It reads java.net.SocketTimeoutException
, which at first suggests to raise the client's connect-timeout value, as it is being explained in this answer - but when reviewing the current source code of okhttp3.internal.platform.AndroidPlatform
... this rather hints for incompatible protocols.
The server's SSL certificate supports TLS 1.0
, as it would be required for Android 4.x (there's no problem on their side); the problem rather is, that the current version of OkHttp3
does not support TLS 1.0
anymore and therefore the handshake won't ever take place (that's why it throws such a misleading SocketTimeoutException
instead of a SSLHandshakeException
).
With OkHttp3
3.12.x
, it should still be supported with the default configuration MODERN_TLS
-
but one could instruct OkHttp3
3.13.x
to use configuration COMPATIBLE_TLS
instead:
/* ConnectionSpec.MODERN_TLS is the default value */
List tlsSpecs = Arrays.asList(ConnectionSpec.MODERN_TLS);
/* providing backwards-compatibility for API lower than Lollipop: */
if(Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
tlsSpecs = Arrays.asList(ConnectionSpec.COMPATIBLE_TLS);
}
OkHttpClient client = new OkHttpClient.Builder()
.connectionSpecs(tlsSpecs)
.build();
One also has to set it as the client for Retrofit
:
Retrofit retrofit = new Retrofit.Builder()
.baseUrl(Api.BASE_URL)
.addConverterFactory(GsonConverterFactory.create())
.setClient(client)
.build();
See the TLS Configuration History for the available protocol support, per OkHttp3
version. As it seems, 3.12.x
even already supports TLS 1.3
, as it will in future be required for Android Q
. It might not even be required to down-grade OkHttp3
, because MODERN_TLS
of 3.12.x
still supports TLSv1
, while in 3.13.x
it had been moved into COMPATIBLE_TLS
; still uncertain about 3.14.x
.
Even with current versions of OkHttp3
, one could possibly still add the desired TLS 1.0
protocol back into ConnectionSpec.COMPATIBLE_TLS
, since this is an ArrayList
with a method .add()
- without any guarantee, that there won't be further incompatibilities; 3.12.x
might still be the best choice for supporting Android 4.x onward and there might even be back-ports of newer features.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…