Android SSLSocket#getInputstream() throws HandshakeException on earlier versions of Android 6.0

Question

In my application, I need to work on the SSLSocket. I have this code which is working on Android6.0 and above and When I run the same code on Android version 5.+ I am getting HandshakeException

private void openSSLSocket(String mHost, int mPort){
    try {
        SocketFactory sf = SSLSocketFactory.getDefault();
        mSocket = (SSLSocket) sf.createSocket(mHost, mPort);
        mSocket.setEnabledProtocols(new String[]{"TLSv1"});
        mInputStream = mSocket.getInputStream();
        mOutputStream = mSocket.getOutputStream();

        mSocket.setSoTimeout(0);

    }catch (Exception e){
        e.printStackTrace();
    }
}

I have read this article on android developer site and implemented the below code I got the .crt file for the server admin

private void openSSLSocketWithCA(String mHost, int mPort) {
    try{

        // Load CAs from an InputStream
        // (could be from a resource or ByteArrayInputStream or ...)
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        // From https://www.washington.edu/itconnect/security/ca/load-der.crt

        InputStream caInput = am.open("star_******_chained.crt");

        Certificate ca;
        try {
            ca = cf.generateCertificate(caInput);
            System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
        } finally {
            caInput.close();
        }

        // Create a KeyStore containing our trusted CAs
        String keyStoreType = KeyStore.getDefaultType();
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, null);
        keyStore.setCertificateEntry("ca", ca);

        // Create a TrustManager that trusts the CAs in our KeyStore
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);

        // Create an SSLContext that uses our TrustManager
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, tmf.getTrustManagers(), null);

        SSLSocketFactory sf = context.getSocketFactory();
        mSocket = (SSLSocket) sf.createSocket(mHost, mPort);
        mSocket.setEnabledProtocols(new String[]{"TLSv1"});
        mInputStream = mSocket.getInputStream();
        mOutputStream = mSocket.getOutputStream();

        mSocket.setSoTimeout(0);
    }catch (Exception e){
        e.printStackTrace();
    }
}

even then I am getting HandshakeException when calling mSocket.getInputStream(); method

here is the log

W/System.err: javax.net.ssl.SSLHandshakeException: Handshake failed
W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:598)
W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:560)
W/System.err:     at *******.***.*******.common.CometSocketApi.openSSLSocketWithCA(CometSocketApi.java:464)

Answer 1

After a lot of searching on web. I have landed on this page Updating security provider Finally, this solution worked for me

I have called this piece of code in onCreate of my main activity

 try {
        ProviderInstaller.installIfNeeded(this);
    } catch (GooglePlayServicesRepairableException e) {
        GooglePlayServicesUtil.getErrorDialog(e.getConnectionStatusCode(), callingActivity, 0);
    } catch (GooglePlayServicesNotAvailableException e) {
        Log.e("SecurityException", "Google Play Services not available.");
    }

This solved my issue