Android ssl handshake failed

SSL Handshake failure in Android 10 #718

Comments

nildeka commented Sep 13, 2019

Android 10 throws exception in SSL Handshaking both in emulators and Pixel devices. The same code works for Android 9 and before.
Steps to reproduce:

Create a Private Public Key Pair.
KeyPairGenerator kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA);

Send public key to server and receives client certiricates, and store it in Android Keystore. As well as store Root Server certificate.

Using Trustmananger to create SSLContext

Start handshake with server:
String server = «185.58.87.115»;
SSLSocketFactory ssf = sslContext.getSocketFactory();

The handshake failed with below exception:

`W/CryptoUpcalls: Preferred provider doesn’t support key:
java.security.InvalidKeyException: Keystore operation failed
at android.security.KeyStore.getInvalidKeyException(KeyStore.java:1362)
at android.security.KeyStore.getInvalidKeyException(KeyStore.java:1402)
at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54)
at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:265)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:109)
at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2984)
at javax.crypto.Cipher.tryCombinations(Cipher.java:2891)
at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2796)
at javax.crypto.Cipher.chooseProvider(Cipher.java:773)
at javax.crypto.Cipher.init(Cipher.java:1143)
at javax.crypto.Cipher.init(Cipher.java:1084)
at com.android.org.conscrypt.CryptoUpcalls.rsaOpWithPrivateKey(CryptoUpcalls.java:173)
at com.android.org.conscrypt.CryptoUpcalls.rsaSignDigestWithPrivateKey(CryptoUpcalls.java:132)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:387)
at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:226)
at asynctls.mimecast.com.asynctlsapp.MainActivity$1.run(MainActivity.java:352)
at java.lang.Thread.run(Thread.java:919)
Caused by: android.security.KeyStoreException: Incompatible padding mode
at android.security.KeyStore.getKeyStoreException(KeyStore.java:1292)
at android.security.KeyStore.getInvalidKeyException(KeyStore.java:1402)
at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54)
at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:265)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:109)
at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2984)
at javax.crypto.Cipher.tryCombinations(Cipher.java:2891)
at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2796)
at javax.crypto.Cipher.chooseProvider(Cipher.java:773)
at javax.crypto.Cipher.init(Cipher.java:1143)
at javax.crypto.Cipher.init(Cipher.java:1084)
at com.android.org.conscrypt.CryptoUpcalls.rsaOpWithPrivateKey(CryptoUpcalls.java:173)
at com.android.org.conscrypt.CryptoUpcalls.rsaSignDigestWithPrivateKey(CryptoUpcalls.java:132)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:387)
at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:226)
at asynctls.mimecast.com.asynctlsapp.MainActivity$1.run(MainActivity.java:352)
at java.lang.Thread.run(Thread.java:919)

W/CryptoUpcalls: Could not find provider for algorithm: RSA/ECB/NoPadding
W/System.err: javax.net.ssl.SSLHandshakeException: Handshake failed
W/System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:288)
W/System.err: at asynctls.mimecast.com.asynctlsapp.MainActivity$1.run(MainActivity.java:351)
W/System.err: at java.lang.Thread.run(Thread.java:919)
W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7dbcec0850c8: Failure in SSL library, usually a protocol error
W/System.err: error:04000044:RSA routines:OPENSSL_internal:internal error (external/conscrypt/common/src/jni/main/cpp/conscrypt/native_crypto.cc:740 0x7dbce6155e73:0x00000000)
W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
W/System.err: at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:387)
W/System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:226)
W/System.err: . 2 more`

The app works fine with Pre Android 10 phone.
Could you please look, this will block our app’s functionality completely.

The text was updated successfully, but these errors were encountered:

Источник

SSL handshake failed- Android issue #150

Comments

shah-pooja commented Oct 4, 2018

I am trying to login using the post method. The content type in the header is «x-www-form-urlencoded» . While doing login in the android devices it gives me error as following
api response error :
android studio error : D/NativeCrypto: ssl=0x7933868700 NativeCrypto_SSL_do_handshake exception => 0
I/System.out: close [socket]
D/WebView: evaluateJavascript=cordova.callbackFromNative(‘CordovaHttpPlugin1822917423’,false,9,[<"status":-1,"error":"SSL handshake failed">],false);
Using the same API I am trying to login in the ios devices it works fine.
Please help me out as soon as possible. Thank you.

