Retrofit 2.3 Unable to find acceptable protocols on 8.0 devices

Question

I'm trying to make it work on Oreo devices. This works perfectly on older devices but not on Oreo. I was having issues with handshake so I added

ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
   .tlsVersions(TlsVersion.TLS_1_2) 
   .cipherSuites(CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
   .build();

And

   .connectionSpecs(Collections.singletonList(spec))

in client. Full Code:

private static Retrofit getClient() {
    HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
    interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
    ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
            .tlsVersions(TlsVersion.TLS_1_2)
            .cipherSuites(CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
            .build();

    OkHttpClient client = new OkHttpClient.Builder()
            .addInterceptor(interceptor)
            .connectionSpecs(Collections.singletonList(spec))
            .build();

    if (retrofit == null) {
        retrofit = new Retrofit.Builder()
                .baseUrl(BASE_URL)
                .addConverterFactory(GsonConverterFactory.create())
                .client(client)
                .build();
    }
    return retrofit;
}

But now I'm having an error

D/OkHttp: <-- HTTP FAILED: java.net.UnknownServiceException: Unable to find acceptable protocols. isFallback=false, modes=[ConnectionSpec(cipherSuites=[TLS_DHE_RSA_WITH_AES_256_CBC_SHA], tlsVersions=[TLS_1_3], supportsTlsExtensions=true)], supported protocols=[TLSv1, TLSv1.1, TLSv1.2]

D/Error: Unable to find acceptable protocols. isFallback=false, modes=[ConnectionSpec(cipherSuites=[TLS_DHE_RSA_WITH_AES_256_CBC_SHA], tlsVersions=[TLS_1_3], supportsTlsExtensions=true)], supported protocols=[TLSv1, TLSv1.1, TLSv1.2]

Any suggetions?

EDIT For now I've done this and it works.

if (android.os.Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
            client = new OkHttpClient.Builder()
                    .addInterceptor(interceptor)
                    .build();
        }else {
            ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
                    .tlsVersions(TlsVersion.TLS_1_2)
                    .cipherSuites(CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
                    .build();

            client = new OkHttpClient.Builder()
                    .addInterceptor(interceptor)
                    .connectionSpecs(Collections.singletonList(spec))
                    .build();
        }

score 2 · Answer 1 · answered Nov 04 '17 at 23:10

2

OkHttp uses the intersection of the TLS versions enabled on the device with its own connection spec. And the same for cipher suites.

What's probably happening here is the intersection doesn't contain anything that is supported by your webserver.

answered Nov 04 '17 at 23:10

Jesse Wilson

39,078
8
121
128

you mean we need to modify the server part based on the client side intersection or vice-versa. – Firnaz Apr 25 '18 at 13:10

Retrofit 2.3 Unable to find acceptable protocols on 8.0 devices

1 Answers1