I am facing an asmack SSL connection issue on Android 5.0 and above. I think it's related to security.
I resolved it by disabling following before connecting:
config.setSASLAuthenticationEnabled(false);
config.setSecurityMode(SecurityMode.disabled);
But I do want security enabled. How to resolve it without disabling setSecurityMode
?
I looked the changes 5.0 http://developer.android.com/about/versions/android-5.0-changes.html#ssl
But can't find the solution
my logcat is
02-26 17:28:20.596: W/System.err(23043): -- caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
02-26 17:28:20.596: W/System.err(23043): javax.net.ssl.SSLHandshakeException: Handshake failed
02-26 17:28:20.596: W/System.err(23043): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:392)
02-26 17:28:20.601: W/System.err(23043): at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:652)
02-26 17:28:20.601: W/System.err(23043): at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:614)
02-26 17:28:20.601: W/System.err(23043): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x9fca9e00: Failure in SSL library, usually a protocol error
02-26 17:28:20.601: W/System.err(23043): error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error (external/openssl/ssl/s23_clnt.c:765 0xaec30bf9:0x00000000)
02-26 17:28:20.601: W/System.err(23043): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
02-26 17:28:20.601: W/System.err(23043): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:320)
The problem was
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.ICE_CREAM_SANDWICH) {
config.setTruststoreType("AndroidCAStore");
config.setTruststorePassword(null);
config.setTruststorePath(null);
} else {
config.setTruststoreType("BKS");
String path = System.getProperty("javax.net.ssl.trustStore");
if (path == null)
path = System.getProperty("java.home") + File.separator
+ "etc" + File.separator + "security"
+ File.separator + "cacerts.bks";
config.setTruststorePath(path);
}
With this I was using self signed ssl certificate. It should be resolved by adding ssl certificate on openfire and using it in the app
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With