Wednesday, March 16, 2016

Android https request, ssl protocol failed

By Hường Hana 8:00 PM , , , Leave a Comment

Background

SSLv3 protocol is insecure,after i read some articles, i use this solution to remove this protocol.

The method remove sslv3:

@Override         public void setEnabledProtocols(String[] protocols) {             if (protocols != null && protocols.length == 1 && "SSLv3".equals(protocols[0])) {                 // no way jose                 // see issue https://code.google.com/p/android/issues/detail?id=78187                 List<String> enabledProtocols = new ArrayList<String>(Arrays.asList(delegate.getEnabledProtocols()));               for (String pro : enabledProtocols) {                 VolleyLog.d(pro);             }                 if (enabledProtocols.size() > 1) {                     enabledProtocols.remove("SSLv3");                     VolleyLog.d("Removed SSLv3 from enabled protocols");                 } else {                     VolleyLog.d("SSL stuck with protocol available for " + String.valueOf(enabledProtocols));                 }                 protocols = enabledProtocols.toArray(new String[enabledProtocols.size()]);             }              super.setEnabledProtocols(protocols);         }

I use Volley as http client, here is my code to initialize a requestqueue:

HttpStack stack;         if (Build.VERSION.SDK_INT >= 9) {             // Use a socket factory that removes sslv3             // https://code.google.com/p/android/issues/detail?id=78187             stack = new HurlStack(null, new NoSSLv3Compat.NoSSLv3Factory());         } else {             // Prior to Gingerbread, HttpUrlConnection was unreliable.             // See: http://android-developers.blogspot.com/2011/09/androids-http-clients.html             stack = new HttpClientStack(AndroidHttpClient.newInstance(userAgent));         }

Device and Environment

I am using Xiaomi M3 with MIUI ROM, which is based on Android 4.4.4.

When the setEnabledProtocols method is called, i print some log:

D/Volley: [1444] NoSSLv3SSLSocket.setEnabledProtocols: SSLv3 D/Volley: [1444] NoSSLv3SSLSocket.setEnabledProtocols: TLSv1 D/Volley: [1444] NoSSLv3SSLSocket.setEnabledProtocols: Removed SSLv3 from enabled protocols

Problem

When i try to load this image, failed, output:

NoConnectionError: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x77f49768: Failure in SSL library, usually a protocol error

E/CachedHttp: error:1409443E:SSL routines:SSL3_READ_BYTES:tlsv1 alert inappropriate fallback (external/openssl/ssl/s3_pkt.c:1256 0x77f4c280:0x00000003)

this image server supports the following protocols:

TLS 1.2、 TLS 1.1、 TLS 1.0、 SSL 3

Could you please help me to figure it out?

1 Answers

Answers 1

Did you check the size of keys. Enable debug log to see the exact issue. Probably is being caused by insufficient key size by the backend you are trying to connect to.

Enable JCE Unlimited for java 7

Identify handshake errors

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment