Android SSLHandShakeException: Handschake failed on Android 6.0.1

Question

Since a week when doing a request, I get this SSLHandschakeException. Have been searching the internet, found nothing to solve the problem. The code used to work, and stopped working wihout a change. The SSL certificate is valid, it works in the browser, also on the Android device. But not in the app.

I run the app on a Nexus 5 with Android 6.0.1. The app uses Volley to make the requests, just normal stuff.

The weirdest thing is, when removing the app from the device, and than run the app, it works. But after that is doesn't.

The complete stacktrace:

com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: Handshake failed
      at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:151)
      at com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:112)
    Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396)
      at com.android.okhttp.internal.http.SocketConnector.connectTls(SocketConnector.java:103)
      at com.android.okhttp.Connection.connect(Connection.java:143)
      at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:185)
      at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
      at com.android.okhttp.internal.http.HttpEngine.nextConnection(HttpEngine.java:341)
      at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330)
      at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:248)
      at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:437)
      at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:388)
      at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponseCode(HttpURLConnectionImpl.java:501)
      at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getResponseCode(DelegatingHttpsURLConnection.java:105)
      at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java)
      at com.android.volley.toolbox.HurlStack.performRequest(HurlStack.java:110)
      at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:96)
      at com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:112) 
    Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
      ... 16 more
      Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
        ... 16 more
      Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
        ... 16 more
      Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xab1e5c00: Failure in SSL library, usually a protocol error
    error:100c543e:SSL routines:ssl3_read_bytes:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:972 0xab4705c0:0x00000001)
      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
        ... 15 more
    Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xab1e5c00: Failure in SSL library, usually a protocol error
    error:100c543e:SSL routines:ssl3_read_bytes:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:972 0xab4705c0:0x00000001)
      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
      ... 15 more
    Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xab1e5c00: Failure in SSL library, usually a protocol error
    error:100c543e:SSL routines:ssl3_read_bytes:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:972 0xab4705c0:0x00000001)
      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
      ... 15 more
    Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xab1e5c00: Failure in SSL library, usually a protocol error
    error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0xab4705c0:0x00000001)
    error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:750 0xab23259f:0x00000000)
      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
      ... 15 more

Answer 1

As explained here: https://github.com/square/okhttp/issues/1582#issuecomment-97104082

You could be in one of those situations:

1. You go to a site called https://example.com and you end up on a site that to you appears to be on https://example.com but is giving you a certificate for https://no-example.com. OkHttp will correctly fail the connection. In a browser like Chrome you'd see a warning in the console along the lines of "This isn't the page you think it is"

2. Other exceptions showed that a certificate was provided by the server, but it wasn't trusted because the root certificate wasn't on the client device (or may have expired)

You need to debug more your SSL problems, probably due to a wrong certificate configuration on server or a missing/expired certificate on the client. You can try to follow something similar to this when you have understood where is your problem