I am experiencing failures connecting securely to my own server which are probably as a result of the Android 6.0 changes.
10-21 21:27:10.018 1267-1530/... E/ServerService: Handshake failed 10-21 21:27:10.018 1267-1530/... E/ServerService: javax.net.ssl.SSLHandshakeException: Handshake failed 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396) 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629) 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.android.org.conscrypt.OpenSSLSocketImpl.getOutputStream(OpenSSLSocketImpl.java:615) 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.crittermap.iab.serverinterface.ServerService.onHandleIntent(ServerService.java:98) 10-21 21:27:10.018 1267-1530/... E/ServerService: at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:66) 10-21 21:27:10.018 1267-1530/... E/ServerService: at android.os.Handler.dispatchMessage(Handler.java:102) 10-21 21:27:10.018 1267-1530/... E/ServerService: at android.os.Looper.loop(Looper.java:148) 10-21 21:27:10.018 1267-1530/... E/ServerService: at android.os.HandlerThread.run(HandlerThread.java:61) 10-21 21:27:10.018 1267-1530/... E/ServerService: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x557ba6f360: Failure in SSL library, usually a protocol error 10-21 21:27:10.018 1267-1530/... E/ServerService: error:100c1069:SSL routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH (external/boringssl/src/ssl/s3_clnt.c:1193 0x7fa874c518:0x00000000) 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324) 10-21 21:27:10.018 1267-1530/... E/ServerService: ... 7 more However, nowhere that I can find are there instructions of *what to do* so your code will work with Android 6.0. That should be common courtesy when Android makes a breaking change. it does say: Android is moving away from OpenSSL to the BoringSSL <https://boringssl.googlesource.com/boringssl/> library It also gives advice for what to link when you are using the NDK. I am not using the NDK. What should java people do? I don't see anywhere in my code that I am referring to either BoringSSL or OpenSSL. Yet the stack trace above mentions both and there could be some sort of mismatch. Below is some of the code. While I am not the original author, this worked (and still does ) up to Android 5.x. I could not see any calls here that are deprecated. KeyStore trustStore = KeyStore.getInstance("BKS"); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); InputStream trustStoreStream = context.getResources().openRawResource(R.raw.iabtruststore); trustStore.load(trustStoreStream, "IABTrust$tore0424".toCharArray()); trustManagerFactory.init(trustStore); // Setup the SSL context to use the truststore ssl_ctx = SSLContext.getInstance("TLS"); ssl_ctx.init(null, trustManagerFactory.getTrustManagers(), null); //retrieve a socketfactory! socketFactory = ssl_ctx.getSocketFactory(); Any advice on what to change so that it will work? Nathan -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
