Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Update to 3.10 => Android 4.4 SLL Handcheck Error

See original GitHub issue

Hi, just to warn that i’ve got an SLL error on Android 4.4 version when i update from 3.9.1 to 3.10.

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x5c528d38:0x00000000) ---> Java.IO.IOException: SSL handshake aborted: ssl=0x59a0feb8: Failure in SSL library, usually a protocol error

I try many things like : https://github.com/square/okhttp/issues/2372 or this :

ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)  
    .tlsVersions(TlsVersion.TLS_1_2)
    .cipherSuites(
          CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
          CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
          CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
    .build();

OkHttpClient client = new OkHttpClient.Builder() 
    .connectionSpecs(Collections.singletonList(spec))
    .build();

or this : ProviderInstaller.installIfNeededAsync(this.getApplicationContext())

But nothing works and i’ve got unsuportedSLLEncryption or unknow

Issue Analytics

State:
Created 6 years ago
Comments:8 (1 by maintainers)

Top GitHub Comments

1reaction

thelittlefiremancommented, Feb 27, 2018

i add this :

            ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.COMPATIBLE_TLS)
                    .tlsVersions(TlsVersion.TLS_1_2, TlsVersion.TLS_1_1, TlsVersion.TLS_1_0)
                    .cipherSuites(
                            CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                            CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                            CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
                            CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
                    .build();
            httpClientBuilder.connectionSpecs(Collections.singletonList(spec));
        }

And it works perfectly thanks 😃

1reaction

swankjessecommented, Feb 27, 2018

Which service has your SSL certificates and cipher suites config? I don’t think this is the typical set for Cloudflare.

Did somebody remove these? TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA They’re what Android 4.4 will negotiate on cloudflare.com.

One other workaround is to install the Google security provider in the client. That’ll give you a new TLS stack even on old Android 4.4 devices. https://developer.android.com/training/articles/security-gms-provider.html