WAI
Status Update
No update yet.
Comments
na...@google.com
kl...@google.com
Thanks for the report. I'm unable to reproduce the issue using OpenSSL 1.0.1j as the server:
$ openssl s_server -accept 12345 -key key.pem -cert cert.pem -cipher 'DHE-RSA-AES256-GCM-SHA384' -debug
What server are you seeing this with?
$ openssl s_server -accept 12345 -key key.pem -cert cert.pem -cipher 'DHE-RSA-AES256-GCM-SHA384' -debug
What server are you seeing this with?
st...@gmail.com
i can only guess the server setup. according to the response headers, it's an apache. behind this, as far as i know, it's a JBoss application. i'll try to gather further information.
i'll try to get the hello's from wireshark.
i'll try to get the hello's from wireshark.
st...@gmail.com
sorry, but for now i'm unable to get hold of the server logs.
st...@gmail.com
further observations:
* the site is accessible without problems through the android stock browser and desktop chrome
* i have yet to test it with other https-clients (httpsurlconnection, volley, ...)
seems like the setup is loadbalancer+apache+tomcat.
here's the exception thrown when using the defaultCipherSuite incl. TLS_RSA_WITH_AES_256_CBC_SHA
W/verifier( 2216): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
W/verifier( 2216): at com.android.org.conscrypt.SSLNullSession.getPeerCertificates(SSLNullSession.java:104)
W/verifier( 2216): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
W/verifier( 2216): at my.app.MySslSocketFactory.createSocket(MySslSocketFactory.java:135)
W/verifier( 2216): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165)
W/verifier( 2216): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
W/verifier( 2216): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
W/verifier( 2216): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360)
W/verifier( 2216): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
W/verifier( 2216): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
W/verifier( 2216): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
W/verifier( 2216): at android.net.http.AndroidHttpClient.execute(AndroidHttpClient.java:252)
W/verifier( 2216): at my.app.sslcontest.SSLConTestFragment$TestConnection.test(SSLConTestFragment.java:402)
W/verifier( 2216): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:329)
W/verifier( 2216): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
W/verifier( 2216): at android.os.AsyncTask$2.call(AsyncTask.java:288)
W/verifier( 2216): at java.util.concurrent.FutureTask.run(FutureTask.java:237)
W/verifier( 2216): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
W/verifier( 2216): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
W/verifier( 2216): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
W/verifier( 2216): at java.lang.Thread.run(Thread.java:818)
the verifier in question is the org.apache.http.conn.ssl.SSLSocketFactory.STRICT_HOSTNAME_VERIFIER.
here's another test with an unmodified HttpsUrlConnection:
E/urlconnection( 2482): urlconnection failed
E/urlconnection( 2482): javax.net.ssl.SSLHandshakeException: Handshake failed
E/urlconnection( 2482): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2482): at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2482): at com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2482): at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2482): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2482): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2482): at android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2482): at java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2482): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2482): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2482): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2482): at java.lang.Thread.run(Thread.java:818)
E/urlconnection( 2482): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xa6c12600: Failure in SSL library, usually a protocol error
E/urlconnection( 2482): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:765 0xae352ce0:0x00000000)
E/urlconnection( 2482): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
E/urlconnection( 2482): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
E/urlconnection( 2482): ... 16 more
to my untrained eye the ssl hello's over wireshark look good enough. will get help & report back later.
* the site is accessible without problems through the android stock browser and desktop chrome
* i have yet to test it with other https-clients (httpsurlconnection, volley, ...)
seems like the setup is loadbalancer+apache+tomcat.
