Android SSL Exception ALPN Negotiation
See original GitHub issueThe error seems to be related to Android. Browsing the same web page under FF under Linux works. The affected web page is https://bit.ly/3t9jaWI.
The problem arises when executing io.netty.handler.ssl.JdkAlpnSslEngine#verifyProtocolSelection
.
String protocol = getApplicationProtocol();
returns null
. So I’m wondering of it is possible to set a default protocol for the underlying engine, i.e for SSLEngine.getApplicationProtocol
?
I think the code under Android is using the Android BoringSSL implementation. I had to exclude exclude group: 'io.netty', module: 'netty-tcnative-boringssl-static'
under Android since the native library is not supported.
2021-04-12 04:35:24.499 23652-23886/com.foobar W/i.n.h.s.ApplicationProtocolNegotiationHandler: [nioEventLoopGroup-3-3] [id: 0xce91b850, L::😕:::37444 ! R:/23.239.18.34:443] TLS handshake failed:javax.net.ssl.SSLHandshakeException: null at io.netty.handler.ssl.SslUtils.toSSLHandshakeException(SslUtils.java:241) at io.netty.handler.ssl.JdkAlpnSslEngine.verifyProtocolSelection(JdkAlpnSslEngine.java:116) at io.netty.handler.ssl.JdkAlpnSslEngine.wrap(JdkAlpnSslEngine.java:133) at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1087) at io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:978) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1451) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1283) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1330) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:923) Caused by: java.lang.AssertionError: null at io.netty.handler.ssl.JdkAlpnSslEngine.verifyProtocolSelection(JdkAlpnSslEngine.java:105) … 25 common frames omitted 2021-04-12 04:35:24.500 23652-23886/com.foobar D/c.g.c.n.h.p.t.TlsFrontendHandler: [nioEventLoopGroup-3-3] ALPN negotiate failed with javax.net.ssl.SSLHandshakeException
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (6 by maintainers)
I could fix this in the meanwhile. It seems to be an issue with the Android TLS implementation or the Netty not supporting it. I have patched netty to support BouncyCastle. See https://github.com/netty/netty/pull/11157
Fixed with #16