SSLProtocolException: SSL Handshake terminated: ssl=0xce70fa40: failure in SSL library, usually a protocol error

Question

SSLProtocolException: SSL Handshake terminated: ssl=0xce70fa40: failure in SSL library, usually a protocol error

For Android 7.0 and 7.1, I am getting following error for one of our servers

javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xce70fa40: Failure in SSL library, usually a protocol error
error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0xcf5dfda0:0x00000001)
error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0xe3062196:0x00000000)

Also here is my http-client code looks like to call the server in android application

OkHttpClient httpClient = new OkHttpClient();

Request request = new Request.Builder().url(urlStr).build();

Response response = httpClient.newCall(request).execute();

Map<String, List<String>> headers = response.headers().toMultimap();
byte[] contents = null;

contents = response.body().toString().getBytes();

I have tried all the possible solutions that have been mentioned on SO, but nothing has worked. If I go back to Android 6.0 and below, everything seems to be working fine. I am not sure if this is a cipher suites issue. I will try to grab a wireshark network handshake and post it here.

Does anyone have any idea?

This is what nmap provides about ciphersuites

PORT    STATE SERVICE
XXX/tcp open  snpp
| ssl-enum-ciphers:
|   TLSv1.0:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: server
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|   TLSv1.1:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: server
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|   TLSv1.2:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: server
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|_  least strength: C

java

android

ssl

asked on Stack Overflow Oct 15, 2018 by

yogsma • edited Oct 15, 2018 by

yogsma

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0