Android client, connection failure over SSL

Support requests, bug reports, etc. go here. Dedicated servers / VDS hosting only
insertjokehere
Bear Rating Trainee
Bear Rating Trainee
Posts: 2
Joined: 27 May 2013, 02:55

Android client, connection failure over SSL

Postby insertjokehere » 27 Dec 2013, 13:14

Hi,

In a recent spate of paranoia after attending a hacker convention, I disabled the RC4 cipher and SHA1 hashing scheme in Nginx, in favour of AES_128_GCM and ECDHE_RSA. This causes a 'connection failure: I/O error' on the Android client, however Chrome on the same device manages to connect fine (abet with a warning about self signed certs). Stack trace (from logcat) is as follows:

Code: Select all

D/OnlineActivity(31693): license apk found
I/ActivityManager(  414): Displayed org.fox.ttrss/.OnlineActivity: +687ms
W/System.err(31693): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x57bd3410: Failure in SSL library, usually a protocol error
W/System.err(31693): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x5ba40712:0x00000000)
W/System.err(31693):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:440)
W/System.err(31693):    at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209)
W/System.err(31693):    at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478)
W/System.err(31693):    at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:442)
W/System.err(31693):    at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:290)
W/System.err(31693):    at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:240)
W/System.err(31693):    at libcore.net.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:81)
W/System.err(31693):    at libcore.net.http.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:197)
W/System.err(31693):    at libcore.net.http.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:281)
W/System.err(31693):    at org.fox.ttrss.ApiRequest.doInBackground(ApiRequest.java:178)
W/System.err(31693):    at org.fox.ttrss.ApiRequest.doInBackground(ApiRequest.java:1)
W/System.err(31693):    at android.os.AsyncTask$2.call(AsyncTask.java:287)
W/System.err(31693):    at java.util.concurrent.FutureTask.run(FutureTask.java:234)
W/System.err(31693):    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
W/System.err(31693):    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
W/System.err(31693):    at java.lang.Thread.run(Thread.java:841)
W/System.err(31693): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x57bd3410: Failure in SSL library, usually a protocol error
W/System.err(31693): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x5ba40712:0x00000000)
W/System.err(31693):    at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
W/System.err(31693):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:398)
W/System.err(31693):    ... 15 more


Android device is a Samsung Galaxy Nexus, running android 4.3.1, Cyanogenmod 10.2

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Android client, connection failure over SSL

Postby fox » 27 Dec 2013, 15:41

I don't think this forum is a valid venue for medical advice re: your apparent psychological problems. Seek professional help.

User avatar
swa
Bear Rating Trainee
Bear Rating Trainee
Posts: 6
Joined: 27 May 2013, 23:16

Re: Android client, connection failure over SSL

Postby swa » 27 Dec 2013, 15:42

NSA knows everything about you anyway, so stop play the fool and bother the developer with stupid questions.

User avatar
sleeper_service
Bear Rating Overlord
Bear Rating Overlord
Posts: 884
Joined: 30 Mar 2013, 23:50
Location: Dallas, Texas

Re: Android client, connection failure over SSL

Postby sleeper_service » 27 Dec 2013, 18:30

why are you boasting about breaking your webserver in here instead of the nginx forums, why?

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Android client, connection failure over SSL

Postby fox » 03 Jan 2014, 03:11

I don't think fucking around with nginx would help any unless he enables back the ciphers which http library tt-rss uses on android actually understands. Then again, it's either forcing AES or NSA reading his pony porn subscriptions.

User avatar
sleeper_service
Bear Rating Overlord
Bear Rating Overlord
Posts: 884
Joined: 30 Mar 2013, 23:50
Location: Dallas, Texas

Re: Android client, connection failure over SSL

Postby sleeper_service » 03 Jan 2014, 03:50

fox wrote: pony porn subscriptions.
neiiiiiiigh to you!

hrk
Bear Rating Disaster
Bear Rating Disaster
Posts: 75
Joined: 24 Apr 2013, 12:39

Re: Android client, connection failure over SSL

Postby hrk » 03 Jan 2014, 04:07

If Chrome (on your device) works, it has to be using its own libraries insted of the ones provided by Android/CM. The error log you provided shows that the issue is outside the scope of fox's android app, as it's an issue with Apache's Harmony wrapper on OpenSSL.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Android client, connection failure over SSL

Postby fox » 03 Jan 2014, 10:26

android has two http client libraries btw with different functionality

also it now has two mildly incompatible webview implementations

android is a shit OS


Return to “Support”

Who is online

Users browsing this forum: No registered users and 5 guests