Implementing TLS-SSL in android - javax.net.ssl.SSLHandshakeException: Handshake failed
I am trying to implement SSL with TLS v1.2 in android. The code I have written is as follows:
try {
if (mSocket == null || !mSocket.isBound()
|| mSocket.isClosed()) {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
InputStream inputStream = mContext.getAssets().open("keystore.pfx");
try {
keyStore.load(inputStream, mContext.getString(R.string.pw).toCharArray());
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} finally {
if (inputStream != null) {
inputStream.close();
}
}
KeyStore trustStore = KeyStore.getInstance("PKCS12");
InputStream inputStreamts = mContext.getAssets().open("truststore.pfx");
try {
trustStore.load(inputStreamts, mContext.getString(R.string.ts_pw).toCharArray());
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} finally {
if (inputStreamts != null) {
inputStreamts.close();
}
}
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, mContext.getString(R.string.pw).toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
mSocket = (SSLSocket) factory.createSocket(businessIp, businessPort);
mSocket.setEnabledProtocols(new String[]{"TLSv1.2"});
mSocket.setEnabledCipherSuites(sslContext.getServerSocketFactory().getSupportedCipherSuites());
}
mSocket.setUseClientMode(true);
StringBuilder inputLineBuilder = new StringBuilder();
if (mSocket != null) {
try {
//printSocketInfo(mSocket);
mSocket.startHandshake();
OutputStream os = mSocket.getOutputStream();
os.write(f_RequestData);
PrintWriter out = new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(os)));
out.flush();
if (out.checkError())
System.out.println("SSLSocketClient: java.io.PrintWriter error");
BufferedReader in = new BufferedReader(
new InputStreamReader(
mSocket.getInputStream()));
String response;
while ((response = in.readLine()) != null)
inputLineBuilder.append(response);
in.close();
out.close();
mSocket.close();
m_Response = inputLineBuilder.toString();
}catch(Exception e){e.printstacktrace();}
}
} catch (UnknownHostException e) {
e.printstacktrace();
} catch (SocketTimeoutException e) {
e.printStackTrace();
} catch (SocketException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
Socket is created successfully, but when mSocket.startHandshake() is executed I am getting following exception:
2019-01-25 16:56:37.627 4905-4991/com.example W/System.err: javax.net.ssl.SSLHandshakeException: Handshake failed
2019-01-25 16:56:37.627 4905-4991/com.example W/System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:276)
2019-01-25 16:56:37.627 4905-4991/com.example W/System.err: at com.example.networkmanager.ConnectionManager$1.run(ConnectionManager.java:135)
2019-01-25 16:56:37.627 4905-4991/com.example W/System.err: at java.lang.Thread.run(Thread.java:764)
2019-01-25 16:56:37.627 4905-4991/com.example W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x724c726080: Failure in SSL library, usually a protocol error
2019-01-25 16:56:37.627 4905-4991/com.example W/System.err: error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/tls_record.cc:579 0x7242eb8540:0x00000001)
2019-01-25 16:56:37.627 4905-4991/com.example W/System.err: error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/handshake_client.cc:893 0x724ebf70d7:0x00000000)
2019-01-25 16:56:37.627 4905-4991/com.example W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
2019-01-25 16:56:37.627 4905-4991/com.example W/System.err: at com.android.org.conscrypt.SslWrapper.doHandshake(SslWrapper.java:374)
2019-01-25 16:56:37.627 4905-4991/com.example W/System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:217)
2019-01-25 16:56:37.627 4905-4991/com.example W/System.err: ... 2 more
When tried to print socket information. Following info I am able to see:
Need client authentication = false
Cipher suite = SSL_NULL_WITH_NULL_NULL
Protocol = NONE
Peer Host = null
Peer Port = -1
Is Valid = false
Along with following exception when tried to get peer principle:
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate at com.android.org.conscrypt.SSLNullSession.getPeerPrincipal(SSLNullSession.java:122) at com.neml.direct.qr.networkmanager.ConnectionManager.printSocketInfo(ConnectionManager.java:246) at com.neml.direct.qr.networkmanager.ConnectionManager$1.run(ConnectionManager.java:134) at java.lang.Thread.run(Thread.java:764)
I have searched this problem with several stackoverflow posts and blogs. following things I have already checked:
- KeyStore & TrustStore is loaded properly and is not null.
- Checked order of certificate chain. It is proper.
I am not able to understand, what I am missing, what else needs to be done to start handshake successfully. Please help. Any help will be appreciated.
Anuja Kothekar0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0