I am experiencing failures connecting securely to my own server which are probably as a result of the Android 6.0 changes.
10-21 21:27:10.018 1267-1530/... E/ServerService: Handshake failed 10-21 21:27:10.018 1267-1530/... E/ServerService: javax.net.ssl.SSLHandshakeException: Handshake failed 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396) 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629) 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.android.org.conscrypt.OpenSSLSocketImpl.getOutputStream(OpenSSLSocketImpl.java:615) 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.crittermap.iab.serverinterface.ServerService.onHandleIntent(ServerService.java:98) 10-21 21:27:10.018 1267-1530/... E/ServerService: at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:66) 10-21 21:27:10.018 1267-1530/... E/ServerService: at android.os.Handler.dispatchMessage(Handler.java:102) 10-21 21:27:10.018 1267-1530/... E/ServerService: at android.os.Looper.loop(Looper.java:148) 10-21 21:27:10.018 1267-1530/... E/ServerService: at android.os.HandlerThread.run(HandlerThread.java:61) 10-21 21:27:10.018 1267-1530/... E/ServerService: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x557ba6f360: Failure in SSL library, usually a protocol error 10-21 21:27:10.018 1267-1530/... E/ServerService: error:100c1069:SSL routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH (external/boringssl/src/ssl/s3_clnt.c:1193 0x7fa874c518:0x00000000) 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 10-21 21:27:10.018 1267-1530/... E/ServerService: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324) 10-21 21:27:10.018 1267-1530/... E/ServerService: ... 7 more However, nowhere that I can find are there instructions of *what to do* so your code will work with Android 6.0. That should be common courtesy when Android makes a breaking change. it does say: Android is moving away from OpenSSL to the BoringSSL <https://boringssl.googlesource.com/boringssl/> library It also gives advice for what to link when you are using the NDK. I am not using the NDK. What should java people do? I don't see anywhere in my code that I am referring to either BoringSSL or OpenSSL. Yet the stack trace above mentions both and there could be some sort of mismatch. Below is some of the code. While I am not the original author, this worked (and still does ) up to Android 5.x. I could not see any calls here that are deprecated. KeyStore trustStore = KeyStore.getInstance("BKS"); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); InputStream trustStoreStream = context.getResources().openRawResource(R.raw.iabtruststore); trustStore.load(trustStoreStream, "IABTrust$tore0424".toCharArray()); trustManagerFactory.init(trustStore); // Setup the SSL context to use the truststore ssl_ctx = SSLContext.getInstance("TLS"); ssl_ctx.init(null, trustManagerFactory.getTrustManagers(), null); //retrieve a socketfactory! socketFactory = ssl_ctx.getSocketFactory(); Any advice on what to change so that it will work? Nathan -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
