SSL handshake aborted: ssl=0xb9e21100: Failure in SSL library, usually a protocol error

0

I have reviewed many issues with the same exception that's happening in my application. I only have this issue with Kitkat running an old version of Retrofit/Okhttp to support older versions and this occurs when connecting to a HTTPS/SSL secured website.

Build.gradle

implementation('com.squareup.retrofit2:converter-gson:2.0.2') {
    exclude group: 'org.apache.commons', module: 'commons-io'
}
implementation('com.squareup.retrofit2:retrofit-converters:2.0.2') {
    exclude group: 'org.apache.commons', module: 'commons-io'
}
implementation 'com.squareup.okhttp3:logging-interceptor:3.12.1'
implementation 'com.squareup.okhttp3:okhttp:3.12.1'

Error:

javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb9e21100: Failure in SSL library, usually a protocol error

05-09 18:53:43.132 12230-12230/myapplication W/System.err: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x8d978990:0x00000000)

AndroidManifest:

android:usesCleartextTraffic="true"

That's how im getting the client:

public static OkHttpClient getHttpClientBuilder(){
    ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.COMPATIBLE_TLS)
            .supportsTlsExtensions(true)
            .tlsVersions(TlsVersion.TLS_1_2, TlsVersion.TLS_1_1, TlsVersion.TLS_1_0)
            .cipherSuites(
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                    CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                    CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
                    CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                    CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
                    CipherSuite.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
                    CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
                    CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
                    CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
            .build();

    OkHttpClient.Builder client = new OkHttpClient.Builder()
            .connectionSpecs(Collections.singletonList(spec))
            //.addInterceptor(new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BODY))
            .followRedirects(true)
            .followSslRedirects(true)
            .retryOnConnectionFailure(true)
            .cache(null)
            .connectTimeout(5, TimeUnit.SECONDS)
            .readTimeout(60, TimeUnit.SECONDS)
            .connectTimeout(60, TimeUnit.SECONDS);

    return enableTls12OnPreLollipop(client).build();
}

enableTls12OnPreLollipop

 public static OkHttpClient.Builder enableTls12OnPreLollipop(OkHttpClient.Builder client) {
    if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22) {
        try {
            SSLContext sc = SSLContext.getInstance("TLSv1.2");
            sc.init(null, null, null);
            client.sslSocketFactory(new Tls12SocketFactory(sc.getSocketFactory()));

            ConnectionSpec cs = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
                    .tlsVersions(TlsVersion.TLS_1_2).build();

            List<ConnectionSpec> specs = new ArrayList<>();
            specs.add(cs);
            specs.add(ConnectionSpec.COMPATIBLE_TLS);
            specs.add(ConnectionSpec.CLEARTEXT);

            client.connectionSpecs(specs);
        } catch (Exception exc) {

        }
    }

    return client;
}
java
android
ssl
asked on Stack Overflow May 9, 2019 by Jaeger

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0