 接下来又出现类似情况
购买XXXddos防御系统, 将app(iOS、android)域名全解析到ddos服务商, android app再一次请求不到服务端数据, 怀疑ddos服务商ssl证书没有配置正确, 经过一番确认,ddos服务商说android app要支持sni协议. sni不知道是什么的自己百度..... ddos服务商提供一个参考链接http://blog.dev001.net/post/67082904181/android-using-sni-and-tlsv12-with-apache
android开发人员在代码里添加头部请求协议
再次登陆android app能够请求到服务端数据.
标签:Linux