1

I disabled SSLv3 in Server side according to this support document.
My server now only supports TLS v1.1 and TLSv1.2.

However I now face a problem when my application attempts to connect from a Android 4.x device to the Worklight Server. It returns the following error:

error: W/System.err(20556): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7b381840: Failure in SSL library, usually a protocol error W/System.err(20556): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x7390c7d0:0x00000000)

I googled it and found that this is an Android issue per this documented issue. I understand that Android 4.x by default supports only TLS v1.0 and SSL v3, so this may be why it returns above error.

How can this be solved?

Idan Adar
  • 44,156
  • 13
  • 50
  • 89
John Tie
  • 11
  • 1
  • "I disabled SSLv3 in Server side according to this support document." -Strange. If you disabled SSLv3 only than TLS 1.0 should still be available. And this should be enough to make the Android clients connect. – Steffen Ullrich Jul 08 '15 at 04:53
  • I also has to disable TLSv1.0 , supporting only TLSv1.1 and v1.2. – John Tie Jul 08 '15 at 09:01
  • other issue discussion : https://github.com/bitfireAT/davdroid/issues/229 – John Tie Jul 08 '15 at 09:02
  • It is not quite clear what you expect as reply. From your comment to the answer I get that you can not change the software. You also will be unable to change all affected phones and you explicitly disabled TLS 1.0. If i understood all these correctly there is nothing left you can change or are willing to change to fix the issue. – Steffen Ullrich Jul 08 '15 at 12:10

1 Answers1

0

According to Google's documentation only applications that are built with a minimum of API Level 16 (= Android 4.1) have support for TLS v1.1.

Google does not seem to intend on back porting this support to older Android releases.

Idan Adar
  • 44,156
  • 13
  • 50
  • 89
  • 1
    Yes, I know it. But this issue occurs on Android 4.4.4 as well. If I override setEnabledProtocols(String[] protocols) method (adding TLSv1.1 and TLSv1.2 to protocols), it works. But I cannot modify the WL client library for fixing this issue. – John Tie Jul 08 '15 at 04:25
  • We're having also the same problem. Security people won't allow us to enable SSLv3 on the reverse proxies but then the App doesn't work for Android 4.X, which is 30% of current Android devices. Should i open a PMR? http://stackoverflow.com/questions/28943660/how-to-enable-tls-1-2-support-in-an-android-application-running-on-android-4-1 – Sergio Otero Lopez Feb 17 '17 at 08:35