在使用Android的的HttpURLConnection 库提HTTPS请求，我有时会看到以下异常被抛出：

When using Android's HttpUrlConnection library to make an HTTPS request, I sometimes see the following exception being thrown:

javax.net.ssl.SSLException: SSL handshake aborted: ssl=0x5c1b18a0: I/O error during system call, Connection reset by peer
at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:395)
...

在挖成问题了一下，我明白了，

After digging into the issue a bit, I've learned that

怎么可能会发生？一些移动运营商干扰HTTPS流量？

What could be happening? Are some mobile carriers interfering with HTTPS traffic?

推荐答案

简短的回答

事实证明，一些移动运营商将返回的IP地址应该已经失败，因为不存在的DNS查找。该应用程序被连接到该服务器将无法有时来解决，而运营商将尽力协助，提供同类网站的页面。

It turns out that some mobile carriers will return an IP address for DNS lookups that should have failed as non-existent. The server that the app was connecting to would fail to resolve sometimes, and the carrier would try to assist by providing a page of similar sites.

较长的答案

该主机名是我的应用程序被连接到有时会无法解析服务器。这通常会抛出的UnknownHostException 来表示DNS故障。我希望这种情况发生，偶尔为之，和应用程序处理它。该异常SSLException 是一种反常现象。

The hostname for the server that my app was connecting to would sometimes fail to resolve. This would normally throw an UnknownHostException to indicate the DNS failure. I expect this to happen occasionally, and the app handles it. The SSLException was an anomaly.

在那进行拦截失败DNS查找，浏览Web浏览器来一个不存在的主机将显示搜索结果，旨在帮助您的网页运营商找到你所期待的。 （有些DLS /有线互联网服务供应商这样做了。）对于一个应用程序，使一个HTTPS请求，虽然，这打破了SSL握手，因为远程主机是什么程序是期待不同。

On carriers that intercept failed DNS lookups, navigating a Web browser to a non-existent host will show a page of "search results" that aim to help you find what you were looking for. (Some DLS/cable ISPs do this, too.) For an app making an HTTPS request, though, this breaks the SSL handshake because the remote host is different from what the app is expecting.

的根本原因是行为不端的DNS服务器会返回一个不存在的主机错误，我的应用程序使用的服务器之一。连接通过WiFi似乎更可靠（因为相同的DNS服务器的另一个夸克）。连接通过WiFi将允许DNS条目被缓存，因此暂时掩盖，当我们随后将连接通过移动数据连接的问题。大多数时候，虽然，移动运营商将拦截失败的DNS查找和重定向我们意想不到的主机名，这导致了失败的SSL握手。

The root cause was a misbehaving DNS server that would return a non-existent host error for one of the servers that my app was using. Connecting over wifi seemed to be more reliable (due to another quirk of the same DNS server). Connecting over wifi would allow the DNS entry to be cached, thus temporarily masking the problem when we would subsequently connect over a mobile data connection. Most of the time, though, the mobile carrier would intercept the failed DNS lookup and redirect us to an unexpected hostname, which resulted in a failed SSL handshake.