A workaround is to include a recent version of Conscrypt, e.g.:
implementation 'org.conscrypt:conscrypt-android:2.2.1'
and explicitly use it as the JSSE provider when building the SSLContext,
e.g.:
val tlsContext = SSLContexts.custom()
.setProvider(Conscrypt.newProvider())
.setProtocol("TLSv1.2")
.loadKeyMaterial(keyStore, password.toCharArray())
.build()
This bloats the APK size a bit but also enables HTTP2. Using only one
connection per client seems like a decent tradeoff.
On Sat, Oct 12, 2019 at 4:24 PM Roy Hashimoto <[email protected]>
wrote:
> I have implemented a simple HTTPS server using HttpCore 5.0 beta9 on
> Android with its default JSSE:
>
>
> https://github.com/rhashimoto/Android-HttpCore-Protocol-Bug/blob/master/app/src/main/java/com/example/httpcore/WebServer.kt
>
> When running on Android 8.1 (Oreo), requests to the server fail with a TLS
> protocol error in the middle of transferring the response body. When I look
> at a packet dump (sample attached) the problem is that the server properly
> sends some TLS-encrypted data but then sends some plaintext data.
>
> This seems like it might be caused by the Conscrypt bug fixed here:
>
> https://github.com/google/conscrypt/pull/189
>
> I don't entirely understand the description of the bug and fix, but I do
> not see the bad behavior when running on Android 10 and the time frame
> seems about right.
>
> My guess is that this is not an HttpCore bug but I thought I would
> document it here in case someone else encounters it or can suggest a
> workaround.
>
> Roy
>
