Glide and Picasso Failed to load resource, javax.net.ssl.SSLHandshakeException for API 19

1

i am facing this glide and picasso javax.net.ssl.SSLHandshakeException for below API 19 (KITKAT), its working fine on Above 23 (Lollipop).

here is the logcat for Glide

    11-13 15:17:56.205 11198-11198/com.oceanleaguewebcranks.app W/Glide: Load failed for http://server9host.com/ocean/oceans/category/Jellyfish.jpg with size [374x200]
    class com.bumptech.glide.load.engine.GlideException: Failed to load resource
    There was 1 cause:
    javax.net.ssl.SSLHandshakeException(javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x73fa4490: Failure in SSL library, usually a protocol error
    error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x73fc8cfc:0x00000000))
     call GlideException#logRootCauses(String) for more detail
      Cause (1 of 1): class com.bumptech.glide.load.engine.GlideException: Fetching data failed, class java.io.InputStream, REMOTE
    There was 1 cause:
    javax.net.ssl.SSLHandshakeException(javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x73fa4490: Failure in SSL library, usually a protocol error
    error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x73fc8cfc:0x00000000))
     call GlideException#logRootCauses(String) for more detail
        Cause (1 of 1): class com.bumptech.glide.load.engine.GlideException: Fetch failed
    There was 1 cause:
    javax.net.ssl.SSLHandshakeException(javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x73fa4490: Failure in SSL library, usually a protocol error
    error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x73fc8cfc:0x00000000))
     call GlideException#logRootCauses(String) for more detail
          Cause (1 of 1): class javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x73fa4490: Failure in SSL library, usually a protocol error
    error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x73fc8cfc:0x00000000)
11-13 15:17:56.205 11198-11198/com.oceanleaguewebcranks.app I/Glide: Root cause (1 of 1)
    javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x73fa4490: Failure in SSL library, usually a protocol error
    error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x73fc8cfc:0x00000000)
        at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:449)
        at com.android.okhttp.Connection.upgradeToTls(Connection.java:146)
        at com.android.okhttp.Connection.connect(Connection.java:107)
        at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294)
        at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255)
        at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206)
        at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345)
        at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:89)
        at com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:161)
        at com.bumptech.glide.load.data.HttpUrlFetcher.loadDataWithRedirects(HttpUrlFetcher.java:104)
        at com.bumptech.glide.load.data.HttpUrlFetcher.loadDataWithRedirects(HttpUrlFetcher.java:122)
        at com.bumptech.glide.load.data.HttpUrlFetcher.loadData(HttpUrlFetcher.java:59)
        at com.bumptech.glide.load.model.MultiModelLoader$MultiFetcher.loadData(MultiModelLoader.java:99)
        at com.bumptech.glide.load.model.MultiModelLoader$MultiFetcher.startNextOrFail(MultiModelLoader.java:150)
        at com.bumptech.glide.load.model.MultiModelLoader$MultiFetcher.onLoadFailed(MultiModelLoader.java:144)
        at com.bumptech.glide.load.data.HttpUrlFetcher.loadData(HttpUrlFetcher.java:65)
        at com.bumptech.glide.load.model.MultiModelLoader$MultiFetcher.loadData(MultiModelLoader.java:99)
        at com.bumptech.glide.load.engine.SourceGenerator.startNext(SourceGenerator.java:62)
        at com.bumptech.glide.load.engine.DecodeJob.runGenerators(DecodeJob.java:302)
        at com.bumptech.glide.load.engine.DecodeJob.runWrapped(DecodeJob.java:272)
        at com.bumptech.glide.load.engine.DecodeJob.run(DecodeJob.java:233)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
        at java.lang.Thread.run(Thread.java:841)
        at com.bumptech.glide.load.engine.executor.GlideExecutor$DefaultThreadFactory$1.run(GlideExecutor.java:446)
     Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x73fa4490: Failure in SSL library, usually a protocol error
    error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x73fc8cfc:0x00000000)
        at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
        at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:406)
            ... 24 more

and picasso is not returning any log.

this is a library error or its a server SSL Exception, if is Server error then how to solve...?

android
picasso
android-glide
asked on Stack Overflow Nov 13, 2018 by Manish Ahire • edited Mar 24, 2019 by Zoe

2 Answers

0

TLS 1.2 is not enabled by default in API <= 19. You need to manually enable it.

For Glide and Volley HTTP client: In your Glide App Module, (that extends AppGlideModule)

@Override
public void registerComponents(@NonNull Context context, @NonNull Glide glide, @NonNull Registry registry) {
    RequestQueue requestQueue;
    if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.KITKAT) {
        if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.KITKAT) {
                    HttpStack stack = null;
                    try {
                        stack = new HurlStack(null, new TLSSocketFactory());
                    } catch (KeyManagementException e) {
                        stack = new HurlStack();
                    } catch (NoSuchAlgorithmException e) {
                        stack = new HurlStack();
                    }
                    requestQueue = Volley.newRequestQueue(context, stack);
    } else {
        requestQueue = Volley.newRequestQueue(context); 
    }
    RequestQueue requestQueue = VolleySingleton.getInstance(context);
    requestQueue.start();
    glide.getRegistry().replace(GlideUrl.class, InputStream.class,  new VolleyUrlLoader.Factory(requestQueue));
}

TLSSocketFactory can be found in https://gist.github.com/fkrauthan/ac8624466a4dee4fd02f#file-tlssocketfactory-java

answered on Stack Overflow Nov 13, 2018 by ashazar
0

For Glide, below implementation is working for me.

Instead of LibraryGlideModule i have used AppGlideModule

GlideModule.kt

 @GlideModule
class MyGlideModule : AppGlideModule() {

    override fun registerComponents(context: Context, glide: Glide, registry: Registry) {
        registry.replace(
            GlideUrl::class.java,
            InputStream::class.java,
            OkHttpUrlLoader.Factory(UnsafeOkHttpClient.unsafeOkHttpClient)
        )
    }

}

UnsafeOkHttpClient.kt

object UnsafeOkHttpClient {
    // Create a trust manager that does not validate certificate chains
    val unsafeOkHttpClient:

            OkHttpClient
        get() = try {
            // Create a trust manager that does not validate certificate chains
            val trustAllCerts: Array<TrustManager> = arrayOf<TrustManager>(
                object : X509TrustManager {
                    @Throws(CertificateException::class)
                    override fun checkClientTrusted(
                        chain: Array<X509Certificate?>?,
                        authType: String?
                    ) {
                    }

                    @Throws(CertificateException::class)
                    override fun checkServerTrusted(
                        chain: Array<X509Certificate?>?,
                        authType: String?
                    ) {
                    }

                    override fun getAcceptedIssuers(): Array<X509Certificate?>? {
                        return arrayOf()
                    }
                }
            )
            val sslContext: SSLContext = SSLContext.getInstance("SSL")
            sslContext.init(null, trustAllCerts, SecureRandom())
            // Create an ssl socket factory with our all-trusting manager
            val sslSocketFactory: SSLSocketFactory = sslContext.socketFactory
            val builder: OkHttpClient.Builder = OkHttpClient.Builder()
            builder.sslSocketFactory(sslSocketFactory, trustAllCerts[0] as X509TrustManager)
            builder.hostnameVerifier(HostnameVerifier { hostname, session -> true })
            builder.build()
        } catch (e: Exception) {
            throw RuntimeException(e)
        }
}

AndroidManifiest

  <meta-data
            android:name="yourpackagename.MyGlideModule"
            android:value="AppGlideModule" />
answered on Stack Overflow Aug 15, 2020 by Rissmon Suresh

User contributions licensed under CC BY-SA 3.0