Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Android SSL Exception ALPN Negotiation

See original GitHub issue

The error seems to be related to Android. Browsing the same web page under FF under Linux works. The affected web page is https://bit.ly/3t9jaWI.

The problem arises when executing io.netty.handler.ssl.JdkAlpnSslEngine#verifyProtocolSelection.

String protocol = getApplicationProtocol(); returns null. So I’m wondering of it is possible to set a default protocol for the underlying engine, i.e for SSLEngine.getApplicationProtocol ?

I think the code under Android is using the Android BoringSSL implementation. I had to exclude exclude group: 'io.netty', module: 'netty-tcnative-boringssl-static' under Android since the native library is not supported.

2021-04-12 04:35:24.499 23652-23886/com.foobar W/i.n.h.s.ApplicationProtocolNegotiationHandler: [nioEventLoopGroup-3-3] [id: 0xce91b850, L::😕:::37444 ! R:/23.239.18.34:443] TLS handshake failed:javax.net.ssl.SSLHandshakeException: null at io.netty.handler.ssl.SslUtils.toSSLHandshakeException(SslUtils.java:241) at io.netty.handler.ssl.JdkAlpnSslEngine.verifyProtocolSelection(JdkAlpnSslEngine.java:116) at io.netty.handler.ssl.JdkAlpnSslEngine.wrap(JdkAlpnSslEngine.java:133) at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1087) at io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:978) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1451) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1283) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1330) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:923) Caused by: java.lang.AssertionError: null at io.netty.handler.ssl.JdkAlpnSslEngine.verifyProtocolSelection(JdkAlpnSslEngine.java:105) … 25 common frames omitted 2021-04-12 04:35:24.500 23652-23886/com.foobar D/c.g.c.n.h.p.t.TlsFrontendHandler: [nioEventLoopGroup-3-3] ALPN negotiate failed with javax.net.ssl.SSLHandshakeException

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
koh-osugcommented, Apr 14, 2021

I could fix this in the meanwhile. It seems to be an issue with the Android TLS implementation or the Netty not supporting it. I have patched netty to support BouncyCastle. See https://github.com/netty/netty/pull/11157

0reactions
koh-osugcommented, Apr 21, 2021

Fixed with #16

Read more comments on GitHub >

github_iconTop Results From Across the Web

Android O java.lang.RuntimeException: protocol negotiation ...
I was able to reproduce and verify this cause by trying to connect to a server with only NPN, but not ALPN. The...
Read more >
Android grpc error: TLS ALPN negotiation failed with protocols
HTTP/2 is negotiated during TLS using ALPN. The client sends what protocols it supports (in this case grpc-exp and h2, aka http/2).
Read more >
TLS Application Layer Protocol Negotiation - Oracle Help Center
Set the Application Layer Protocol Negotiation (ALPN) values supported by the client. During the handshake with the server, the server will read the ......
Read more >
Authentication - android Git repositories
HTTP/2 over TLS mandates the use of ALPN to negotiate the use of the h2 protocol. ALPN is a fairly new standard and...
Read more >
Can someone give me an example with grpc-java and ssl ?
Caused by: java.lang.Exception: Failed ALPN negotiation: Unable to find compatible protocol. grpc-java wasn't able to ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Support for Transparent Proxy

Next page

[esbuild-plugin-meta-url] has no effect