here's the exception thrown when using the defaultCipherSuite incl. TLS_RSA_WITH_AES_256_CBC_SHA
W/verifier( 2216): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
W/verifier( 2216): at com.android.org.conscrypt.SSLNullSession.getPeerCertificates(SSLNullSession.java:104)
W/verifier( 2216): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
W/verifier( 2216): at my.app.MySslSocketFactory.createSocket(MySslSocketFactory.java:135)
W/verifier( 2216): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165)
W/verifier( 2216): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
W/verifier( 2216): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
W/verifier( 2216): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360)
W/verifier( 2216): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
W/verifier( 2216): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
W/verifier( 2216): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
W/verifier( 2216): at android.net.http.AndroidHttpClient.execute(AndroidHttpClient.java:252)
W/verifier( 2216): at my.app.sslcontest.SSLConTestFragment$TestConnection.test(SSLConTestFragment.java:402)
W/verifier( 2216): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:329)
W/verifier( 2216): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
W/verifier( 2216): at android.os.AsyncTask$2.call(AsyncTask.java:288)
W/verifier( 2216): at java.util.concurrent.FutureTask.run(FutureTask.java:237)
W/verifier( 2216): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
W/verifier( 2216): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
W/verifier( 2216): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
W/verifier( 2216): at java.lang.Thread.run(Thread.java:818)
the verifier in question is the org.apache.http.conn.ssl.SSLSocketFactory.STRICT_HOSTNAME_VERIFIER.
here's another test with an unmodified HttpsUrlConnection:
E/urlconnection( 2482): urlconnection failed
E/urlconnection( 2482): javax.net.ssl.SSLHandshakeException: Handshake failed
E/urlconnection( 2482): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2482): at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2482): at com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2482): at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2482): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2482): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2482): at android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2482): at java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2482): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2482): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2482): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2482): at java.lang.Thread.run(Thread.java:818)
E/urlconnection( 2482): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xa6c12600: Failure in SSL library, usually a protocol error
E/urlconnection( 2482): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:765 0xae352ce0:0x00000000)
E/urlconnection( 2482): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
E/urlconnection( 2482): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
E/urlconnection( 2482): ... 16 more
to my untrained eye the ssl hello's over wireshark look good enough. will get help & report back later.
st...@gmail.com
sorry, here's the full stack trace for the urlconnection
E/urlconnection( 2482): javax.net.ssl.SSLHandshakeException: Handshake failed
E/urlconnection( 2482): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2482): at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2482): at com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2482): at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2482): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2482): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2482): at android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2482): at java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2482): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2482): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2482): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2482): at java.lang.Thread.run(Thread.java:818)
E/urlconnection( 2482): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xa6c12600: Failure in SSL library, usually a protocol error
E/urlconnection( 2482): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:765 0xae352ce0:0x00000000)
E/urlconnection( 2482): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
E/urlconnection( 2482): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
E/urlconnection( 2482): ... 16 more
E/urlconnection( 2543): urlconnection failed
E/urlconnection( 2543): javax.net.ssl.SSLHandshakeException: Handshake failed
E/urlconnection( 2543): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2543): at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2543): at com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2543): at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2543): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2543): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2543): at android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2543): at java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2543): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2543): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2543): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2543): at java.lang.Thread.run(Thread.java:818)
E/urlconnection( 2543): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xa6c0a600: Failure in SSL library, usually a protocol error
E/urlconnection( 2543): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:765 0xae352ce0:0x00000000)
E/urlconnection( 2543): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
E/urlconnection( 2543): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
E/urlconnection( 2543): ... 16 more
E/urlconnection( 2543): com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2543): com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2543): com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2543): com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2543): my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2543): my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2543): android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2543): java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2543): android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2543): java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2543): java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2543): java.lang.Thread.run(Thread.java:818)
E/urlconnection( 2543): urlconnection failed
E/urlconnection( 2543): javax.net.ssl.SSLHandshakeException: Handshake failed
E/urlconnection( 2543): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2543): at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2543): at com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2543): at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2543): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2543): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2543): at android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2543): at java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2543): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2543): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2543): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2543): at java.lang.Thread.run(Thread.java:818)
E/urlconnection( 2543): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xa6455800: Failure in SSL library, usually a protocol error
E/urlconnection( 2543): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:765 0xae352ce0:0x00000000)
E/urlconnection( 2543): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
E/urlconnection( 2543): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
E/urlconnection( 2543): ... 16 more
E/urlconnection( 2543): com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2543): com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2543): com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2543): com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2543): my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2543): my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2543): android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2543): java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2543): android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2543): java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2543): java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2543): java.lang.Thread.run(Thread.java:818)
