Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fail to send sensor data over https: SensorReceiver: SSLHandshakeException: Handshake failed

See original GitHub issue

Home Assistant Android version: 2021.9.0-full

Android version: 7.0

Phone model: Moto G4 Plus

Home Assistant version: core-2021.9.4 core_nginx_proxy 3.0.2 core_duckdns 1.13.0

Last working Home Assistant release (if known): New setup

Description of problem: The companion app works as expected in home wifi with http connection to homeassistant including the submission of sensor data to homeassistant. When using mobile data and external url through a nginx reverse proxy using a Lets encrypt SSL certificate generated with the duckdns plugin, login and user interface work and it is possible to for example switch lights etc.

What doesn’t work is submitting sensor data to homeassistant from the app through https.

Traceback (if applicable, to get the logs you may refer to: https://companion.home-assistant.io/docs/troubleshooting/faqs/#android-crash-logs):

Logcat output This is a part of the logcat output from a failed sensor submission (i suppose) when connected through https.

09-13 19:06:34.339 10988 10988 D ForegrndServiceLauncher: Check if service HighAccuracyLocationService is running. Service running = false
09-13 19:06:34.359 10988 11026 D LightSensor: Light sensor listener registered
09-13 19:06:34.380 10988 10988 D LightSensor: Light sensor listener unregistered
09-13 19:06:34.554 10988 11026 D ProximitySensor: Proximity sensor listener registered
09-13 19:06:34.565 10988 10988 D ProximitySensor: Proximity sensor listener unregistered
09-13 19:06:34.597 10988 11026 D UrlRepository: localUrl is: true and usesInternalSsid is: false
09-13 19:06:34.731 10988 11026 E SensorReceiver: Exception while updating sensors.
09-13 19:06:34.731 10988 11026 E SensorReceiver: io.homeassistant.companion.android.common.data.integration.IntegrationException: javax.net.ssl.SSLHandshakeException: Handshake failed
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at io.homeassistant.companion.android.common.data.integration.impl.IntegrationRepositoryImpl.updateSensors(IntegrationRepositoryImpl.kt:508)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at io.homeassistant.companion.android.common.data.integration.impl.IntegrationRepositoryImpl$updateSensors$1.invokeSuspend(IntegrationRepositoryImpl.kt)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:104)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665)
09-13 19:06:34.731 10988 11026 E SensorReceiver: Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at io.homeassistant.companion.android.common.data.HomeAssistantRetrofit$special$$inlined$-addInterceptor$1.intercept(OkHttpClient.kt:1089)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:517)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at java.lang.Thread.run(Thread.java:761)
09-13 19:06:34.731 10988 11026 E SensorReceiver: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x882caa00: Failure in SSL library, usually a protocol error
09-13 19:06:34.731 10988 11026 E SensorReceiver: error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0x8c605fe0:0x00000001)
09-13 19:06:34.731 10988 11026 E SensorReceiver: error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0x9fd14912:0x00000000)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
09-13 19:06:34.731 10988 11026 E SensorReceiver:        ... 22 more
09-13 19:06:34.760 10988 11010 I WM-WorkerWrapper: Worker result SUCCESS for Work [ id=e2b87da3-9217-406a-8c93-255c2429b2fe, tags={ io.homeassistant.companion.android.sensors.SensorWorker } ]
09-13 19:06:34.762 10988 10988 I WM-SystemFgDispatcher: Stopping foreground service

A similar section when connected through http looks like this:

09-13 19:08:57.828 11700 11787 D LightSensor: Light sensor listener registered
09-13 19:08:57.840 11700 11700 D LightSensor: Light sensor listener unregistered
09-13 19:08:58.051 11700 11787 D ProximitySensor: Proximity sensor listener registered
09-13 19:08:58.058 11700 11700 D ProximitySensor: Proximity sensor listener unregistered
09-13 19:08:58.077 11700 11787 D SensorReceiver: Nothing to update
09-13 19:08:58.081 11700 11739 I WM-WorkerWrapper: Worker result SUCCESS for Work [ id=53f4aa57-0915-4875-91c1-7c5c01bb7e87, tags={ io.homeassistant.companion.android.sensors.SensorWorker } ]
09-13 19:08:58.087 11700 11700 I WM-SystemFgDispatcher: Stopping foreground service

Screenshot of problem:

Additional information: I have full logcat output but since it contains personal data (e.g. location) I will only share selectively.

SSL handshake simulations according to SSLLabs: image

Possibly related to #1704 but only part of app affected

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
tux2000commented, Sep 14, 2021

Thanks @dshokouhi for pointing me in the right direction. As you pointed out, fixing the certificate solved the issue.

For others getting here with the same problem: I ended up modifying the DuckDNS core plugin to request a certificate with the prime256v1 algorithm (https://community.letsencrypt.org/t/android-7-0-cant-establish-ssl-connection/152050/7). The relevant line in run.sh was

dehydrated --cron --algo prime256v1 --hook ./hooks.sh --challenge dns-01 "${domain_args[@]}" --out "${CERT_DIR}" --config "${WORK_DIR}/config" || true
0reactions
dshokouhicommented, Sep 14, 2021

Here are somethings that Google recommends you check out: https://developer.android.com/training/articles/security-ssl

These errors will need to be solved by the SSL cert used and the app will not be bypassing this.

Read more comments on GitHub >

github_iconTop Results From Across the Web

SSLHandshakeException: Handshake failed on Android N/7.0
This is a known regression in Android 7.0, acknowledged by Google and fixed sometime before the release of Android 7.1.1. Here is the...
Read more >
How to Fix “SSL Handshake Failed” & "Cloudflare 525" Error
The SSL Handshake Failed error occurs when the server and browser are unable to establish a secure connection.
Read more >
NiFi Error Despite Successful SSL Handshake using
Attempt to contact NiFi Node https://node1:port/nifi did not complete due to exception: javax.net.ssl.SSLHandshakeException: sun.security.
Read more >
"SSLHandshakeException" when IICS task fails during run time.
This certificate is validated by the client. In case of any issues during the validation process, an SSL Handshake Exception is thrown.
Read more >
SSL handshake failure reported during application server ...
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

HomeAssistant access denied after short time.

Next page

Path support for saving HAAS URL on the initial, setup screen