0

I'm testing a SSLSocket connection for a server running as IntentService I'm running on Android app. For that, I'm using PacketSender to send a SSL packet with data, where it was working when using Socket instead of SSLSocket.

When tring to receive data from PacketSender, the app manages to accept the connection, but throws an Exception (see below) when trying to call getInputStream:

Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb967c838: Failure in SSL library, usually a protocol error
error:100b60c1:SSL routines:ssl3_get_client_hello:NO_SHARED_CIPHER (external/boringssl/src/ssl/s3_srvr.c:1085 0xac4e759f:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
... 7 more

I followed this answer to try switching from plain Socket to SSLSocket.

EDIT: Tried implementing a self-signed certificate for the server app, but the error is persists.

private SSLContext createSSLContext(){
    try{
        byte[] der = SERVER_CERT.getBytes();
        ByteArrayInputStream derInputStream = new ByteArrayInputStream(der);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(derInputStream);
        String alias = cert.getSubjectX500Principal().getName();

        // Create keystore and add to ssl context
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(null);
        trustStore.setCertificateEntry(alias, cert);

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
        kmf.init(trustStore, null);
        KeyManager[] keyManagers = kmf.getKeyManagers();

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
        tmf.init(trustStore);
        TrustManager[] trustManagers = tmf.getTrustManagers();

        SSLContext sslContext = SSLContext.getInstance("TLSv1.1");
        sslContext.init(keyManagers, trustManagers, null);

        return sslContext;
    } catch (Exception ex){
        ex.printStackTrace();
    }

    return null;
}
Minoru
  • 1,680
  • 3
  • 20
  • 44
  • Does the server provide a certificate? – Antimatéria Aug 25 '17 at 14:01
  • No, I tried following the cited answer. Also, I don't need a real certificate, because the validation is done a step before. Just need to enable SSL communication to encrypt the packet swap. – Minoru Aug 25 '17 at 14:03
  • By my understanding you need a certificate since not having one makes the connection insecure and that's not enabled by using SSLSockets – Antimatéria Aug 25 '17 at 14:12
  • Is there any way to create a temporary certificate to be used only during the communication between apps? – Minoru Aug 25 '17 at 14:15
  • If you want to use SSL just create a certificate and added to the server, you can generate free SSL certificates with [letsencrypt](https://letsencrypt.org/) – Antimatéria Aug 25 '17 at 14:18

0 Answers0