I am seeing lots of SSL handshake issues in my android App
E/AndroidRuntime(8853): Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
E/AndroidRuntime(8853): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:390)
This is what I am seeing on the server side
SSL_do_handshake: -1
SSL_get_error: 2
reusable connection: 0
post event 00000000013DA7A0
delete posted event 00000000013DA7A0
SSL handshake handler: 0
SSL_do_handshake: 1
SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD"
reusable connection: 1
http wait request handler
malloc: 000000000132A8E0:1024
SSL_read: -1
SSL_get_error: 2
free: 000000000132A8E0
post event 00000000013DA7A0
delete posted event 00000000013DA7A0
http wait request handler
malloc: 000000000132A8E0:1024
I am wondering if these issues are related and if someone went through this can give me some headstart on where to debug in Android and/or Nginx
Related
I'm using volley in my app and send request to my server but i got this error from my onErrorResponse volley:
Error: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb4000071bca8e448: Failure in SSL library, usually a protocol error
error:10000438:SSL routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR (external/boringssl/src/ssl/tls_record.cc:587 0xb4000071bca09588:0x00000001)
I'm using device with android 11 and the request does not work what should i do?
Make sure you have connected to wifi
PostGraphile v4.9.2 server listening on port 5001
‣ GraphQL API: http://0.0.0.0:5001/graphql
how can i change http to https. i mean, i want https://0.0.0.0:5001/graphql
because, i am getting error while debugging my ionic capacitor app for android
E/Capacitor/Console: File: http://localhost/vendor-es2018.js - Line 41539 -
Msg: ERROR Error: Http failure response for http:// mydomain .com:5001/graphql: 0 Unknown Error
i think it is about http problem but as you see it is unknown error. Thanks in advance
i found the solution here: How to allow all Network connection types HTTP and HTTPS in Android (9) Pie?
i allowed http requests in manifest.xml and i added networkSecurityConfig.xml
Thank you all
I'm making an app for Android 4.4 and above, and I'm trying to do an https request, I first tried with Retrofit and it gives me this:
V/error: javax.net.ssl.SSLHandshakeException: Handshake failed
I thoug it was something about the Retrofit API, but later I tried with Volley and it gives me this:
SSL handshake aborted: ssl=0xf311e9c8: Failure in SSL library, usually a protocol error
error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (third_party/openssl/boringssl/src/ssl/tls_record.cc:562 0xd4fba9c8:0x00000001)
error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (third_party/openssl/boringssl/src/ssl/handshake.cc:464 0xd7936bd8:0x00000000)
12-29 16:37:53.551 13763-14823/xxx.xxx.xx I/qtaguid: Untagging socket 47
12-29 16:37:53.571 13763-13763/xxx.xx.xx V/error: javax.net.ssl.SSLHandshakeException: Handshake failed
In fact, is the same issue, I don't know if I need add something to my app, due this request works perfectly with postman.
The weird thing is, before we migrate the services to the new server, I was working with a server with HTTP and it works perfectly. I don't know what I must add about security to my app.
I want to make volley https request, and I have use code from here to remove SSL3 protocol and using TLSv1.2 for android >=4.4 and TLS for Android<4.4, but sometimes when I make request this error appear :
javax.net.ssl.SSLHandshakeException:
javax.net.ssl.SSLProtocolException: SSL handshake terminated:
ssl=0x606cfb30: Failure in SSL library, usually a protocol error
error:1409443E:SSL routines:SSL3_READ_BYTES:tlsv1 alert inappropriate
fallback (external/openssl/ssl/s3_pkt.c:1256 0x5fee2098:0x00000003)
anybody can help ?
Note : That error only appear in some device with Android 4.4, some other device with Android 4.4 is working well without that error.
Finally, I found it by myself, that just the problem when using slow connection, so when the connection timeout volley handshake will failed (volley connection time out is so fast), so I try to added Volley time out to 10000 ms, like this :
jsonRequest.setRetryPolicy(new DefaultRetryPolicy(10000,
DefaultRetryPolicy.DEFAULT_MAX_RETRIES,
DefaultRetryPolicy.DEFAULT_BACKOFF_MULT));
And now my app working in device that use slow connection too.
Every once in a while, typically when I do a new install of my App, I will attempt to authenticate with our HTTPS Auth endpoint, the request takes a very long time (around 20-40 seconds) and then fails with an unknown error. I turned on Verbose Volley tracing and I see this nonsense about safebrowsing.google.com. What the heck is happening and how do I make it stop? I am using a Nexus 5 with 4.4 KitKat over wifi.
2662 qtaguid I Failed write_ctrl(u 71) res=-1 errno=22
2662 qtaguid I Untagging socket 71 failed errno=-22
2662 NetworkManagementS.. W untagSocket(71) failed with errno -22
2662 Finsky D [1] 3.onErrorResponse: Verification id=7 error response com.android.volley.NoConnectionError: java.net.UnknownHostException: Unable to resolve host "safebrowsing.google.com"
: No address associated with hostname
2662 Volley D [1] Request.finish: 40045 ms: [ ] https://safebrowsing.google.com/safebrowsing/clientreport/download 0xc9395b26 NORMAL 11
I search inside Volley's code and can't find the URL "safebrowsing.google.com"
I think that maybe your Auth endpoint doesn't accept your request params and redirects you to this domain.
It is Google feature to detect potentially harmful app:
https://support.google.com/accounts/answer/2812853?hl=en
Android calc hash of your app and send to Google for check on this address:
https://safebrowsing.google.com/safebrowsing/clientreport/download
If apk unknown it can upload it to Google for check.