Search result for Question Taged sslhandshakeexception
There are some results of your Tag: sslhandshakeexception
    chain validation failed SSLHandshakeException 5 Solution

    1. FAILURE
    2. Sometime when you try to do a HTTPS POST request to your server. you get SSLHandshakeException - Chain chain validation failed, all the time. but when using POSTMAN you get a response from the server. What can be causing this error when I try to send the request from the application?

    3. Most common Solution
    4. In many case it was the wrong date on phone.

      Fixing date resolved an issue

    5. Solution 2
    6. if the abouve Solution dont work Try this one

      The problem may be that the certificate was expired.

    7. Solution 3
    8. If you're using an emulated device it may solve the problem if you just 'Cold Boot' it.

      Sometimes the date on those things can get stuck if you let them run for some time, which results in this expired-certificate-problem.

    9. Solution 4
    10. In my case, I fetch this issue on Android Emulator. When I clear emulator cache has resolved the issue.

      enter image description here

    Pétur Gulnara 2022-08-09
    android - SSLHandshakeException - Chain chain validation failed, how to solve?

    in my application I am trying to do a HTTPS POST request to my server. However, I keep getting SSLHandshakeException - Chain chain validation failed, all the time. I tried to send a request using POSTMAN and I got a response from the server. What can be causing this error when I try to send the request from the application?

    Here a code snippet where I try to send the post request:

       public static JSONObject getDataLibConfiguration(Context context) throws HttpRequestException {
    
        int statusCode = 0;
    
        JSONObject commonInformation;
        HttpsURLConnection connection = null;
    
        try {
    
            commonInformation = ConfigurationProcessor.getCommonInformation(context);
            if (commonInformation == null) {
                return null;
            }
    
            URL url = new URL(BuildConfig.SERVER_CONFIG_URL);
            if (BuildConfig.DEBUG) {
                LogUtils.d(TAG, "url = " + url.getPath());
            }
    
            connection = getHttpsConnection(url);
            connection.setDoOutput(true);
            connection.setDoInput(true);
            connection.setRequestMethod("POST");
            connection.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
            connection.setRequestProperty("Content-Encoding", "gzip");
    
            byte[] gzipped = HttpUtils.gzip(commonInformation.toString());
            cos = new CountingOutputStream(connection.getOutputStream()); //<-- This is where I get the exception
            cos.write(gzipped);
            cos.flush();
    
            statusCode = connection.getResponseCode();
            // More code her
     }
    
    private static HttpsURLConnection getHttpsConnection(URL url) throws IOException, GeneralSecurityException {
    
            HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
    
            try {
                SSLContext sslContext = SSLContext.getInstance("TLS");
                MatchDomainTrustManager myTrustManager = new MatchDomainTrustManager(url.getHost());
                TrustManager[] tms = new TrustManager[]{myTrustManager};
                sslContext.init(null, tms, null);
                SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
                connection.setSSLSocketFactory(sslSocketFactory);
            } catch (AssertionError ex) {
                if (BuildConfig.DEBUG) {
                    LogFileUtils.e(TAG, "Exception in getHttpsConnection: " + ex.getMessage());
                }
                LogUtils.e(TAG, "Exception: " + ex.toString());
            }
            return connection;
        }
    
    Sydnee Vesa 2022-08-19
    retrofit2 - Android pre-lollipop devices giving error "SSL handshake aborted: ssl=0x618d9c18: I/O error during system call, Connection reset by peer"

    Iam having this strange issue in which the retrofit keeps throwing me

    "SSL handshake aborted: ssl=0x618d9c18: I/O error during system call, Connection reset by peer"

    in kitkat, whereas the same code working fine in lollipop devices. Iam using an OkHttpClient client like the following

    public OkHttpClient getUnsafeOkHttpClient() {
        try {
            final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
                @Override
                public void checkClientTrusted(
                        java.security.cert.X509Certificate[] chain,
                        String authType) {
                }
                @Override
                public void checkServerTrusted(
                        java.security.cert.X509Certificate[] chain,
                        String authType) {
                }
                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return new java.security.cert.X509Certificate[0];
                }
            } };
    
            int cacheSize = 10 * 1024 * 1024; // 10 MB
            Cache cache = new Cache(getCacheDir(), cacheSize);
            final SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
            sslContext.init(null, trustAllCerts,
                    new java.security.SecureRandom());
            final SSLSocketFactory sslSocketFactory = sslContext
                    .getSocketFactory();
            OkHttpClient okHttpClient = new OkHttpClient();
            okHttpClient = okHttpClient.newBuilder()
                    .cache(cache)
                    .sslSocketFactory(sslSocketFactory)
                    .hostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER).build();
            return okHttpClient;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    
    }
    

