After updating our server with ECC certificate - secp384r1, our client app running on Android 7.0 could not establish communication with server but getting OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE exception.
Doing some investigation it is found that, Android 7.0 supports only secp256r1 and accidentally dropped secp384r1 and secp512r1 which is a known bug and fixed in Android 7.1.1 . Without upgrading to 7.1.1 is there any workaround for our client app possible to avoid this exception?
I have found some probable solutions after googling like -
- From here - https://groups.google.com/forum/#!topic/k-9-mail/RqgHRs1Wh24, "These are both specific to Google dropping ECC curves in the crypto library. This could be fixed in K-9 by bringing along a crypto library rather than using the system library as Chrome and Firefox do."
Is it feasible to use different(self-developed) crypto lib rather than Android system lib like chrome/Firefox ?
- Does it make any help adding cipher suites to our client app which are used by server ?
