Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HttpsURLConnection: SSL resumption not working

Tags:

android

https

ssl

I'm trying to set up SSL (with SSL resumption) using HttpsURLConnection with my own trust manager.

I am only able to perform ssl handshakes and connections. No SSL resumption - The previous sessions are never reused!

I searched all over, but no luck. All answers refer to HttpClient (which is not an option).

My setup is as follows:

  • I create an SSL Context which I store for later use.

  • I then create an SSL Factory using this SSL context which I also store for it to be used with all connections.

  • I start a connection where everything goes well: I receive a sessionID, a complete handshake is done and the connection is sent to the server.

  • One minute later, I start another connection. For some weird reason, this connection does not send the sessionID I had earlier. I print the SSLContext's session - The last session is still there and is valid. For some reason this new connection does not use it, thus another session is created and is added to the sessions' cache.

I tried both android version 2.3 and 4.1 as well on 2 different devices.

Following many google results I even tried to add Keep-Alive as some users proposed, as well as other voodoo that led to no different results.

Did anyone run into this? Is there something I'm missing?

What could cause my connections not to use the last session?

Thanks in advance!

like image 994
Branchitos Avatar asked Jan 15 '13 12:01

Branchitos

1 Answers

What you'd like to do is use reflection to override members in class android.net.SSLCertificateSocketFactory, the members are:

  1. HOSTNAME_VERIFIER
  2. mTrustManagers
  3. mKeyManagers

Do it by getting the class:

Class<?> sslClass = Class.forName("android.net.SSLCertificateSocketFactory");
Field classField = sslClass.getDeclaredField("defaultTrustManager");
classField.setAccessible(true);
classField.set(null /*If Feild is static*/, youObjectHere /*Needs casting*/);
classField.set(objectInstance /*If Feild is not static*/, youObjectHere /*Needs casting*/);

and then:

Override these with you own variables. This will allow for SSL resumption for Android API 14 and above (I tested on 14).

BEWARE

You'd need to maintain this code and keep up with any changes Google might do.

Hope it helped! Good luck!

like image 82
Assaf Gamliel Avatar answered Oct 25 '22 15:10

Assaf Gamliel
Sign in to Comment

Related questions

Android workmanager scheduled worker lost after task killed
Get Android activity result in Flutter
How to protect Google Maps API key on Ionic app?
Apache HttpClient Digest authentication
findViewById vs local reference in Activity
android- how can I compile my codes online?
Ascertain Google Streetview function existence
Detect android webview URL location change
Android Bluetooth logging filling up logcat
how to reboot the emulator into recovery mode
try catch exception always returns null
"Failed to register input channel" - what is this caused by and how to fix this?
Is a "Globals" class holding static variables in Android safe?
Android 2.2 MediaPlayer is working fine with one SHOUTcast URL but not with the other one
Develop an Android App to support English and Arabic "layout alignment"
Android: Vertical ListView with overlapped rows
Deleting files via a 'ContentResolver' as opposed to deleting them via 'file.delete()'
Bigger image for first item of the gridview android
Camera API: Cross device issues
Android How to add intervals texts in a seekbar

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!