E/urlconnection( 2482): javax.net.ssl.SSLHandshakeException: Handshake failed
E/urlconnection( 2482): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2482): at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2482): at com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2482): at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2482): at com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2482): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2482): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2482): at android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2482): at java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2482): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2482): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2482): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2482): at java.lang.Thread.run(Thread.java:818)
E/urlconnection( 2482): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xa6c12600: Failure in SSL library, usually a protocol error
E/urlconnection( 2482): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:765 0xae352ce0:0x00000000)
E/urlconnection( 2482): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
E/urlconnection( 2482): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
E/urlconnection( 2482): ... 16 more
E/urlconnection( 2543): urlconnection failed
E/urlconnection( 2543): javax.net.ssl.SSLHandshakeException: Handshake failed
E/urlconnection( 2543): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2543): at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2543): at com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2543): at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2543): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2543): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2543): at android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2543): at java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2543): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2543): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2543): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2543): at java.lang.Thread.run(Thread.java:818)
E/urlconnection( 2543): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xa6c0a600: Failure in SSL library, usually a protocol error
E/urlconnection( 2543): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:765 0xae352ce0:0x00000000)
E/urlconnection( 2543): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
E/urlconnection( 2543): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
E/urlconnection( 2543): ... 16 more
E/urlconnection( 2543): com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2543): com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2543): com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2543): com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2543): my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2543): my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2543): android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2543): java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2543): android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2543): java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2543): java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2543): java.lang.Thread.run(Thread.java:818)
E/urlconnection( 2543): urlconnection failed
E/urlconnection( 2543): javax.net.ssl.SSLHandshakeException: Handshake failed
E/urlconnection( 2543): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2543): at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2543): at com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2543): at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2543): at com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2543): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2543): at my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2543): at android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2543): at java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2543): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2543): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2543): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2543): at java.lang.Thread.run(Thread.java:818)
E/urlconnection( 2543): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xa6455800: Failure in SSL library, usually a protocol error
E/urlconnection( 2543): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:765 0xae352ce0:0x00000000)
E/urlconnection( 2543): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
E/urlconnection( 2543): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
E/urlconnection( 2543): ... 16 more
E/urlconnection( 2543): com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
E/urlconnection( 2543): com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
E/urlconnection( 2543): com.android.okhttp.Connection.connect(Connection.java:151)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
E/urlconnection( 2543): com.android.okhttp.internal.http.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
E/urlconnection( 2543): com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:25)
E/urlconnection( 2543): my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:324)
E/urlconnection( 2543): my.app.sslcontest.SSLConTestFragment$TestConnection.doInBackground(SSLConTestFragment.java:1)
E/urlconnection( 2543): android.os.AsyncTask$2.call(AsyncTask.java:288)
E/urlconnection( 2543): java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/urlconnection( 2543): android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/urlconnection( 2543): java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/urlconnection( 2543): java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/urlconnection( 2543): java.lang.Thread.run(Thread.java:818)
st...@gmail.com
ok, further testing revealed that the connection also terminates in the same fashion when using the openssl command line client.
i apologise for what seems a premature bug report; everything points to a problem on the server or the load balancer.
i apologise for what seems a premature bug report; everything points to a problem on the server or the load balancer.
kl...@google.com
If the server is reachable from the Internet, would you mind providing the address and port (no need for any credentials), if you're comfortable? I can then try running TLS/SSL handshakes with different parameters to narrow down the cause of the issue.
je...@gmail.com
Please try testwss.greenaddress.it:443 - I'm experiencing a similar issue with it.
kl...@google.com
Let's wait for an address from the OP first. Then we can establish whether testwss.greenaddress.it:443 is experiencing the same issue.
bo...@gmail.com
na...@google.com
k..n - ping. just making sure this issue is investigated in time.
FWIW :
testwss.greenaddress.it:443 works properly with openssl client.
openclipart.org:443 works ok too, though it does have a self signed certificate.
Poster #11, what was the "handshake error" you saw ? Please post a full stack trace.
FWIW :
Poster #11, what was the "handshake error" you saw ? Please post a full stack trace.
st...@gmail.com
i'm sorry, the server is not ours but belongs to a customer, and i didn't get approval to reveal its address publicly yet.
st...@gmail.com
if that would help you, send me a mail and i'll reply with the server address (i just wont post it here).
kl...@google.com
I got in touch with the author of the OP and tested the server in question. The server / load balancer has AES-GCM cipher suites enabled but does not actually correctly support them. The fix is to fix the TLS-terminating appliance (load balancer or server) to properly support AES-GCM cipher suites. A workaround is to disable AES-GCM cipher suites on the server / load balancer (i.e., add the term !AESGCM in the OpenSSL/Apache config). Another workaround is to disable AES-GCM cipher suites on the client using a custom SSLSocketFactory.
