javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa6b56a00: Failure in SSL library, usually a protocol error

Question

I'm running local server (an embedded https server inside an android app), which is using the .bks (self signed certificate type). When an android app is trying to connect using ssl, it give the following error. Here you can also see that the server logs which prints the enabled Cipher Suites as well as enabled protocols. When I tried to execute the same testcase using java, everything works perfectly. Only, the problem is coming in android. Any help will be appreciated. Android Version 7.0 Min SDK: 22

I've already googled a lot with the following URL's but none of them helped me.

https://github.com/nelenkov/custom-cert-https/issues/1
https://stackoverflow.com/questions/11117486/wrong-version-of-keystore-on-android-call
http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html
https://stackoverflow.com/questions/11963852/wrong-version-of-key-store-error-how-can-i-create-a-version-1-keystore-certif/16050758
https://stackoverflow.com/questions/39275309/ssl-handshake-excetion-failure-in-ssl-library-usually-a-protocol-error
https://github.com/k9mail/k-9/issues/2146
http://callistaenterprise.se/blogg/teknik/2011/11/24/android-tlsssl-mutual-authentication/
https://developer.android.com/reference/java/security/KeyStore.html
https://developer.android.com/training/articles/security-ssl.html#nogotofail
https://developer.android.com/reference/javax/net/ssl/SSLSocket.html
https://www.synyx.de/blog/android-and-self-signed-ssl-certificates/
https://github.com/johnjohndoe/CampFahrplan/pull/1
https://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/
https://github.com/johnjohndoe/CampFahrplan/pull/1/files/06d3a93ca91bfe070fdd88fe8bf7b66b6ef6b5ba#diff-838fbd8111b382e1820f9f90e38407a1
https://stackoverflow.com/questions/7416096/android-webview-not-loading-an-https-url
https://stackoverflow.com/questions/29916962/javax-net-ssl-sslhandshakeexception-javax-net-ssl-sslprotocolexception-ssl-han

=======================================================

I/System.out: [Mon Mar 26 12:05:14 PDT 2018] TJWS httpd :: - ServerSocket[addr=::/::,localport=9161] is listening.
I/TJWSService: [2018-03-26 12:05:15.4 PDT]  INFO [TJWSService(639)] - Serve running:true
I/TJWSService: [2018-03-26 12:05:15.4 PDT]  INFO [TJWSService(639)] - TJWSServer has started!!!
D/SplashActivity: [2018-03-26 12:05:15.4 PDT] DEBUG [SplashActivity(655)] - com.rslakra.android.framework.events.AndroidEvent@58dc649
I/System.out: (HTTPLog)-Static: isSBSettingEnabled false
I/System.out: (HTTPLog)-Static: isSBSettingEnabled false
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledCipherSuites:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
I/System.out: TLS_ECDHE_RSA_WITH_RC4_128_SHA
I/System.out: TLS_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_128_CBC_SHA
I/System.out: SSL_RSA_WITH_RC4_128_SHA
I/System.out: TLS_PSK_WITH_RC4_128_SHA
I/System.out: SSL_RSA_WITH_RC4_128_MD5
I/System.out: SSL_RSA_WITH_3DES_EDE_CBC_SHA
I/System.out: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
I/System.out: TLS_FALLBACK_SCSV
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledProtocols:TLSv1
I/System.out: TLSv1.1
I/System.out: TLSv1.2
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] 
I/System.out: javax.net.ssl.SSLHandshakeException: Handshake failed
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:444)
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:713)
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:675)
I/System.out:     at Acme.Serve.Serve$ServeConnection.<init>(Serve.java:2209)
I/System.out:     at Acme.Serve.Serve.serve(Serve.java:991)
I/System.out:     at com.rslakra.android.server.TJWSService$3.run(TJWSService.java:484)
I/System.out: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa6b56a00: Failure in SSL library, usually a protocol error
I/System.out: error:100000b8:SSL routines:OPENSSL_internal:NO_SHARED_CIPHER (external/boringssl/src/ssl/s3_srvr.c:1059 0x7fa503e253:0x00000000)
I/System.out:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
I/System.out:   ... 5 more
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledCipherSuites:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
I/System.out: TLS_ECDHE_RSA_WITH_RC4_128_SHA
I/System.out: TLS_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_128_CBC_SHA
I/System.out: SSL_RSA_WITH_RC4_128_SHA
I/System.out: TLS_PSK_WITH_RC4_128_SHA
I/System.out: SSL_RSA_WITH_RC4_128_MD5
I/System.out: SSL_RSA_WITH_3DES_EDE_CBC_SHA
I/System.out: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
I/System.out: TLS_FALLBACK_SCSV
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledProtocols:TLSv1
I/System.out: TLSv1.1
I/System.out: TLSv1.2
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] 
I/System.out: javax.net.ssl.SSLHandshakeException: Handshake failed
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:444)
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:713)
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:675)
I/System.out:     at Acme.Serve.Serve$ServeConnection.<init>(Serve.java:2209)
I/System.out:     at Acme.Serve.Serve.serve(Serve.java:991)
I/System.out:     at com.rslakra.android.server.TJWSService$3.run(TJWSService.java:484)
I/System.out: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa6b56a00: Failure in SSL library, usually a protocol error
I/System.out: error:1000009d:SSL routines:OPENSSL_internal:INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/ssl_lib.c:1475 0x7fa503e253:0x00000000)
I/System.out:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
I/System.out:   ... 5 more
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledCipherSuites:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
I/System.out: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
I/System.out: TLS_ECDHE_RSA_WITH_RC4_128_SHA
I/System.out: TLS_RSA_WITH_AES_256_GCM_SHA384
I/System.out: TLS_RSA_WITH_AES_128_GCM_SHA256
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_256_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_256_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA
I/System.out: TLS_RSA_WITH_AES_128_CBC_SHA256
I/System.out: TLS_PSK_WITH_AES_128_CBC_SHA
I/System.out: SSL_RSA_WITH_RC4_128_SHA
I/System.out: TLS_PSK_WITH_RC4_128_SHA
I/System.out: SSL_RSA_WITH_RC4_128_MD5
I/System.out: SSL_RSA_WITH_3DES_EDE_CBC_SHA
I/System.out: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
I/System.out: TLS_FALLBACK_SCSV
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] enabledProtocols:TLSv1
I/System.out: TLSv1.1
I/System.out: TLSv1.2
I/System.out: [Mon Mar 26 12:05:15 PDT 2018] 
I/System.out: javax.net.ssl.SSLHandshakeException: Handshake failed
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:444)
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:713)
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:675)
I/System.out:     at Acme.Serve.Serve$ServeConnection.<init>(Serve.java:2209)
I/System.out:     at Acme.Serve.Serve.serve(Serve.java:991)
I/System.out:     at com.rslakra.android.server.TJWSService$3.run(TJWSService.java:484)
I/System.out: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa6b56a00: Failure in SSL library, usually a protocol error
I/System.out: error:1000009d:SSL routines:OPENSSL_internal:INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/ssl_lib.c:1475 0x7fa503e253:0x00000000)
I/System.out:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
I/System.out:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
I/System.out:   ... 5 more
E/TestConnection: [2018-03-26 12:05:15.5 PDT] ERROR [TestConnection(704)] - Handshake failed

