Netty on Android - InvalidKeyException

Question

I'm trying to run netty on android. It works fine on Motorola Xoom tablet running 3.2. But it constantly fails on Samsung Galaxy S and Galaxy Tab running 2.3.6 and 3.1 respectively. The exception trace is as below. Has someone faced this earlier.. Any workaround on this.. thanks.

Caused by: java.security.InvalidKeyException: The public key in the 
certificate cannot be used for ENCRYPT_MODE 
     at javax.crypto.Cipher.init(Cipher.java:815) 
     at javax.crypto.Cipher.init(Cipher.java:747) 
     at 
org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl.processServerHelloDone(ClientHandshakeImpl.java: 
418) 

Answer 1

This has symptoms consistent with the bug in earlier versions of Android's implementation of Cypher where if other party's certificate has KeyUsage extension flag set to Critical and at the same time does not include KeyUsage "DataEncipherment" then Android's implementation of Cipher thinks the certificate is not valid and throws Exception which apparently is not the correct behavior.

I found a work around here: http://code.google.com/p/android/issues/detail?id=9307#c180 but then I improved on it and posted back: http://code.google.com/p/android/issues/detail?id=9307#c184 . This got my code working on Android 2.2. Do not be put off by seemingly irrelevant topic where this link points to.

Answer 2

This was supposed to be fixed in 3.0 or later: http://code.google.com/p/android/issues/detail?id=12955

Based on the line numbers you gave, you have the old version of javax/crypto/Cipher.java. This patch should fix it.

Edit:
If that doesn't fix it, the SSL Engine likely doesn't have a cipher suite enabled that is compatible with your server. You can use openssl s_client connect or the script given here to see what ciphers your server likes and enable those.