CODEWITHSUNDEEP
javaandroidssl-certificate
KnightCavalry
KnightCavalry

Reputation: 387

SSL Handshake failure for Android 2.2 version

I am developing an application that need a certificate verification from the server. It works fine on Android 2.3 version and above, but for android 2.2 it gave me an exception :

W/System.err( 2116): java.io.IOException: SSL handshake failure: Failure in SSL library, usually a protocol error
W/System.err( 2116): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1053 0x3a5208:0x00000003)
W/System.err( 2116):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method)
W/System.err( 2116):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:305)
W/System.err( 2116):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:502)
W/System.err( 2116):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:443)

This error came from BufferedInputStream when the device try to retrieve an InputStream from SSLSocket. The code is below :

BufferedInputStream getSocketReader() throws IOException {
BufferedInputStream bis = new BufferedInputStream(sslSocket.getInputStream(), 32768);
        return bis;
    }

Here is my current code of createEasySSLContext() method:

private static SSLContext createEasySSLContext() throws IOException {
    try {
        SSLContext context = SSLContext.getInstance("TLS");
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(sampleKeystore, "password".toCharArray());

        CustomX509TrustManager trustManager = new CustomX509TrustManager(null);
        context.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{trustManager}, null);
        return context;
    } catch (Exception e) {
        throw new IOException(e.getMessage());
    }
}

How is this happen? Can I fixed it without losing Android 2.2 support? Thank you.

Upvotes: 1

Views: 3199

Answers (2)

Nikolay Elenkov
Nikolay Elenkov

Reputation: 52956

More likely the CA that issued your server certificate is not trusted by Android 2.1. Either get a new certificate, or create a trust store that contains the CA certificate and setup your code to use it.

More info and some sample code here.

Upvotes: 1

brucej
brucej

Reputation: 1

It looks to me like the cert from the server is not in a form that is recognized by 2.1. You might be able to fix this by changing the certificate or cipher algorithm that you use server end.

Upvotes: 0

Related Questions