0

I have an app using Parse Server powered by Bitnami, I recently switched to https and everything works perfectly except for apps installed on Android 7.0. Trying to run app on this devices throws SSLHandshakeException: Handshake failed. I implemented this solution: https://stackoverflow.com/a/43968086/11014120, but it didn't solved the problem, even worse it stopped working for all Android versions. Also I read this answer: https://stackoverflow.com/a/42047877/11014120 but i didn't find any kind of tutorial on how to "Configure your server to use the elliptic curve prime256v1." Can someone provide a link to such tutorial or describe how is it done? Also with this change already in place does it require any app code level changes?

Here's current code connecting app to Parse Server:

Parse.enableLocalDatastore(this);
Parse.initialize(new Parse.Configuration.Builder(getApplicationContext())
        .applicationId("")
        .clientKey("")
        .server("")
        .build()
);

ParseACL defaultACL = new ParseACL();
defaultACL.setPublicReadAccess(true);
defaultACL.setPublicWriteAccess(true);
ParseACL.setDefaultACL(defaultACL, true);
Simon
  • 1
  • It is not clear at all that your problem has anything to do with a missing prime256v1. A `handshake_error` can have lots of different reasons. – Steffen Ullrich Dec 26 '19 at 05:49
  • Can you think of any other reason for this error occuring only on Android 7.0? – Simon Dec 26 '19 at 12:11
  • *"...error occurring __only__ on Android 7.0"* - How reliably is this statement, i.e. is this really on every Android 7 device or is that only on a single Android 7 device you got hands on? On what other devices you've tried where this error does not happen? – Steffen Ullrich Dec 26 '19 at 12:55
  • I tried on three Android 7 devices, and two devices for each version starting from 5.1(minimum level available for my app) and handshake-exception occured only on 7.0 version. Also as you can read in second source i linked in my question it is known to be Andoid 7.0 version bug. – Simon Dec 26 '19 at 14:10
  • Is this direct access to the parse/nodejs server or is the server behind some reverse proxy (like nginx) which does the TLS termination? – Steffen Ullrich Dec 26 '19 at 15:04
  • It is direct acces to Parse Server running on apache on EC2 instance – Simon Dec 26 '19 at 18:33
  • *"...Parse Server running on apache ..."* - I interpret this as Apache being the reverse proxy, i.e. no direct access to nodejs. In this case try `SSLOpenSSLConfCmd ECDHParameters prime256v1` in the Apache SSL configuration (i.e. where the certificate and key for your server are specified). This should achieve the same as the recommendation for nginx in the answer you've included in your question. – Steffen Ullrich Dec 26 '19 at 19:10

0 Answers0