CODEWITHSUNDEEP
javaandroidjsouptls1.2sslv3
Sergio
Sergio

Reputation: 2473

How to disable SSLv3 in Jsoup android? (javax.net.ssl.SSLHandshakeException)

I've got this error while trying to connect to prozis.com website through Jsoup in android 4.2.2, but failing because the site only accepts TLS 1.2. I've done some reading and I found it's a problem with the SSLv3 protocol not being enabled by default in this version of android. But as I'm using Jsoup, I can't extend the main class and use a custom SSLSocketFactory class. Is there some other way to disable SSLv3 or force TLS1.x in android 4?

String url;
@Override
protected Document doInBackground(String... params) {
    this.url = params[0];
    Document resultDocument = null;
    try {
        resultDocument = Jsoup
                .connect(url)
                .validateTLSCertificates(false)
                .userAgent(userAgent)
                .timeout(NET_TIMEOUT)
                .maxBodySize(0) //sem limite de tamanho do doc recebido
                .get();

    } catch (IOException e) {
        e.printStackTrace();
    }
    return resultDocument;


09-29 01:45:51.662 3447-3471 W/System.err: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb835f708: Failure in SSL library, usually a protocol error
09-29 01:45:51.662 3447-3471 W/System.err: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x9db03901:0x00000000)
09-29 01:45:51.662 3447-3471 W/System.err:     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:420)
09-29 01:45:51.674 3447-3471 W/System.err:     at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209)
09-29 01:45:51.674 3447-3471 W/System.err:     at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478)
09-29 01:45:51.674 3447-3471 W/System.err:     at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:442)
09-29 01:45:51.674 3447-3471 W/System.err:     at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:290)
09-29 01:45:51.674 3447-3471 W/System.err:     at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:240)
09-29 01:45:51.674 3447-3471 W/System.err:     at libcore.net.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:81)
09-29 01:45:51.674 3447-3471 W/System.err:     at libcore.net.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:165)
09-29 01:45:51.674 3447-3471 W/System.err:     at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:652)
09-29 01:45:51.674 3447-3471 W/System.err:     at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:629)
09-29 01:45:51.674 3447-3471 W/System.err:     at org.jsoup.helper.HttpConnection.execute(HttpConnection.java:261)
09-29 01:45:51.674 3447-3471 W/System.err:     at org.jsoup.helper.HttpConnection.get(HttpConnection.java:250)
09-29 01:45:51.674 3447-3471 W/System.err:     at com.cruz.sergio.myproteinpricechecker.VoucherFragment$GetPRZVouchersAsync.doInBackground(VoucherFragment.java:195)
09-29 01:45:51.674 3447-3471 W/System.err:     at com.cruz.sergio.myproteinpricechecker.VoucherFragment$GetPRZVouchersAsync.doInBackground(VoucherFragment.java:186)
09-29 01:45:51.674 3447-3471 W/System.err:     at android.os.AsyncTask$2.call(AsyncTask.java:287)
09-29 01:45:51.674 3447-3471 W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:234)
09-29 01:45:51.674 3447-3471 W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
09-29 01:45:51.674 3447-3471 W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
09-29 01:45:51.674 3447-3471 W/System.err:     at java.lang.Thread.run(Thread.java:856)
09-29 01:45:51.674 3447-3471 W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb835f708: Failure in SSL library, usually a protocol error
09-29 01:45:51.674 3447-3471 W/System.err: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x9db03901:0x00000000)
09-29 01:45:51.674 3447-3471 W/System.err:     at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
09-29 01:45:51.674 3447-3471 W/System.err:     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:378)
09-29 01:45:51.674 3447-3471 W/System.err:  ... 18 more
09-29 01:45:51.682 3447-3465 W/System.err: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb836c108: Failure in SSL library, usually a protocol error
09-29 01:45:51.682 3447-3465 W/System.err: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x9db03901:0x00000000)
09-29 01:45:51.682 3447-3465 W/System.err:     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:420)
09-29 01:45:51.682 3447-3465 W/System.err:     at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209)
09-29 01:45:51.682 3447-3465 W/System.err:     at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478)
09-29 01:45:51.682 3447-3465 W/System.err:     at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:442)
09-29 01:45:51.682 3447-3465 W/System.err:     at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:290)
09-29 01:45:51.682 3447-3465 W/System.err:     at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:240)
09-29 01:45:51.682 3447-3465 W/System.err:     at libcore.net.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:81)
09-29 01:45:51.682 3447-3465 W/System.err:     at libcore.net.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:165)
09-29 01:45:51.682 3447-3465 W/System.err:     at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:652)
09-29 01:45:51.682 3447-3465 W/System.err:     at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:629)
09-29 01:45:51.682 3447-3465 W/System.err:     at org.jsoup.helper.HttpConnection.execute(HttpConnection.java:261)
09-29 01:45:51.682 3447-3465 W/System.err:     at org.jsoup.helper.HttpConnection.get(HttpConnection.java:250)
09-29 01:45:51.682 3447-3465 W/System.err:     at com.cruz.sergio.myproteinpricechecker.NewsFragment$GetPRZNewsAsync.doInBackground(NewsFragment.java:346)
09-29 01:45:51.682 3447-3465 W/System.err:     at com.cruz.sergio.myproteinpricechecker.NewsFragment$GetPRZNewsAsync.doInBackground(NewsFragment.java:328)
09-29 01:45:51.682 3447-3465 W/System.err:     at android.os.AsyncTask$2.call(AsyncTask.java:287)
09-29 01:45:51.682 3447-3465 W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:234)
09-29 01:45:51.682 3447-3465 W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
09-29 01:45:51.682 3447-3465 W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
09-29 01:45:51.682 3447-3465 W/System.err:     at java.lang.Thread.run(Thread.java:856)
09-29 01:45:51.682 3447-3465 W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb836c108: Failure in SSL library, usually a protocol error
09-29 01:45:51.682 3447-3465 W/System.err: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x9db03901:0x00000000)
09-29 01:45:51.682 3447-3465 W/System.err:     at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
09-29 01:45:51.682 3447-3465 W/System.err:     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:378)

