For Android 7.0 and 7.1, I am getting following error for one of our servers
javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xce70fa40: Failure in SSL library, usually a protocol error
error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0xcf5dfda0:0x00000001)
error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0xe3062196:0x00000000)
Also here is my http-client
code looks like to call the server in android application
OkHttpClient httpClient = new OkHttpClient();
Request request = new Request.Builder().url(urlStr).build();
Response response = httpClient.newCall(request).execute();
Map<String, List<String>> headers = response.headers().toMultimap();
byte[] contents = null;
contents = response.body().toString().getBytes();
I have tried all the possible solutions that have been mentioned on SO, but nothing has worked. If I go back to Android 6.0 and below, everything seems to be working fine. I am not sure if this is a cipher suites issue. I will try to grab a wireshark network handshake and post it here.
Does anyone have any idea?
This is what nmap provides about ciphersuites
PORT STATE SERVICE
XXX/tcp open snpp
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
| TLSv1.1:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
| TLSv1.2:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
|_ least strength: C
User contributions licensed under CC BY-SA 3.0