    Iam using this client in retrofit like this

    Retrofit retrofit = new Retrofit.Builder()
                .baseUrl(URL)
                .client(getUnsafeOkHttpClient())
                .addConverterFactory(GsonConverterFactory.create())
                .build();
    

    EDIT : adding the getUnsafeOkHttpClient() has no effect here and it is not at all recommended to bypass the ssl check by using getUnsafeOkHttpClient()

    FYI : The issue was because the api endpoint supports only TLS 1.2 which was disabled by default on android devices 16<device<20 . So for 16<device<20, create a custom SSLSocketFactory

    Nandita Maud 2022-08-30
    java - Android SSLSocket handshake failure in Android 6 and above

    I've written a server based on a Java SSLServerSocket that accepts connections and communicates to android applications via a custom binary protocol:

    ServerSocket serverSocket = SSLServerSocketFactory.getDefault().createServerSocket(1234);
    while (true) {
        Socket socket = serverSocket.accept();
        ...
    }
    

    I run the server with the following arguments:

    -Djavax.net.ssl.keyStore=keystore.jks
    -Djavax.net.ssl.keyStorePassword=<PASSWORD>
    

    And the certificate is generated using the following tutorial which builds a public and private key set: http://judebert.com/progress/archives/425-Using-SSL-in-Java,-Part-2.html:

    keytool -genkeypair -keystore keystore.jks -alias keyname
    keytool -export -alias keyname -file keyname.crt -keystore keystore.jks 
    keytool -importcert -file keyname.crt -keystore truststore.jks
    

    Also, I make this compatible with android by building a truststore using bouncycastle:

    keytool -importkeystore -srckeystore truststore.jks -srcstoretype JKS -srcstorepass <PASSWORD> -destkeystore truststore.bks -deststoretype BKS -deststorepass <PASSWORD> -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-ext-jdk15on-1.58.jar
    

    Download the bouncycastle provider here: https://www.bouncycastle.org/latest_releases.html

    And moved the resulting truststore.bks into the raw resource folder.

    On Android I use the following code to build a SSLSocketFactory which allows me to import the generated bouncycastle certificate which authenticates me against the server:

    KeyStore trustStore = KeyStore.getInstance("BKS");
    InputStream trustStoreStream = context.getResources().openRawResource(R.raw.truststore);
    trustStore.load(trustStoreStream, "<PASSWORD>".toCharArray());
    
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(trustStore);
    
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
    
    Socket socket = sslContext.getSocketFactory().createSocket("ip", 1234);
    ... use socket
    

    This works well for Android versions below 6. My issue is at version 6 and higher I get an exception when trying to use the socket:

     Shutting down connection Socket[address=/ip,port=1234,localPort=321321] due to exception Handshake failed
     javax.net.ssl.SSLHandshakeException: Handshake failed
        at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429)
        at com.example.Client.connect(Client.java:97)
        at com.example.Client.start(Client.java:60)
        at com.example.BackendServiceFactory$2.call(BackendServiceFactory.java:136)
        at com.example.BackendServiceFactory$2.call(BackendServiceFactory.java:130)
        ...
     Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xe69ec900: Failure in SSL library, usually a protocol error
     error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0xe2d10880:0x00000001)
     error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:800 0xe6ea5af3:0x00000000)
        at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
        at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
        ... 24 more
    

    I'm not sure whats going on here. There seems to be a misstep along the way dealing with client certificates, could this be a mismatch of cipher suites?

