0

It seems that android M is moving away from OpenSSL to the BoringSSL library according to behavior-network [BoringSSL].But how to deal with my openssl connection in the app before? my app has problem:

09-30 10:40:54.241    6211-6624/com.hundsun.winner W/System.err﹕ Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xd6dcce00: Failure in SSL library, usually a protocol error
09-30 10:40:54.241    6211-6624/com.hundsun.winner W/System.err﹕ error:100c1069:SSL routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH (external/boringssl/src/ssl/s3_clnt.c:1193 0xe93a350f:0x00000000)
09-30 10:40:54.241    6211-6624/com.hundsun.winner W/System.err﹕ at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
09-30 10:40:54.241    6211-6624/com.hundsun.winner W/System.err﹕ at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
09-30 10:40:54.241    6211-6624/com.hundsun.winner W/System.err﹕ … 5 more
Iamat8
  • 3,888
  • 9
  • 25
  • 35
Jim Green
  • 1,088
  • 3
  • 15
  • 40

1 Answers1

1

Your server using DH group size less than 1024 bits? Try to increase it.

https://boringssl.googlesource.com/boringssl/+/a7997f12be358e58aeb2345bb8b88a9d53240024%5E!/

Clarence Ho
  • 176
  • 2
  • 6
  • do you know what is the strategy to choose the algorithm like DH , and so on.I know that client and server make a decision to choose one algorithm from chip suites ,but I do not know which algorithm will be choosed ,so how to specify different algorithm ( exclude DH algorithm) using `java code`? Thank you very much! – Jim Green Nov 26 '15 at 05:26
  • Are you using SSLSocket? If so, you may consider to implement your own SSLSocketFactory. For example: http://stackoverflow.com/questions/16299531/how-to-override-the-cipherlist-sent-to-the-server-by-android-when-using-httpsurl – Clarence Ho Nov 27 '15 at 06:58