5

After updating to android 5.0 lollipop, HttpsURLConnection occurs handshake error.

05-05 14:54:08.821  10855-11793/com.soonoo.mobilecampus E/INFO﹕ javax.net.ssl.SSLHandshakeException: Handshake failed
    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
    at com.android.okhttp.Connection.upgradeToTls(Connection.java:238)
    at com.android.okhttp.Connection.connect(Connection.java:158)
    at com.android.okhttp.Connection.connect(Connection.java:170)
    at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:309)
    at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:242)
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:388)
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:118)
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:220)
    at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
    at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:25)
    at com.soonoo.mobilecampus.User.login(User.java:72)
    at com.soonoo.mobilecampus.LoginView$Login.doInBackground(LoginView.java:112)
    at com.soonoo.mobilecampus.LoginView$Login.doInBackground(LoginView.java:84)
    at android.os.AsyncTask$2.call(AsyncTask.java:288)
    at java.util.concurrent.FutureTask.run(FutureTask.java:237)
    at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
    at java.lang.Thread.run(Thread.java:818)
 Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xaaaf8a00: Failure in SSL library, usually a protocol error
error:1407743E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert inappropriate fallback (external/openssl/ssl/s23_clnt.c:765 0xa9295b25:0x00000000)
        at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
        at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
        ... 19 more

A server I want to connect to using HttpsURLConnection supports below cipher suites. The problem is that android 5.0 do not support any one of below cipher suites...

SSL_CK_RC4_128_EXPORT40_WITH_MD5
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL_CK_DES_64_CBC_WITH_MD5
SSL_CK_RC4_128_WITH_MD5
SSL_CK_RC2_128_CBC_WITH_MD5
SSL_CK_IDEA_128_CBC_WITH_MD5
TLS_RSA_WITH_RC4_128_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5

Then isn't there anything I can do from a client side?

soonoo
  • 867
  • 1
  • 10
  • 35
  • can you post the complete exception? – nikis May 08 '15 at 09:31
  • 2
    Usually Android supports more cipher that those that are enabled. But from the exception message I get the feeling that the server only supports SSLv3 and tries to make a fallback from TLS to SSl which is denied by Android (therefore the ciphers are not your problem). Anyway the used server should be upgraded as it is the source of the problem. – Robert May 08 '15 at 09:47
  • @Robert According to https://www.ssllabs.com/ssltest/index.html , server I want to connect suppports `TLS v1.1`. Isn't `TLS` a higher version than `SSL`? – soonoo May 08 '15 at 09:53
  • I agree with @Robert. Btw, here are changes in Android 5.0 http://developer.android.com/about/versions/android-5.0-changes.html#ssl with possible solutions in case of errors – nikis May 08 '15 at 09:54
  • I don't see anything in the stack trace about cipher suites. – user207421 May 08 '15 at 10:41

1 Answers1

-1

You should try specifying the following cipher suites:

CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
                    CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                    CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                    CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
                    CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
                    CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
                    CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
                    CipherSuite.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
                    CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
                    CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
                    CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
                    CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA
IgorGanapolsky
  • 26,189
  • 23
  • 116
  • 147