Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Handshake failed on netty 4.1.21 running under Android 5.0

See original GitHub issue

Hi! I’ve got an exception on Android 5.0 with netty 4.1.21:

javax.net.ssl.SSLHandshakeException: Handshake failed
    io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Handshake failed
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) [na:0.0]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) [na:0.0]
Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
	at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:436) [na:0.0]
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:1006) [na:0.0]
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x9d892e00: Failure in SSL library, usually a protocol error
                                                                             error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message (external/openssl/ssl/s3_both.c:498 0xac8b4ce0:0x00000000)
	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake_bio(Native Method) [na:0.0]
    at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:423) [na:0.0]

So Android app is unable to establish ssl connection.

I have had the same error when we were using mina library, however I’ve solved it by adding:

            if (!inNetBuffer.hasRemaining()) {
                res = new SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);

like it was suggested by Internets in org.apache.mina.filter.support.SSLHandler.unwrap0() method:

    private SSLEngineResult unwrap0() throws SSLException {
        SSLEngineResult res;
        do {
            if (SessionLog.isDebugEnabled(session)) {
                SessionLog.debug(session, "   inNetBuffer: " + inNetBuffer);
                SessionLog.debug(session, "   appBuffer: " + appBuffer);
            }
            if (!inNetBuffer.hasRemaining()) {
                res = new SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
            } else {
                res = sslEngine.unwrap(inNetBuffer, appBuffer);
            }
            if (SessionLog.isDebugEnabled(session)) {
                SessionLog.debug(session, " Unwrap res:" + res);
            }
        } while (res.getStatus() == SSLEngineResult.Status.OK
                && (handshakeComplete && res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING
                        || res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP));
        
        return res;
    }

As I understand this is Android problem, described here https://issuetracker.google.com/issues/37017560 But we still have clients using Android 5.0, so we can not just ignore them.

Is not it possible to have such workaround in netty?

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
MarkVilkelcommented, Mar 2, 2018

@johnou we have an android application with netty client inside it connecting to netty transport server. Problem appeared only on Android 5.0

0reactions
johnoucommented, Mar 2, 2018

@MarkVilkel do you see this problem with a Android 5.0 client talking SSL with a Netty server eg. standalone java app, or using Netty inside an Android application on 5.0?

Read more comments on GitHub >

github_iconTop Results From Across the Web

HttpClient fails with Handshake Failed in Android 5.0 Lollipop
This code works in Android 2.3-4.4, but fails on Android 5.0 (devices and emulator) with error Connection closed by peer. Of course this...
Read more >
io.netty.handler.ssl.SslHandler - Netty 4.1.72.Final 源码
bytesProduced()); 298 299 // This is a workaround for a bug in Android 5.0. Android 5.0 does not correctly update the 300 //...
Read more >
Netty 4.1.66.Final released - Netty.news
NEED_WRAP when a handshake failed and a alert was produced (#11412); CombinedChannelDuplexHandler.removeOutboundHandler() cause connect(.
Read more >
Debian -- Software Packages in "sid", Subsection java
Software Packages in "sid", Subsection java. activemq (5.16.1-2): Java message broker - server; adql-java (1.5-2): Parse, manipulate and translate ADQL ...
Read more >
Open Source Used In Crosswork Network Controller 4.1.0
1.168 moneta 1.1. 1.168.1 Available under license. 1.169 yang-model-util 5.0.10. 1.169.1 Available under license. 1.170 netty-codec 4.1.48.Final.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Infinite Selector rebuild loop of death.

Next page

@Sharable should also support @Target(ElementType.TYPE_USE)