The text was updated successfully, but these errors were encountered:

smartameer commented Nov 6, 2018

Experiencing Same issue.

jhgeluk commented Nov 15, 2018

Experiencing same issue.

silkimen commented Nov 25, 2018

Hi guys, this is happening when something goes wrong during SSL handshake. Maybe the server is using a cipher suite or a SSL version which is not supported on the device? It’s hard to tell without having more information. Maybe you can check the server logs to get more detailed infos?

shah-pooja commented Nov 30, 2018

Upgrade the plugin to the latest version and before calling post method for api add the following code:
cordova.plugin.http.setSSLCertMode(‘nocheck’, function() <
console.log(‘success!’);
>, function() <
console.log(‘error :(‘);
>);
The details about this method is already available in the plugin document. This helped me.

Hanzofm commented Dec 11, 2018 •

Same problem with Android 6.0.1 what would be the problem with it?

EDIT: OMG, my problem was the phone date that was from past

mirfanazam commented Dec 16, 2018

I am facing the same issue in Ionic app. I am calling this.https.setSSLCertMode(‘pinned’); before post request.

Can I have sample code and location (for android) to copy the certificates.

I have two certificate one .cer and other .p12. In browser i can make successful requests to the server but through device i get «SSL Handshake failed.»

danishin commented Dec 20, 2018

viiskies commented Jan 7, 2019

Experiencing same issue. Is this issue related to https://issuetracker.google.com/issues/37122132. I’m getting SSL handshake error on 7.0 devices, 7.1.1 and others work fine.

alemit commented Jun 15, 2019 •

Experiencing same issue. Is this issue related to https://issuetracker.google.com/issues/37122132. I’m getting SSL handshake error on 7.0 devices, 7.1.1 and others work fine.

It is exactly this issue, but it is not resolved. Did someone resolve it somehow? Android 7.0 has

10% market share and cannot be just skipped

cvettelina commented Jul 20, 2019

It seems the proposed solution above
cordova.plugin.http.setSSLCertMode(‘nocheck’, function() <
console.log(‘success!’);
>, function() <
console.log(‘error :(‘);
>);

works only once (for the first call) after that it again check the certs and the call fails for android 7.0
Can anyone please advice when and how this function should be used in order to stop checking certificates

shah-pooja commented Jul 22, 2019

please write in your service file where post method is defined. Hence every time you call post method this method will be executed along.

Manu0086 commented Aug 26, 2019 •

Same problem only on Android 7.0

javax.net.ssl.sslhandshakeexception: handshake failed

and setSSLCertMode(‘nocheck’); doesn’t work !

in nginx configuration, i replace ssl_ecdh_curve secp384r1; by ssl_ecdh_curve prime256v1; (or secp256r1)

marutifh commented Oct 17, 2019

I am trying to login using the post method. The content type in the header is «x-www-form-urlencoded» . While doing login in the android devices it gives me error as following
api response error :
android studio error : D/NativeCrypto: ssl=0x7933868700 NativeCrypto_SSL_do_handshake exception => 0
I/System.out: close [socket]
D/WebView: evaluateJavascript=cordova.callbackFromNative(‘CordovaHttpPlugin1822917423’,false,9,[<"status":-1,"error":"SSL handshake failed">],false);
Using the same API I am trying to login in the ios devices it works fine.
Please help me out as soon as possible. Thank you.

Did you find any solution? I am facing the same issue, and this is not with any Android version specific, I am facing this issue with all Android versions.

ommyjay commented Oct 22, 2019

Try using acceptAllCerts(true) method before the request

silkimen commented Nov 10, 2019

Closing this, feel free to open a new issue, if this won’t solve your problem! 👍

You can’t perform that action at this time.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.

