Hello, I am trying to establish a SSL connection from a client application running on Android to a server running on Windows machine. Connection seems to be established but when I try to send a message I get an error (see below). When implementing this I was following the EchoServer example here http://mina.apache.org/report/trunk/xref/org/apache/mina/example/echoserver/ . The same code works when I try to connect from a client running on Windows. Unsecure connection works even on Android correctly.
Below is the exception that I get: 04-20 08:47:32.168: ERROR/ConnectionManager(217): javax.net.ssl.SSLHandshakeException: SSL handshake failed. 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:220) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:264) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at java.lang.Thread.run(Thread.java:1096) 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by: javax.net.ssl.SSLException: Error occured in delegated task:javax.net.ssl.SSLException: Unexpected exception 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.harmony.xnet.provider.jsse.HandshakeProtocol.fatalAlert(HandshakeProtocol.java:324) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.harmony.xnet.provider.jsse.HandshakeProtocol.wrap(HandshakeProtocol.java:276) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.harmony.xnet.provider.jsse.SSLEngineImpl.wrap(SSLEngineImpl.java:708) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:462) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:514) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392) 04-20 08:47:32.168: ERROR/ConnectionManager(217): ... 9 more 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by: org.apache.harmony.xnet.provider.jsse.AlertException: javax.net.ssl.SSLException: Unexpected exception 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.harmony.xnet.provider.jsse.HandshakeProtocol.fatalAlert(HandshakeProtocol.java:324) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl.processServerHelloDone(ClientHandshakeImpl.java:421) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl$1.run(ClientHandshakeImpl.java:287) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl$1.run(ClientHandshakeImpl.java:286) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at java.security.AccessController.doPrivilegedImpl(AccessController.java:205) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at java.security.AccessController.doPrivileged(AccessController.java:178) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.harmony.xnet.provider.jsse.DelegatedTask.run(DelegatedTask.java:54) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:685) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:486) 04-20 08:47:32.168: ERROR/ConnectionManager(217): ... 11 more 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by: javax.net.ssl.SSLException: Unexpected exception 04-20 08:47:32.168: ERROR/ConnectionManager(217): ... 20 more 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by: java.security.InvalidKeyException: The public key in the certificate cannot be used for ENCRYPT_MODE 04-20 08:47:32.168: ERROR/ConnectionManager(217): at javax.crypto.Cipher.init(Cipher.java:815) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at javax.crypto.Cipher.init(Cipher.java:747) 04-20 08:47:32.168: ERROR/ConnectionManager(217): at org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl.processServerHelloDone(ClientHandshakeImpl.java:418) 04-20 08:47:32.168: ERROR/ConnectionManager(217): ... 18 more I found out in the Cipher class that this exception is thrown if one wants to use a certificate for encryption and the certificate has set extension "critical" but doesn't have extension "encipherOnly". Is it possible that these attributes are not correctly set by Mina or Android during the creation of a Certificate? Is Mina supported on Android? If not do you plan to support it in near future (next few months)? Do you know any possible workaround for this? I was trying to solve this for last few days and I am quite desperate. Any help is welcome. Thank you Pavol Kaiser
