2

I know there are many similar question about ssl certificate in stackoverflow. I looked all these question but I did not fix issue. I'm trying to https connection using ssl certificate. I'm following android documentation https://developer.android.com/training/articles/security-ssl.html. This is my code : 

        ProviderInstaller.installIfNeeded(this)
        val cf = CertificateFactory.getInstance("X.509")
        val caInput = resources.openRawResource(R.raw.cert)
        val ca: Certificate
        try {
            ca = cf.generateCertificate(caInput)
        } finally {
            caInput.close()
        }
        val keyStoreType = KeyStore.getDefaultType()
        val keyStore = KeyStore.getInstance(keyStoreType)
        keyStore.load(null, null)
        keyStore.setCertificateEntry("ca", ca)

        val tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm()
        val tmf = TrustManagerFactory.getInstance(tmfAlgorithm)
        tmf.init(keyStore)

        val kmf = KeyManagerFactory.getInstance("X509")
        kmf.init(keyStore, pass.toCharArray())
        val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager {
            override fun getAcceptedIssuers(): Array<X509Certificate> {
                return arrayOf<X509Certificate>();
            }
            override fun checkClientTrusted(p0: Array<out X509Certificate>?, p1: String?) {
            }
            override fun checkServerTrusted(p0: Array<out X509Certificate>?, p1: String?) {
            }
        })
        val context = SSLContext.getInstance("TLSv1")
        context.init(kmf.keyManagers, trustAllCerts, java.security.SecureRandom())
        val socketFactory = context.socketFactory
        HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory)
        doAsync {
            val url = URL(sourceUrl)
            val urlConnection = url.openConnection() as HttpsURLConnection
            val `in` = urlConnection.inputStream
        }

I'm getting SSLProtocolException : 

javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted:

ssl=0x5266a740: Failure in SSL library, usually a protocol error W: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x52587f10:0x00000000) W: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:448) W: at com.android.okhttp.Connection.upgradeToTls(Connection.java:146) W: at com.android.okhttp.Connection.connect(Connection.java:107) W: at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294) W: at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255) W: at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206) W: at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345) W: at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:296) W: at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:179) W: at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:246) W: at com.triomobil.triotys.pinning.PinningActivity$onCreate$1.invoke(PinningActivity.kt:142) W: at com.triomobil.triotys.pinning.PinningActivity$onCreate$1.invoke(PinningActivity.kt:33) W: at org.jetbrains.anko.AsyncKt$doAsync$1.invoke(Async.kt:140) W: at org.jetbrains.anko.AsyncKt$doAsync$1.invoke(Async.kt) W: at org.jetbrains.anko.AsyncKt$sam$Callable$761a5578.call(Async.kt) W: at java.util.concurrent.FutureTask.run(FutureTask.java:237) W: at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:152) W: at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:265) W: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) W: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) W: at java.lang.Thread.run(Thread.java:841) W: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x5266a740: Failure in SSL library, usually a protocol error W: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x52587f10:0x00000000) W: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) W: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:406) W: ... 20 more

I'm looking all similar question stackoverflow . I tried everything but it did not work.

yusufonderd
  • 3,237
  • 4
  • 21
  • 34
  • 1
    *"...unsupported protocol... "* - this means that the server does not support the SSL/TLS protocol you are using ("TLSv1"). This has nothing to do with certificates. Please check what protocols your server supports and make sure they match what you expect. – Steffen Ullrich Dec 18 '17 at 09:03
  • My server does support TLSv1.1. – yusufonderd Dec 18 '17 at 12:22
  • A packet capture (tcpdump, wireshark ... - upload to cloudshark.org) might be useful to further debug the problem. With a packet capture one could see the details of the handshake and maybe find out why it fails. – Steffen Ullrich Dec 18 '17 at 13:49
  • I encountered this on API 16 emulator. See also https://stackoverflow.com/questions/29916962/javax-net-ssl-sslhandshakeexception-javax-net-ssl-sslprotocolexception-ssl-han. – CoolMind Dec 12 '19 at 13:28

0 Answers0