1

Someone from our backend team forgot to renew the SSL certificate for our server. Every connection from the Android clients was refused until we put in place a new certificate (as expected).

Now the problem is that some of our users get this SSLException AFTER we updated the server. Any ideas on what's going on?

javax.net.ssl.SSLException: SSL handshake aborted: ssl=0x63259df0: I/O error during system call, Connection reset by peer
    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:406)
    at okhttp3.internal.io.RealConnection.connectTls(RealConnection.java:195)
    at okhttp3.internal.io.RealConnection.connectSocket(RealConnection.java:148)
    at okhttp3.internal.io.RealConnection.connect(RealConnection.java:111)
    at okhttp3.internal.http.StreamAllocation.findConnection(StreamAllocation.java:188)
    at okhttp3.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:127)
    at okhttp3.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
    at okhttp3.internal.http.HttpEngine.connect(HttpEngine.java:289)
    at okhttp3.internal.http.HttpEngine.sendRequest(HttpEngine.java:241)
    at okhttp3.RealCall.getResponse(RealCall.java:240)
    at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:198)
    at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:160)
    at okhttp3.RealCall.execute(RealCall.java:57)
    at retrofit2.OkHttpCall.execute(OkHttpCall.java:177)
    at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:111)
    at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:92)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable.unsafeSubscribe(Observable.java:8098)
    at rx.internal.operators.OperatorMerge$MergeSubscriber.onNext(OperatorMerge.java:232)
    at rx.internal.operators.OperatorMerge$MergeSubscriber.onNext(OperatorMerge.java:142)
    at rx.internal.operators.OperatorMap$1.onNext(OperatorMap.java:54)
    at rx.internal.operators.OperatorDoOnEach$1.onNext(OperatorDoOnEach.java:85)
    at rx.internal.operators.OperatorMerge$MergeSubscriber.emitScalar(OperatorMerge.java:477)
    at rx.internal.operators.OperatorMerge$MergeSubscriber.tryEmit(OperatorMerge.java:435)
    at rx.internal.operators.OperatorMerge$MergeSubscriber.onNext(OperatorMerge.java:228)
    at rx.internal.operators.OperatorMerge$MergeSubscriber.onNext(OperatorMerge.java:142)
    at rx.internal.operators.OperatorMap$1.onNext(OperatorMap.java:54)
    at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:113)
    at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:92)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable$2.call(Observable.java:162)
    at rx.Observable$2.call(Observable.java:154)
    at rx.Observable.unsafeSubscribe(Observable.java:8098)
    at rx.internal.operators.OperatorSubscribeOn$1$1.call(OperatorSubscribeOn.java:62)
    at rx.internal.schedulers.ScheduledAction.run(ScheduledAction.java:55)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:422)
    at java.util.concurrent.FutureTask.run(FutureTask.java:237)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:152)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:265)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
    at java.lang.Thread.run(Thread.java:841)
Tudor Luca
  • 6,259
  • 2
  • 29
  • 44
  • 1
    "Connection reset by peer.." - the server closed the connection. Look there for log messages which point to the cause of the problem. Some ideas: problems with SNI, unsupported TLS version or ciphers... . But it is impossible to know without doing a comparison what works and what works not (i.e. packet capture, TLS debugging...) – Steffen Ullrich Apr 27 '16 at 15:32
  • Did you update the client to handle the new certificate in any way? e.g. certificate pinning? Or was this a server only update? – Yuri Schimke Oct 13 '19 at 11:14

0 Answers0