1

Background

SSLv3 protocol is insecure,after i read some articles, i use this solution to remove this protocol.

The method remove sslv3:

@Override
        public void setEnabledProtocols(String[] protocols) {
            if (protocols != null && protocols.length == 1 && "SSLv3".equals(protocols[0])) {
                // no way jose
                // see issue https://code.google.com/p/android/issues/detail?id=78187
                List<String> enabledProtocols = new ArrayList<String>(Arrays.asList(delegate.getEnabledProtocols()));


            for (String pro : enabledProtocols) {
                VolleyLog.d(pro);
            }
                if (enabledProtocols.size() > 1) {
                    enabledProtocols.remove("SSLv3");
                    VolleyLog.d("Removed SSLv3 from enabled protocols");
                } else {
                    VolleyLog.d("SSL stuck with protocol available for " + String.valueOf(enabledProtocols));
                }
                protocols = enabledProtocols.toArray(new String[enabledProtocols.size()]);
            }

            super.setEnabledProtocols(protocols);
        }

I use Volley as http client, here is my code to initialize a requestqueue:

HttpStack stack;
        if (Build.VERSION.SDK_INT >= 9) {
            // Use a socket factory that removes sslv3
            // https://code.google.com/p/android/issues/detail?id=78187
            stack = new HurlStack(null, new NoSSLv3Compat.NoSSLv3Factory());
        } else {
            // Prior to Gingerbread, HttpUrlConnection was unreliable.
            // See: http://android-developers.blogspot.com/2011/09/androids-http-clients.html
            stack = new HttpClientStack(AndroidHttpClient.newInstance(userAgent));
        }

Device and Environment

I am using Xiaomi M3 with MIUI ROM, which is based on Android 4.4.4.

When the setEnabledProtocols method is called, i print some log:

D/Volley: [1444] NoSSLv3SSLSocket.setEnabledProtocols: SSLv3
D/Volley: [1444] NoSSLv3SSLSocket.setEnabledProtocols: TLSv1
D/Volley: [1444] NoSSLv3SSLSocket.setEnabledProtocols: Removed SSLv3 from enabled protocols

Problem

When i try to load this image, failed, output:

NoConnectionError: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x77f49768: Failure in SSL library, usually a protocol error

E/CachedHttp: error:1409443E:SSL routines:SSL3_READ_BYTES:tlsv1 alert inappropriate fallback (external/openssl/ssl/s3_pkt.c:1256 0x77f4c280:0x00000003)

this image server supports the following protocols:

TLS 1.2、 TLS 1.1、 TLS 1.0、 SSL 3

Could you please help me to figure it out?

BNK
  • 23,994
  • 8
  • 77
  • 87
kvh
  • 2,118
  • 19
  • 29

1 Answers1

0

Did you check the size of keys. Enable debug log to see the exact issue. Probably is being caused by insufficient key size by the backend you are trying to connect to.

Enable JCE Unlimited for java 7

Identify handshake errors

Ramandeep Nanda
  • 519
  • 3
  • 9