Источник

Handshake failed (Android 5 and 6) #187

Comments

myroniak commented Jul 3, 2019 •

I have a code with connection to wss server and I caught the error with Handshake:

SSLContext context = NaiveSSLContext.getInstance(«TLS»);
new WebSocketFactory()
.setSSLContext(context)
.setVerifyHostname(false)
.setConnectionTimeout(5000)
.createSocket(BuildConfig.SOCKETURL)
.addListener(webSocketListener)
.addExtension(WebSocketExtension.PERMESSAGE_DEFLATE)
.connect();

07-03 21:53:00.486 5258-5258/com.blockchain.edcwallet W/System.err: com.neovisionaries.ws.client.WebSocketException: Failed to get the input stream of the raw socket: Handshake failed
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.neovisionaries.ws.client.WebSocket.openInputStream(WebSocket.java:3321)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.neovisionaries.ws.client.WebSocket.shakeHands(WebSocket.java:3279)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.neovisionaries.ws.client.WebSocket.connect(WebSocket.java:2326)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.blockchain.edcwallet.data.network.service.socket.EventServiceImpl.connectWS(EventServiceImpl.java:91)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.blockchain.edcwallet.data.network.service.socket.EventServiceImpl.connect(EventServiceImpl.java:37)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.blockchain.edcwallet.util.AppLifeCycleObserver.onEnterForeground(AppLifeCycleObserver.java:33)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at java.lang.reflect.Method.invoke(Native Method)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at java.lang.reflect.Method.invoke(Method.java:372)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.ClassesInfoCache$MethodReference.invokeCallback(ClassesInfoCache.java:215)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.ClassesInfoCache$CallbackInfo.invokeMethodsForEvent(ClassesInfoCache.java:193)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.ClassesInfoCache$CallbackInfo.invokeCallbacks(ClassesInfoCache.java:184)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.ReflectiveGenericLifecycleObserver.onStateChanged(ReflectiveGenericLifecycleObserver.java:36)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.LifecycleRegistry$ObserverWithState.dispatchEvent(LifecycleRegistry.java:355)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.LifecycleRegistry.forwardPass(LifecycleRegistry.java:293)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.LifecycleRegistry.sync(LifecycleRegistry.java:333)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.LifecycleRegistry.moveToState(LifecycleRegistry.java:138)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.LifecycleRegistry.handleLifecycleEvent(LifecycleRegistry.java:124)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.ProcessLifecycleOwner.activityStarted(ProcessLifecycleOwner.java:108)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.ProcessLifecycleOwner$2.onStart(ProcessLifecycleOwner.java:80)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.ReportFragment.dispatchStart(ReportFragment.java:61)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at androidx.lifecycle.ReportFragment.onStart(ReportFragment.java:81)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.app.Fragment.performStart(Fragment.java:2077)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.app.FragmentManagerImpl.moveToState(FragmentManager.java:922)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.app.FragmentManagerImpl.moveToState(FragmentManager.java:1067)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.app.FragmentManagerImpl.moveToState(FragmentManager.java:1049)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.app.FragmentManagerImpl.dispatchStart(FragmentManager.java:1874)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.app.Activity.performStart(Activity.java:5959)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2261)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2360)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.app.ActivityThread.access$800(ActivityThread.java:144)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1278)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.os.Handler.dispatchMessage(Handler.java:102)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.os.Looper.loop(Looper.java:135)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at android.app.ActivityThread.main(ActivityThread.java:5221)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at java.lang.reflect.Method.invoke(Native Method)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at java.lang.reflect.Method.invoke(Method.java:372)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:899)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:694)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:598)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:560)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.neovisionaries.ws.client.WebSocket.openInputStream(WebSocket.java:3314)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: . 37 more
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7f62ea28ab80: Failure in SSL library, usually a protocol error
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:765 0x7f62e1998e90:0x00000000)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
07-03 21:53:00.487 5258-5258/com.blockchain.edcwallet W/System.err: . 40 more

The text was updated successfully, but these errors were encountered:

Источник