Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

"SSLProtocolException: SSL handshake aborted" exception on Android 5.1 after migrationg to 4.7.1

See original GitHub issue

Hi guys!

After migrating from 3.12.0 to 4.7.1 On Android 5.1 I’m getting SSLProtocolException :

Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7f2719a89e80: Failure in SSL library, usually a protocol error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:770 0x7f2728a53ea0:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:318)

The host I’m trying to connect is admin-api-stg.oitchau.com.br

I have tried this:

.connectionSpecs(
                listOf(
                    ConnectionSpec.Builder(ConnectionSpec.COMPATIBLE_TLS)
                        .build()
                )
            )

But no luck

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:11 (6 by maintainers)

github_iconTop GitHub Comments

2reactions
lemberhcommented, Jun 26, 2020

Guys, thanks for help! I have fixed this by adding

private fun updateAndroidSecurityProvider() {
        try {
            ProviderInstaller.installIfNeeded(this)
        } catch (e: GooglePlayServicesRepairableException) {
            // Thrown when Google Play Services is not installed, up-to-date, or enabled
            // Show dialog to allow users to install, update, or otherwise enable Google Play services.
            // IGNORE
        } catch (e: GooglePlayServicesNotAvailableException) {
            Timber.e("SecurityException Google Play Services not available.")
        }
    }

to my App.onCreate() Important updateAndroidSecurityProvider() invocation must be before OkHttpClient initialization

Successful Handshake on 4.7.1 return:

Handshake{tlsVersion=TLS_1_2 cipherSuite=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 peerCertificates=[CN=sni.cloudflaressl.com, O=“Cloudflare, Inc.”, L=San Francisco, ST=CA, C=US, CN=CloudFlare Inc ECC CA-2, O=“CloudFlare, Inc.”, L=San Francisco, ST=CA, C=US, CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE] localCertificates=[]}

To reproduce this Exception I have used this method:

private fun testCall() {
        val client = OkHttpClient.Builder()
            .connectTimeout(40, TimeUnit.SECONDS)
            .writeTimeout(40, TimeUnit.SECONDS)
            .readTimeout(40, TimeUnit.SECONDS)
            .connectionSpecs(
                listOf(
                    ConnectionSpec.Builder(ConnectionSpec.COMPATIBLE_TLS)
                        .build()
                )
            )
            .addInterceptor { chain ->
                val response = chain.proceed(chain.request())
                Timber.i(response.handshake.toString())
                response
            }
            .apply {
                if (com.oitchau.tablet.BuildConfig.DEBUG)
                    addNetworkInterceptor(
                        HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BODY)
                    )
            }
            .build()

        val JSON = "application/json; charset=utf-8".toMediaTypeOrNull()
        val body = RequestBody.create(JSON, "{ }" )
        val request = Request.Builder()
            .url("https://admin-api-stg.oitchau.com.br/v1/public/structure/tablets/register")
            .post(body)
            .build()

        GlobalScope.launch {
            Timber.i(client.newCall(request).execute().toString())
        }
    }

I have tested it on this emulator:

Target: google_apis [Google APIs] (API level 22) CPU/ABI: Google APIs Intel Atom (x86_64)`

0reactions
lemberhcommented, Jun 30, 2020

@swankjesse Oddly it uses the same cipher suite with User-Agent: okhttp/3.12.0 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_1_2

Read more comments on GitHub >

github_iconTop Results From Across the Web

javax.net.ssl.SSLProtocolException: SSL handshake aborted ...
It is a bug in android versions < 4.4 , and it can be solved by removing the SSLv3 protocol from Enabled Protocols...
Read more >
KB310677: Users receive a Javax.net.ssl.SSLProtocolException
SSLProtocolException : SSL handshake aborted error on Android 4.x with MicroStrategy 10.5 app when opening a configuration link. Users receive a Javax.net.ssl.
Read more >
On the Security of Authentication Protocols for the Web (La ...
4.7.1 Attacks on TLS handshake integrity . ... 5.1 Cookie truncation attack against Google Accounts . ... of some aspects of Android). 1.2.11...
Read more >
Thesis Delign at Lavaud Psl | PDF - Scribd
4.7.1 Attacks on TLS handshake integrity . ... 5.1 Motivation: Header Truncation Attacks against HTTPS . ... 4.9 Resumption after unknown key share...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Support clean shutdown of TaskRunner threads and documentation

Next page

`okhttp3.internal.Util.closeQuietly` isn't that quite