SSLHandshakeException: SSL handshake aborted: ssl=0xbe6af938: I/O error during system call, Connection reset by peer

Question

The following error occurs: javax.net.ssl.SSLHandshakeException: SSL handshake aborted: ssl=0xbe6af938: I/O error during system call, Connection reset by peer

Retrofit class:

public class RetrofitClientInstance {

    private static Retrofit retrofit;
    

    public static Retrofit getRetrofitInstance() {
        
        if (retrofit == null) {
            Gson gson = new GsonBuilder().setLenient().create();

            retrofit = new retrofit2.Retrofit.Builder()
                    .client(HelperOkHttpClient.getOkHttpClient())
                    .addCallAdapterFactory(RxJava2CallAdapterFactory.create())
                    .baseUrl(BASE_URL)
                    .addConverterFactory(GsonConverterFactory.create(gson))
                    .build();
        }
        return retrofit;
    }
}

The error / exception appears in this method:

private void makeRequestToSecondAuthStep(ArrayList<String> creds) {

        AuthCheckHTTP defectSpecific = RetrofitClientInstance.getRetrofitInstance().create(AuthCheckHTTP.class);
        Observable<ResponseSingleRequestAuth<Object>> observableDefectsRelated = defectSpecific.getAuthCheck();
        observableDefectsRelated
                .subscribeOn(Schedulers.io())
                .observeOn(AndroidSchedulers.mainThread())
                .doOnNext(specficDefects -> {
                    Log.w("ASYNCLI", "In defectspecif");
                    if (HelperIsNull.isNull(creds.get(3))) {
                        creds.set(3, creds.get(5));
                    }
                    DataBaseHelper.deleteAllData();
                    PublisherNotificationSync.getInstance().setLastSyncDate(INITIAL_DATE);
                    writeCredentialsToLocalDb();

                    actMain.runOnUiThread(new Runnable() {
                                              @Override
                                              public void run() {
                                                  presenterAuthAct.downloadData();
                                              }
                                          }
                    );
                })
                .doOnError(
                        throwable -> {
                            HelperToastMaker.createMessage(App.getAppContext(), "У вашего пользователя нет прав на пользования мобильным приложением");
                            ((Button) mainAct.findViewById(R.id.button)).setEnabled(true);
                            AppProperties.setpIdentificator("");
                        }
                ).doOnComplete(() -> {
            Log.w("Event", "Fired i guess");
        }).subscribe(new Observer<ResponseSingleRequestAuth<Object>>() {
            @Override
            public void onSubscribe(Disposable d) {

            }

            @Override
            public void onNext(ResponseSingleRequestAuth<Object> objectResponseSingleRequestAuth) {

            }

            @Override
            public void onError(Throwable e) {
              // do nothing
            }

            @Override
            public void onComplete() {

            }
        });

    }
}

Maybe somehow you can add standards (SSL) to this Retrofit class, could anyone have encountered this or a similar problem before?

What could be the problem? A few months ago - everything worked, the project was not touched (archived) Thank you in advance

UPD: nothing to do with the certificate, this is SAP, they update themselves

This is not app related issue....Check server certificates and expire date.... — crack_head, Sep 14 '20 at 17:55
Check your server ssl error using this link https://www.ssllabs.com — crack_head, Sep 14 '20 at 17:55

TheFunk · Accepted Answer · 2020-09-14T19:16:02.990

2

I'm not sure there's enough info here for me to accurately diagnose your problem but the error indicates an SSL handshake error, which would normally, to me, indicate the problem isn't in the code, but in the certs/acceptable encryption algorithms for the communication channel.

Retrofit is a REST framework, so I'm assuming you wrote an API on top of it and retrofit handles your HTTP sessions and SSL stuff. You said the solution suddenly stopped working. Is your retrofit dependency up to date? Maybe bring your dependencies up to date, repackage your application and see if that works?

Retrofit/OkHTTP examples with TLS Context

edited Sep 14 '20 at 19:16

answered Sep 14 '20 at 17:55

TheFunk

981
11
39

1

retrofit has been updated to the latest version, so hardly a dependency issue – Сергей Беляков Sep 14 '20 at 18:24
what about your server certificate? You said several months have passed, is the certificate still valid? If it is expired, you'll need to issue a new one. – TheFunk Sep 14 '20 at 18:35
1

I spoke with a backing specialist, he said "there is nothing to update there", since this is SAP and they do everything themselves – Сергей Беляков Sep 14 '20 at 18:54
It sounds like you are acting as the client and not the server. Can you post the portion of your code where you create your SSLContext object? – TheFunk Sep 14 '20 at 18:58
no, since there is no such class in the application at all ( – Сергей Беляков Sep 14 '20 at 19:03
1

I kind of created a TSLFactory class, where SSLContext context = SSLContext.getInstance ("TLS") is written; But I don't quite understand how and where to connect it from retrofit? – Сергей Беляков Sep 14 '20 at 19:05
What happens if you change "TLS" on that line to "TLSv1.2"? – TheFunk Sep 14 '20 at 19:10
You should use TLSv1.2 in that factory but you're also wondering how to implement the factory. I'll post a link with some examples in my answer. – TheFunk Sep 14 '20 at 19:15
I have considered such an option as you suggested, The problem is that I didn't know how to connect it to my class ) – Сергей Беляков Sep 15 '20 at 06:03

SSLHandshakeException: SSL handshake aborted: ssl=0xbe6af938: I/O error during system call, Connection reset by peer

1 Answers1