Where does one set a DH_P_LENGTH? On the client? On the server? In a certificate?
Sorry if this is a dumb question for those of you who know more about SSL. I've seen this issue but it has no solution. https://code.google.com/p/android-developer-preview/issues/detail?id=2792 Nathan On Thursday, October 22, 2015 at 3:35:52 PM UTC-7, Nathan wrote: > > > Something that was cut off. > > BAD_DH_P_LENGTH > > javax.net.ssl.SSLProtocolException: SSL handshake aborted: > ssl=0x557bb63810: Failure in SSL library, usually a protocol error > error:100c1069:SSL routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH > (external/boringssl/src/ssl/s3_clnt.c:1193 0x7fa874c518:0x00000000) > > > On Thursday, October 22, 2015 at 2:04:11 PM UTC-7, Nathan wrote: >> >> I am experiencing failures connecting securely to my own server which are >> probably as a result of the Android 6.0 changes. >> >> 10-21 21:27:10.018 1267-1530/... E/ServerService: Handshake failed >> 10-21 21:27:10.018 1267-1530/... E/ServerService: >> javax.net.ssl.SSLHandshakeException: Handshake failed >> 10-21 21:27:10.018 1267-1530/... E/ServerService: at >> com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396) >> 10-21 21:27:10.018 1267-1530/... E/ServerService: at >> com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629) >> 10-21 21:27:10.018 1267-1530/... E/ServerService: at >> com.android.org.conscrypt.OpenSSLSocketImpl.getOutputStream(OpenSSLSocketImpl.java:615) >> 10-21 21:27:10.018 1267-1530/... E/ServerService: at >> com.crittermap.iab.serverinterface.ServerService.onHandleIntent(ServerService.java:98) >> 10-21 21:27:10.018 1267-1530/... E/ServerService: at >> android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:66) >> 10-21 21:27:10.018 1267-1530/... E/ServerService: at >> android.os.Handler.dispatchMessage(Handler.java:102) >> 10-21 21:27:10.018 1267-1530/... E/ServerService: at >> android.os.Looper.loop(Looper.java:148) >> 10-21 21:27:10.018 1267-1530/... E/ServerService: at >> android.os.HandlerThread.run(HandlerThread.java:61) >> 10-21 21:27:10.018 1267-1530/... E/ServerService: Caused by: >> javax.net.ssl.SSLProtocolException: SSL handshake aborted: >> ssl=0x557ba6f360: Failure in SSL library, usually a protocol error >> 10-21 21:27:10.018 1267-1530/... E/ServerService: error:100c1069:SSL >> routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH >> (external/boringssl/src/ssl/s3_clnt.c:1193 0x7fa874c518:0x00000000) >> 10-21 21:27:10.018 1267-1530/... E/ServerService: at >> com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) >> 10-21 21:27:10.018 1267-1530/... E/ServerService: at >> com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324) >> 10-21 21:27:10.018 1267-1530/... E/ServerService: ... 7 more >> >> >> However, nowhere that I can find are there instructions of *what to do* >> so your code will work with Android 6.0. That should be common courtesy >> when Android makes a breaking change. >> >> it does say: >> >> Android is moving away from OpenSSL to the BoringSSL >> <https://boringssl.googlesource.com/boringssl/> library >> >> It also gives advice for what to link when you are using the NDK. >> I am not using the NDK. What should java people do? >> I don't see anywhere in my code that I am referring to either BoringSSL >> or OpenSSL. Yet the stack trace above mentions both and there could be some >> sort of mismatch. >> >> Below is some of the code. While I am not the original author, this >> worked (and still does ) up to Android 5.x. >> >> I could not see any calls here that are deprecated. >> >> >> KeyStore trustStore = KeyStore.getInstance("BKS"); >> TrustManagerFactory trustManagerFactory = >> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); >> InputStream trustStoreStream = >> context.getResources().openRawResource(R.raw.iabtruststore); >> trustStore.load(trustStoreStream, >> "IABTrust$tore0424".toCharArray()); >> trustManagerFactory.init(trustStore); >> >> >> // Setup the SSL context to use the truststore >> ssl_ctx = SSLContext.getInstance("TLS"); >> ssl_ctx.init(null, trustManagerFactory.getTrustManagers(), null); >> >> //retrieve a socketfactory! >> socketFactory = ssl_ctx.getSocketFactory(); >> >> >> Any advice on what to change so that it will work? >> >> Nathan >> >> -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