                  javax.net.ssl.SSLHandshakeException: Handshake failed
                      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:444)
                      at com.android.okhttp.Connection.connectTls(Connection.java:1510)
                      at com.android.okhttp.Connection.connectSocket(Connection.java:1458)
                      at com.android.okhttp.Connection.connect(Connection.java:1413)
                      at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:1700)
                      at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:133)
                      at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:466)
                      at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:371)
                      at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:503)
                      at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:438)
                      at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:247)
                      at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210)
                      at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java)
                      at com.rslakra.android.tjwsasapp.TestConnection.testSSLConnection(TestConnection.java:198)
                      at com.rslakra.android.tjwsasapp.SplashActivity.startMainActivity(SplashActivity.java:109)
                      at com.rslakra.android.tjwsasapp.SplashActivity.onEvent(SplashActivity.java:77)
                      at com.rslakra.android.framework.events.EventManager$EventHandler.handleMessage(EventManager.java:363)
                      at android.os.Handler.dispatchMessage(Handler.java:102)
                      at android.os.Looper.loop(Looper.java:154)
                      at android.os.HandlerThread.run(HandlerThread.java:61)
                    Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
                        ... 20 more
                        Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
                            ... 20 more
                        Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7fa0949e00: Failure in SSL library, usually a protocol error
                  error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0x7f91215060:0x00000001)
                  error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:800 0x7fa503e253:0x00000000)
                      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
                      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
                                ... 19 more
                   Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7fa0949e00: Failure in SSL library, usually a protocol error
                  error:1000043e:SSL routines:OPENSSL_internal:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:641 0x7f91215060:0x00000001)
                      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
                      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
                            ... 19 more
                   Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7fa0949e00: Failure in SSL library, usually a protocol error
                  error:1000043e:SSL routines:OPENSSL_internal:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:641 0x7f91215060:0x00000001)
                      at com.android.org.conscrypt.NativeCrypto.SSL_do_hands`enter code here`hake(Native Method)
                      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
                        ... 19 more

What Android version do you use for running your app? Please edit your question and the Java code you use for opening the connection (`HttpsURLConnection`?) — Robert, Mar 27 '18 at 18:09
Android Min SDK: 22, Compiled Version: 23. The local server is also running inside the android app as embedded tiny java web server. The HttpsUrlConnection is inside the testcase running inside the android app. — Rohtash Lakra, Mar 28 '18 at 21:01

score 0 · Answer 1 · answered Apr 11 '18 at 19:05

0

After lots of research, I found that this problem was coming due to invalid .bks file. I tried to use the keytool as well as openssl to generate the .bks file but none of them worked for me. Finally, I used the "portecle-1.11" and it worked for me.

answered Apr 11 '18 at 19:05

Rohtash Lakra

171
8

javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7fa6b56a00: Failure in SSL library, usually a protocol error

1 Answers1