DETAILS
The server has four AES-GCM cipher suites enabled by default: DHE-RSA-AES256-GCM-SHA384, AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, AES128-GCM-SHA256. When it decides to choose one of the cipher suites during the TLS/SSL handshake, it responds with a ServerHello + Certificate + ServerKeyExchange (this one's omitted for non-DHE cipher suites) as expected. The client then responds with ClientKeyExchange + ChangeCipherSpec + Finished as expected. The server then abruptly closes the TCP connection without any TLS-level alerts.
The same client connects just fine to other servers over these four AES-GCM cipher suites. This makes me point the finger at the TLS/SSL-terminating appliance on the server side (could be a load balancer, SSL accelerator, or the server, depending on the setup).
P.S. Regardingtestwss.greenaddress.it:443 and openclipart.org:443 , it's a different issue. Android 5.0 clients can connect to it just fine.
DETAILS
The server has four AES-GCM cipher suites enabled by default: DHE-RSA-AES256-GCM-SHA384, AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, AES128-GCM-SHA256. When it decides to choose one of the cipher suites during the TLS/SSL handshake, it responds with a ServerHello + Certificate + ServerKeyExchange (this one's omitted for non-DHE cipher suites) as expected. The client then responds with ClientKeyExchange + ChangeCipherSpec + Finished as expected. The server then abruptly closes the TCP connection without any TLS-level alerts.
The same client connects just fine to other servers over these four AES-GCM cipher suites. This makes me point the finger at the TLS/SSL-terminating appliance on the server side (could be a load balancer, SSL accelerator, or the server, depending on the setup).
P.S. Regarding
ma...@gmail.com
Call to "google cloud storage" with Lollipop does not work ("handhake failed" error)(work with older versions of android).
Do we have to wait for a future release of Lollipop, or do we have to ask the "google cloud storage" team to fix it by their side (if yes, how can we contact them)
Do we have to wait for a future release of Lollipop, or do we have to ask the "google cloud storage" team to fix it by their side (if yes, how can we contact them)
nf...@google.com
maximeloridan@
The best thing to do would be to create a new issue since this one is closed. Be as specific as you can, include stack traces, bug reports, versions of apps + google play services.
Post a link to the new issue here and somebody can take a look.
The best thing to do would be to create a new issue since this one is closed. Be as specific as you can, include stack traces, bug reports, versions of apps + google play services.
Post a link to the new issue here and somebody can take a look.
da...@gmail.com
does anyone have a fix for this or this is something that is happening periodically from the servers?
Description
Steps to reproduce:
* On an Android 5 device (should also work on emulator) create an AndroidHttpClient and connect to a server that chooses "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" as the preferred cipher.
What happens:
* An exception is thrown (e.g. SSLHandshakeException, depending on the httpClient)
What should happen:
* A successfully established connection.
Further observations:
To isolate the error i overrode the used socket factory to selectively change the ciphers that are offered to the server. I was able to observe that the connection failed when using getDefaultCipherSuites(); and worked when using getSupportedCipherSuites();. My guess is that there's one cipher in the SupportedCipherSuites that is preferred over TLS_DHE_RSA_WITH_AES_256_GCM_SHA384.
Next i tried to establish a connection using single ciphers from the list of default ciphers and log which work; in my case:
"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "SSL_RSA_WITH_RC4_128_SHA"
So there are ciphers in the list of default ciphers which do work; but when offering the whole list of default ciphers, the connection fails. When offering only those 3, the connection succeeds.
With a bit more trial and error i found out that the array of default ciphers work if you remove "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" from it.
My guess is that either the implementation of TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 on the android side or on the server side (no idea what server this is) is broken.
Note: establishing a connection with "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" works.
So, to recap:
* support for TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 was added in android 5
* establishing a connection to servers preferring TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 works in android 4.4. and fails in android 5.
There are already several bug reports mentioning the same error (often in connection with mail-servers though).