3

In a Android app (Kitkat 4.4.4 on a Nexus 7) I use the Retrofit REST library to access a HTTPS server which I configured to allow only TLS, but no SSL (to fix the Poodle vulnerability).

My Retrofit setup code is simple

RetrofitInterface retrofitInterface = new RestAdapter.Builder()
    .setEndpoint(API.API_URL).build().create(RetrofitInterface.class);

and I do no further SSL-specific configuration.

If I disallow SSLv2/SSLv3 in the server configuration, the REST resource request fails with this error message:

failure retrofit.RetrofitError: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x69978800: Failure in SSL library, usually a protocol error
    error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1256 0x683cddf8:0x00000003)

When I configure the HTTPS server to allow SSLv2/SSLv3, the problem disappears.

Do I need additional configuration to force the Android HTTP library to use TLS instead of SSL?

mjn
  • 36,362
  • 28
  • 176
  • 378
  • This can be a configuration problem on the client or server side and it is hard to tell with only these few details. It would be easier to help if you provide the name of the server if it is public accessible or provide a packet capture if the successful and unsuccessful connections to see the difference. You might also try to check the server against [ssllabs](ssllabs.com/ssltest/analyze.html). – Steffen Ullrich Nov 13 '14 at 21:57
  • @SteffenUllrich I found a way to solve the problem and will post details based on additional tests – mjn Nov 17 '14 at 15:37
  • Any details on the way you solved it? – Patrick Kafka Oct 01 '15 at 17:01
  • I'm also want to disable support for for the SSLv2, SSL v3 protocol, could you help me how to disable? – Bajrang Hudda Aug 16 '17 at 07:01

1 Answers1

1

I found the solution is to use the OkHttp client provided by the Retrofit developers.

So I guess the default HTTP client used in Retrofit has a problem with SSL/TLS handshakes.

mjn
  • 36,362
  • 28
  • 176
  • 378