question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SSLHandshakeException while connecting to NASA's APOD servers on Pre-5.0 Android Devices

See original GitHub issue

OkHttp Version: 2.7.5

Relevant code:

OkHttpClient client = new OkHttpClient();
final String src = "https://apod.nasa.gov/apod/astropix.html";
final Request.Builder request = new Request.Builder().get().url(src);

client.newCall(request.build()).enqueue(new Callback() {
    @Override
    public void onFailure(Request request, IOException e) {
        
    }

    @Override
    public void onResponse(Response response) throws IOException {
        
    }
});

Error Message:

javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb94675e0: Failure in SSL library, usually a protocol error
  error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x98977990:0x00000000)
  at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:448)
  at com.squareup.okhttp.Connection.upgradeToTls(Connection.java:241)
  at com.squareup.okhttp.Connection.connect(Connection.java:158)
  at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:174)
  at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:120)
  at com.squareup.okhttp.internal.http.RouteSelector.next(RouteSelector.java:131)
  at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:312)
  at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:235)
  at com.squareup.okhttp.Call.getResponse(Call.java:262)
  at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:219)
  at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:192)
  at com.squareup.okhttp.Call.access$100(Call.java:34)
  at com.squareup.okhttp.Call$AsyncCall.execute(Call.java:156)
  at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
  at java.lang.Thread.run(Thread.java:841)
  Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb94675e0: Failure in SSL library, usually a protocol error
     error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x98977990:0x00000000)
     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
     	... 16 more

SSLLabs Analysis for the apod.nasa.gov domain shows Server sent fatal alert: handshake_failure for all pre-Lollipop devices (4.4.2 is an exception, but I tested in an emulator and I still got that error) On post-Lollipop devices, the cipher is: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. Compare to the SSLLabs Analysis of NASA’s other domains: there are no handshake errors.

Is this an issue on the provider’s side? Is there a solution to successfully connect to the server https://apod.nasa.gov/apod/astropix.html on those older Android devices?

I’ve tried countless posted solutions such as using custom SocketFactory, using Google Play Services dynamic security provider, unfortunately none worked for me for that specific server.

I don’t know much about HTTPS & TLS stuff. I would really appreciate some help. Thank you.

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:7 (2 by maintainers)

github_iconTop GitHub Comments

2reactions
JeffreyCAcommented, Jan 11, 2017

Thank you, it solved it for me! I followed the stuff under Patching Asynchronously, and put the OkHttp request in the onProviderInstalled method, and now the device supports the TLS 1.2 ciphers. I didn’t even need to use the NasaClient code. The only requirement was that the device needed an up-to-date version of Google Play Services installed.

0reactions
JeffreyCAcommented, Jun 27, 2017

I would try the suggestion given here or here. There are several other issues opened by others regarding this, maybe have a look at them?

Read more comments on GitHub >

github_iconTop Results From Across the Web

SSLHandshakeException: Handshake failed on Android N/7.0
This is a known regression in Android 7.0, acknowledged by Google and fixed sometime before the release of Android 7.1.1. Here is the...
Read more >
Frequently Asked Questions (FAQ) - APOD
Q8: Can I use APOD pictures in my classroom? A8: For non-commercial fair use, yes. Please note that many APOD images have are...
Read more >
Astronomy Picture of the Day - NASA
Discover the cosmos! Each day a different image or photograph of our fascinating universe is featured, along with a brief explanation written by...
Read more >
Astronomy Picture of the Day Archive - NASA
Index | Search | Today's Picture |. Some versions of Chrome are having trouble pre-fetching the links on this page and freezing.
Read more >
APOD: 2022 June 9 - Cosmic Clouds in Cygnus - NASA
Toward the right, a massive, young O type star powers the glow of Sh2-101, the Tulip Nebula. Tomorrow's picture: pixels in space ·...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found