09-29 01:45:51.682 3447-3465 W/System.err: ... 18 more

Upvotes: 0

Views: 1321

Answers (2)

Criss
Criss

Reputation: 785

try this work as well make SSLHelper at first

key word : Jsoup SSl SSLHandshakeException

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;

/**
 * Created by Javad on 2017-12-05 at 8:29 PM.
 */
public class SSLHelper {

  public static void enableSSLSocket() throws KeyManagementException, NoSuchAlgorithmException {
    HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
      public boolean verify(String hostname, SSLSession session) {
        return true;
      }
    });

    SSLContext context = SSLContext.getInstance("TLS");
    context.init(null, new X509TrustManager[]{new X509TrustManager() {
      public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
      }

      public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
      }

      public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
      }
    }}, new SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
  }
}

then conncet to your Server like this :

    private void connectToServer() {
  new Thread(new Runnable() {
    @Override
    public void run() {
      try {
        SSLHelper.enableSSLSocket();
        Connection.Response response = Jsoup
          .connect("https://URL")
          .method(Connection.Method.POST)
          .data("KEY", "VALUE")
          .validateTLSCertificates(true)
          .followRedirects(true)
          .execute();
        Log.i("response", response.toString());
        Log.i("response", response.headers().toString());
        Log.i("response", response.body());

        Document doc = response.parse();
        String result = doc.body().text();

      } catch (IOException e) {
        e.printStackTrace();
        G.toast("ERROR !");
      } catch (java.security.NoSuchAlgorithmException | java.security.KeyManagementException e) {
        e.printStackTrace();
      }
    }
  }).start();
}

Upvotes: 0

Sergio
Sergio

Reputation: 2473

Found out how to make this work using NetCipher library. Answer from another question answered by Hans-Christoph Steiner: https://stackoverflow.com/a/32466614/6723008

In the build.gradle (app module) file include the NetCipher compile dependency, latest version is 1.2:

compile 'info.guardianproject.netcipher:netcipher:1.2'

(Or you can download the netcipher-1.2.jar and include it directly in your app.)

Usage: 

HttpsURLConnection netCipherconnection = NetCipher.getHttpsURLConnection(url);
netCipherconnection.connect();

BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(netCipherconnection.getInputStream()));
StringBuilder stringBuilder = new StringBuilder();
String stringHTML;
while ((stringHTML = bufferedReader.readLine()) != null)
    stringBuilder.append(stringHTML);
bufferedReader.close();
Document resultDocument = Jsoup.parse(String.valueOf(stringBuilder));

Upvotes: 1

Related Questions