The first thing that I can think of is that your proxy server speaks HTTP, not HTTPS, and when you're trying to connect to it, you're sending an SSL client hello when the server is expecting an HTTP command, and then getting an HTTP error instead of the SSL server hello.
On Tue, Mar 15, 2011 at 2:00 AM, swapnil kamble <[email protected]> wrote: >> Hi All. I need some suggestion in resolving SSL handshake failure >> issue. When trying to connect to HTTPS url using >> javax.net.ssl.HttpsURLConnection in android with code below. I set the >> properties for proxy host, port and tried opening https connection. >> >> >> >> >> props.setProperty("https.proxyHost","co.proxyserver.com"); >> props.setProperty("https.proxyPort","8000"); >> >> URL targetURL = new URL("https://www.fortify.net";); // >> http://www.fortify.net works properly >> >> >> >> HttpsURLConnection connection = (HttpsURLConnection) >> targetURL.openConnection(); >> //Proxy proxy = new Proxy(Proxy.Type.HTTP,new >> InetSocketAddress("co.proxyserver.com",8000));//Doesn't work either >> >> >> >> //connection = (HttpsURLConnection) targetURL.openConnection(proxy); >> //java.io.IOException: SSL handshake failure: I/O error during system call, >> Unknown error: 0 >> >> connection.connect(); >> >> >> The same code works perfectly fine when ran with jdk on desktop. >> >> >> >> There is something SSL protocol related error during ssl handshake in >> s23_clnt.c of openssl code. >> >> There are no issues in connecting to http URLs. >> >> - Steps to reproduce >> 1. Use the above code in an android activity >> >> >> >> 2. Run it behind the proxy by correctly replacing proxy host and port >> - What happened. >> 03-15 11:41:28.069: WARN/System.err(1312): java.io.IOException: SSL >> handshake failure: Failure in SSL library, usually a protocol error >> >> >> >> 03-15 11:41:28.069: WARN/System.err(1312): error:140770FC:SSL >> routines:SSL23_GET_SERVER_HELLO:unknown protocol >> (external/openssl/ssl/s23_clnt.c:597 0x80cfb51f:0x00000000) >> 03-15 11:41:28.069: WARN/System.err(1312): at >> org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native >> Method) >> >> >> >> 03-15 11:41:28.069: WARN/System.err(1312): at >> org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:305) >> 03-15 11:41:28.069: WARN/System.err(1312): at >> org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnection.getSecureSocket(HttpConnection.java:168) >> >> >> >> 03-15 11:41:28.070: WARN/System.err(1312): at >> org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnection$HttpsEngine.connect(HttpsURLConnection.java:404) >> 03-15 11:41:28.070: WARN/System.err(1312): at >> org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnection.connect(HttpsURLConnection.java:146) >> >> >> >> 03-15 11:41:28.091: WARN/System.err(1312): at >> com.android.proxytest.HttpProxyTest.javaHttpsRequest(HttpProxyTest.java:354) >> 03-15 11:41:28.092: WARN/System.err(1312): at >> com.android.proxytest.HttpProxyTest.access$800(HttpProxyTest.java:49) >> >> >> >> 03-15 11:41:28.092: WARN/System.err(1312): at >> com.android.proxytest.HttpProxyTest$8$1.run(HttpProxyTest.java:163) >> 03-15 11:41:28.092: WARN/System.err(1312): at >> java.lang.Thread.run(Thread.java:1096) >> >> This issue is there in both in eclair as well as froyo. Attached the code >> for reference. >> >> Thanks >> Swapnil > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
