hubert
hubert

Reputation: 933

CLEARTEXT communication not supported on Retrofit

I'm trying to connect to https server on android using Retrofit. Here's my OkHttpClient

@Provides
public OkHttpClient provideContactClient(){
  HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
  ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
      .tlsVersions(TlsVersion.TLS_1_2)
      .cipherSuites(CipherSuite.TLS_RSA_WITH_DES_CBC_SHA,
          CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
          CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
      .build();
  interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
  SSLSocketFactory sslSocketFactory = null;
  try {
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, null, null);
    sslSocketFactory = sslContext.getSocketFactory();
  }catch (GeneralSecurityException e){
    e.printStackTrace();
  }
  return new OkHttpClient.Builder()
      .addInterceptor(interceptor)
      .connectionSpecs(Collections.singletonList(spec))
      .sslSocketFactory(sslSocketFactory)
      .authenticator(new Authenticator() {
        @Override
        public Request authenticate(Route route, Response response) throws IOException {
          if(responseCount(response) >= 5){
            return null;
          }
          String credential = Credentials.basic("user", "pass");
          return response.request().newBuilder().header("Authorization", credential).build();
        }
      })
      .build();
}

However I keep getting CLEARTEXT communication not supported: exception

While debugging the RealConnection class I notice route.address() member does not have the sslSocketFactory despite it being assigned in Bulider.

Upvotes: 56

Views: 62449

Answers (5)

Nagraj Naveen
Nagraj Naveen

Reputation: 1

usesCleartextTraffic

use tools:replace="android:usesCleartextTraffic" in your manifest.xml file

Upvotes: 0

Jitendra
Jitendra

Reputation: 3698

According to Network security configuration

The guidance in this section applies only to apps that target Android 8.1 (API level 27) or lower. Starting with Android 9 (API level 28), cleartext support is disabled by default.

Create file res/xml/network_security_config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">Your URL(ex: 127.0.0.1)</domain>
    </domain-config>
</network-security-config>

AndroidManifest.xml

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:networkSecurityConfig="@xml/network_security_config"
        ...>
        ...
    </application>
</manifest>

OR you can directly set in application in manifest like this.

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:usesCleartextTraffic="true"
        ...>
        ...
    </application>
</manifest>

Upvotes: 146

nutella_eater
nutella_eater

Reputation: 3592

Adding only this to manifest (inside application)

android:usesCleartextTraffic="true"

works!

Upvotes: 25

Irregular Expression
Irregular Expression

Reputation: 101

Also "CLEARTEXT communication not supported exception" may be easily produced even in old Android devices (6.0, 5.0, 5.1, etc.) by OkHttp library if you request an http:// host with a https/tls ConnectionSpec settings.

Upvotes: 0

CommonsWare
CommonsWare

Reputation: 1007474

The CLEARTEXT message is due to requesting an http URL, either directly or via a server-side redirect (e.g., starts with https, then redirects to http).

In terms of your "trust anchor for certification path not found" message, your server appears to be using some SSL certificate that is not backed by one of the standard ones on whatever Android environment you are testing on. For example, perhaps your server is using an self-signed SSL certificate.

Options include:

Upvotes: 9

Related Questions