Something that was cut off. BAD_DH_P_LENGTH
javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x557bb63810: Failure in SSL library, usually a protocol error error:100c1069:SSL routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH (external/boringssl/src/ssl/s3_clnt.c:1193 0x7fa874c518:0x00000000) On Thursday, October 22, 2015 at 2:04:11 PM UTC-7, Nathan wrote: > > I am experiencing failures connecting securely to my own server which are > probably as a result of the Android 6.0 changes. > > 10-21 21:27:10.018 1267-1530/... E/ServerService: Handshake failed > 10-21 21:27:10.018 1267-1530/... E/ServerService: > javax.net.ssl.SSLHandshakeException: Handshake failed > 10-21 21:27:10.018 1267-1530/... E/ServerService: at > com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396) > 10-21 21:27:10.018 1267-1530/... E/ServerService: at > com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629) > 10-21 21:27:10.018 1267-1530/... E/ServerService: at > com.android.org.conscrypt.OpenSSLSocketImpl.getOutputStream(OpenSSLSocketImpl.java:615) > 10-21 21:27:10.018 1267-1530/... E/ServerService: at > com.crittermap.iab.serverinterface.ServerService.onHandleIntent(ServerService.java:98) > 10-21 21:27:10.018 1267-1530/... E/ServerService: at > android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:66) > 10-21 21:27:10.018 1267-1530/... E/ServerService: at > android.os.Handler.dispatchMessage(Handler.java:102) > 10-21 21:27:10.018 1267-1530/... E/ServerService: at > android.os.Looper.loop(Looper.java:148) > 10-21 21:27:10.018 1267-1530/... E/ServerService: at > android.os.HandlerThread.run(HandlerThread.java:61) > 10-21 21:27:10.018 1267-1530/... E/ServerService: Caused by: > javax.net.ssl.SSLProtocolException: SSL handshake aborted: > ssl=0x557ba6f360: Failure in SSL library, usually a protocol error > 10-21 21:27:10.018 1267-1530/... E/ServerService: error:100c1069:SSL > routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH > (external/boringssl/src/ssl/s3_clnt.c:1193 0x7fa874c518:0x00000000) > 10-21 21:27:10.018 1267-1530/... E/ServerService: at > com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) > 10-21 21:27:10.018 1267-1530/... E/ServerService: at > com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324) > 10-21 21:27:10.018 1267-1530/... E/ServerService: ... 7 more > > > However, nowhere that I can find are there instructions of *what to do* so > your code will work with Android 6.0. That should be common courtesy when > Android makes a breaking change. > > it does say: > > Android is moving away from OpenSSL to the BoringSSL > <https://boringssl.googlesource.com/boringssl/> library > > It also gives advice for what to link when you are using the NDK. > I am not using the NDK. What should java people do? > I don't see anywhere in my code that I am referring to either BoringSSL or > OpenSSL. Yet the stack trace above mentions both and there could be some > sort of mismatch. > > Below is some of the code. While I am not the original author, this worked > (and still does ) up to Android 5.x. > > I could not see any calls here that are deprecated. > > > KeyStore trustStore = KeyStore.getInstance("BKS"); > TrustManagerFactory trustManagerFactory = > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > InputStream trustStoreStream = > context.getResources().openRawResource(R.raw.iabtruststore); > trustStore.load(trustStoreStream, "IABTrust$tore0424".toCharArray()); > trustManagerFactory.init(trustStore); > > > // Setup the SSL context to use the truststore > ssl_ctx = SSLContext.getInstance("TLS"); > ssl_ctx.init(null, trustManagerFactory.getTrustManagers(), null); > > //retrieve a socketfactory! > socketFactory = ssl_ctx.getSocketFactory(); > > > Any advice on what to change so that it will work? > > Nathan > > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
