Android HTTPS SSLHandshake Exception : Connection Reset By Peer, using ksoap on Lollipop Android Device

Question

I have a problem connecting to the https site using Lollipop Android device using ksoap library. i'm getting SSLHandshake Exception : Connection Reset By Peer. I notice Android 5.0 have changes on TLS/SSL configuration, on their site it state

TLSv1.2 and TLSv1.1 protocols are now enabled, AES-GCM (AEAD) cipher suites are now enabled, MD5, 3DES, export, and static key ECDH cipher suites are now disabled, Forward Secrecy cipher suites (ECDHE and DHE) are preferred.

I check the server, it's using TLS_RSA_WITH_3DES_EDE_CBC_SHA as the cipher suite which is not supported by Android 5.0

I have tried using solution on this link to accept all certificate : KSOAP 2 Android with HTTPS

And make custom SSLSocketFactory to just enabled the preffered cipher suite : How to override the cipherlist sent to the server by Android when using HttpsURLConnection?

Bu no success i'm getting an error "TLS_RSA_WITH_3DES_EDE_CBC_SHA is not supported"

Is there any workaround to handle this matter on client side because i know this can be solved by upgrading the server to add modern cipher suite which Android 5 supported.

Answer 1

I had the same problem. I found a link https://code.google.com/p/android/issues/detail?id=88313 where I found a code:

public class MySSLSocketFactory extends SSLSocketFactory {
           SSLContext sslContext = SSLContext.getInstance("TLS");


           public MySSLSocketFactory() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
                super(null, null, null, null, null, null);

                final TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustMgrFactory.init((KeyStore) null);

                sslContext.init(null, trustMgrFactory.getTrustManagers(), new SecureRandom());
            }

            @Override
            public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
                final SSLSocket sslSocket = (SSLSocket) sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
                sslSocket.setEnabledCipherSuites(sslSocket.getSupportedCipherSuites());
                return sslSocket;
            }

            @Override
            public Socket createSocket() throws IOException {
                final SSLSocket sslSocket = (SSLSocket) sslContext.getSocketFactory().createSocket();
                sslSocket.setEnabledCipherSuites(sslSocket.getSupportedCipherSuites());
                return sslSocket;
            }
    }

You could try to use custom SSlSocketFactory as I've wrote above. Also it's not the best solution. You can have some security issue later, because for connection it can use some old cipher algorithm.

Hope this helps.

Answer 2

I had the same problem I wrote SSL_RSA_WITH_3DES_EDE_CBC_SHA instead of TLS_RSA_WITH_3DES_EDE_CBC_SHA And it worked for me.

You can check this Is TLS_RSA_WITH_3DES_EDE_CBC_SHA equivalent to SSL_RSA_WITH_3DES_EDE_CBC_SHA