SSLV3_ALERT_HANDSHAKE_FAILURE sometimes occur
Well, I am not very knowledgeable about this area of networking, but I tried my best in searching for similar issue with no success.
I built web services secured with client certificate and made my Android app to connect to them through AsyncHTTPClient successfully by creating custom trust manager:
private SSLContext getSSLContext(){
try{
KeyStore keyStore = KeyStore.getInstance("PKCS12");
InputStream in = context.getResources().openRawResource(R.raw.i);
try {
keyStore.load(in,p);
} finally {
in.close();
}
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream instream = context.getResources().openRawResource(R.raw.cert);
byte[] der =loadPemCertificate(instream);
ByteArrayInputStream derInputStream = new ByteArrayInputStream(der);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(derInputStream);
String alias = cert.getSubjectX500Principal().getName();
trustStore.load(null);
trustStore.setCertificateEntry(alias, cert);
instream.close();
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(keyStore, pw);
KeyManager[] keyManagers = kmf.getKeyManagers();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(keyManagers, new TrustManager[]{mtm}, null);
return sslContext;
}catch (Exception e){
}
return null;
}
However, some requests sometimes fail. I tried to find any thing special in the failed requests but nothing. I just noticed that the failed requests are always requests that get response with chunked transfer encoding. Yet, these requests sometimes do success and sometimes they fail.
Below is the Android error:
10-15 15:09:15.319 6279-6569/com..tba W/System.err: javax.net.ssl.SSLProtocolException: Read error: ssl=0xbe44bb40: Failure in SSL library, usually a protocol error
10-15 15:09:15.320 6279-6569/com..tba W/System.err: error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0xc775cfe0:0x00000001)
10-15 15:09:15.320 6279-6569/com..tba W/System.err: error:100000d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:428 0xdd84cb7b:0x00000000)
10-15 15:09:15.320 6279-6569/com..tba W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_read(Native Method)
10-15 15:09:15.321 6279-6569/com..tba W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.read(OpenSSLSocketImpl.java:789)
10-15 15:09:15.321 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:160)
10-15 15:09:15.321 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:84)
10-15 15:09:15.321 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:273)
10-15 15:09:15.321 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
10-15 15:09:15.322 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
10-15 15:09:15.322 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:260)
10-15 15:09:15.322 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:283)
10-15 15:09:15.322 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:251)
10-15 15:09:15.322 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:223)
10-15 15:09:15.323 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:271)
10-15 15:09:15.323 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
10-15 15:09:15.323 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:685)
10-15 15:09:15.323 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:487)
10-15 15:09:15.323 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:860)
10-15 15:09:15.324 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
10-15 15:09:15.324 6279-6569/com..tba W/System.err: at com.loopj.android.http.AsyncHttpRequest.makeRequest(AsyncHttpRequest.java:146)
10-15 15:09:15.324 6279-6569/com..tba W/System.err: at com.loopj.android.http.AsyncHttpRequest.makeRequestWithRetries(AsyncHttpRequest.java:177)
10-15 15:09:15.324 6279-6569/com..tba W/System.err: at com.loopj.android.http.AsyncHttpRequest.run(AsyncHttpRequest.java:106)
10-15 15:09:15.325 6279-6569/com..tba W/System.err: at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:428)
10-15 15:09:15.325 6279-6569/com..tba W/System.err: at java.util.concurrent.FutureTask.run(FutureTask.java:237)
10-15 15:09:15.325 6279-6569/com..tba W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
10-15 15:09:15.325 6279-6569/com..tba W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
10-15 15:09:15.325 6279-6569/com..tba W/System.err: at java.lang.Thread.run(Thread.java:762)
And below is the Apache error:
AH02261: Re-negotiation handshake failed: Not accepted by client!?
Finally, below is my custom trust manager:
public class MyTrustManager implements X509TrustManager {
protected ArrayList<X509TrustManager> x509TrustManagers = new ArrayList<X509TrustManager>();
protected MyTrustManager(KeyStore... additionalkeyStores) {
final ArrayList<TrustManagerFactory> factories = new ArrayList<TrustManagerFactory>();
try {
// The default Trustmanager with default keystore
final TrustManagerFactory original = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
original.init((KeyStore) null);
factories.add(original);
for( KeyStore keyStore : additionalkeyStores ) {
final TrustManagerFactory additionalCerts = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
additionalCerts.init(keyStore);
factories.add(additionalCerts);
}
} catch (Exception e) {
throw new RuntimeException(e);
}
for (TrustManagerFactory tmf : factories)
for( TrustManager tm : tmf.getTrustManagers() )
if (tm instanceof X509TrustManager)
x509TrustManagers.add( (X509TrustManager)tm );
if( x509TrustManagers.size()==0 )
throw new RuntimeException("Couldn't find any X509TrustManagers");
}
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
final X509TrustManager defaultX509TrustManager = x509TrustManagers.get(0);
defaultX509TrustManager.checkClientTrusted(chain, authType);
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
for( X509TrustManager tm : x509TrustManagers ) {
try {
tm.checkServerTrusted(chain,authType);
return;
} catch( CertificateException e ) {
// ignore
}
}
throw new CertificateException();
}
public X509Certificate[] getAcceptedIssuers() {
final ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
for( X509TrustManager tm : x509TrustManagers )
list.addAll(Arrays.asList(tm.getAcceptedIssuers()));
return list.toArray(new X509Certificate[list.size()]);
}
}
Any insight is highly appreciated.
asked on Stack Overflow Oct 15, 2017 by 
Fatema • edited Oct 15, 2017 by (unknown user)
Fatema • edited Oct 15, 2017 by (unknown user)0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0