    I've put together a minimal example with a Java server, Java client and Android client to help diagnose this issue here:

    https://github.com/johncarl81/androidCA

    Sisu Célio 2022-09-13
    "Connection closed by peer" error occurs in Android 7.0 Nougat while connecting to SHA256 CA installed Windows 2003 Server SP2 through HTTPS

    My app communicates with server interface (classic ASP) through HTTPS.
    It has been workd very well in prior version of Android 7.0 Nougat. (until 6.0)
    But, Connection closed by peer Error occurs in Android 7.0 phone and AVD(Android virtual device).
    Server is Windows 2003 Server SP2 (SSL Certificate was updated from SHA1 to SHA256 in Jul 23th, 2016), HTTPS, Classic ASP
    Server's SSL certificate installation check status of GeoTrust is like below
    (cryptoreport.geotrust.com/checker/views/certCheck.jsp)
    GeoTrust check status screen shot of my Server's certificate
    (Protocols not enabled : TLS1.1, TLS1.2)

    In my opinion, Android 7.0 fails SSL handshaking with Windows 2003 Server of TLS1.0(only TLSv1.1, TLSv1.2 can support successful handshaking with SHA256 certificate?)
    Is this right?
    And I just found this hot fix : http://support.microsoft.com/kb/968730
    Is this can be a solution?

    How could I fix this problem

    Emmy Kanani 2022-11-04
    Android SSL Handshake Failed when connecting to a web service using HTTPS

    My Android app connects to a web service on my server. Everything worked fine yesterday, but today I got the error.

    I didn't make any changes to the web service, nor to the app. I suspect it's something wrong with my server, but don't know where to start.

    I tested it on both Android 5 and Android 6 devices.

    Here is the error:

    HTTPClient: (TiHttpClient-3) [1136,1136] HTTP Error (javax.net.ssl.SSLHandshakeException): Handshake failed
    [ERROR] :  TiHTTPClient: javax.net.ssl.SSLHandshakeException: Handshake failed
    [ERROR] :  TiHTTPClient:    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.internal.http.SocketConnector.connectTls(SocketConnector.java:103)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.Connection.connect(Connection.java:143)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:185)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.internal.http.HttpEngine.nextConnection(HttpEngine.java:341)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:248)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:437)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:388)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getHeaders(HttpURLConnectionImpl.java:150)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getHeaderField(HttpURLConnectionImpl.java:194)
    [ERROR] :  TiHTTPClient:    at java.net.URLConnection.getHeaderFieldInt(URLConnection.java:543)
    [ERROR] :  TiHTTPClient:    at java.net.URLConnection.getContentLength(URLConnection.java:315)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getContentLength(DelegatingHttpsURLConnection.java:146)
    [ERROR] :  TiHTTPClient:    at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getContentLength(HttpsURLConnectionImpl.java)
    [ERROR] :  TiHTTPClient:    at ti.modules.titanium.network.TiHTTPClient.handleResponse(TiHTTPClient.java:159)
    [ERROR] :  TiHTTPClient:    at ti.modules.titanium.network.TiHTTPClient.access$1200(TiHTTPClient.java:85)
    [ERROR] :  TiHTTPClient:    at ti.modules.titanium.network.TiHTTPClient$ClientRunnable.run(TiHTTPClient.java:1207)
    [ERROR] :  TiHTTPClient:    at java.lang.Thread.run(Thread.java:818)
    [ERROR] :  TiHTTPClient:    Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
    [ERROR] :  TiHTTPClient:        ... 20 more
    [ERROR] :  TiHTTPClient:        Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
    [ERROR] :  TiHTTPClient:            ... 20 more
    [ERROR] :  TiHTTPClient:        Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xaef13100: Failure in SSL library, usually a protocol error
    [ERROR] :  TiHTTPClient: error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0x9defc240:0x00000001)
    [ERROR] :  TiHTTPClient: error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO
    [ERROR] :  TiHTTPClient:            at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    [ERROR] :  TiHTTPClient:            at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
    [ERROR] :  TiHTTPClient:            ... 19 more
    [ERROR] :  TiHTTPClient:    Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xaef13100: Failure in SSL library, usually a protocol error
    [ERROR] :  TiHTTPClient: error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0x9defc240:0x00000001)
    [ERROR] :  TiHTTPClient: error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:750 0xab1e350f:0x00000000)
    [ERROR] :  TiHTTPClient:        at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    [ERROR] :  TiHTTPClient:        at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
    [ERROR] :  TiHTTPClient:        ... 19 more
    [ERROR] :  TiHTTPClient: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xaef13100: Failure in SSL library, usually a protocol error
    [ERROR] :  TiHTTPClient: error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0x9defc240:0x00000001)
    [ERROR] :  TiHTTPClient: error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:750 0xab1e350f:0x00000000)
    [ERROR] :  TiHTTPClient:    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    [ERROR] :  TiHTTPClient:    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
    [ERROR] :  TiHTTPClient:    ... 19 more
    

    Any pointer is much appreciated. Thanks.

    Séafra Orvar 2022-11-13