Menu
I'm trying to figure out why sometimes I get this error
javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x60d46c90: Failure in SSL library, usually a protocol error error:1409443E:SSL routines:SSL3_READ_BYTES:tlsv1 alert inappropriate fallback (external/openssl/ssl/s3_pkt.c:1256 0x60d57f40:0x00000003)
the code that makes this request:
private <T> void send(final String url, final Map<String, String> args,
final RequestCallback<T> callback, final Parser<T> pParser,
final Context pContext, final HTTP_METHOD method,
final Map<String, String> headers, final BODY_TYPE bodyType) {
final Request.Builder builder = getBuilder(url);
populateHeaders(builder, headers);
final RequestBody body = getBody(args, bodyType);
if(method==HTTP_METHOD.POST) {
builder.post(body);
} else if(method==HTTP_METHOD.GET) {
builder.get();
} else if(method==HTTP_METHOD.PUT) {
builder.put(body);
} else if(method==HTTP_METHOD.PATCH) {
builder.patch(body);
} else {
throw new RuntimeException("Please specify correct method name!");
}
Request request = builder.build();
debugRequest(request, whoCalledThisMethod());
call = client.newCall(request);
call.enqueue(new StandardRequestCallback(pContext, callback, pParser));
}
I've found that if my app gets this exception, force-closing it, followed by re-launching it, can successfully complete the request... however, a short while later, it fails again with this SSL Exception.
What could be wrong ?
UPDATE
I made a very small test app that uses code from the okHttp recipes page https://github.com/square/okhttp/wiki/Recipes and I've repro'd the SSL Handshake Exception !!
06-27 13:59:08.068 30006-32692/a.b.ssltestapp W/System.err: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x60068d10: Failure in SSL library, usually a protocol error
06-27 13:59:08.068 30006-32692/a.b.ssltestapp W/System.err: error:1409443E:SSL routines:SSL3_READ_BYTES:tlsv1 alert inappropriate fallback (external/openssl/ssl/s3_pkt.c:1256 0x6006e6b0:0x00000003)
06-27 13:59:08.078 30006-32692/a.b.ssltestapp W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:568)
06-27 13:59:08.078 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.internal.io.RealConnection.connectTls(RealConnection.java:188)
06-27 13:59:08.078 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.internal.io.RealConnection.connectSocket(RealConnection.java:145)
06-27 13:59:08.078 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.internal.io.RealConnection.connect(RealConnection.java:108)
06-27 13:59:08.078 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.internal.http.StreamAllocation.findConnection(StreamAllocation.java:188)
06-27 13:59:08.088 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:127)
06-27 13:59:08.088 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
06-27 13:59:08.088 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.internal.http.HttpEngine.connect(HttpEngine.java:289)
06-27 13:59:08.088 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.internal.http.HttpEngine.sendRequest(HttpEngine.java:241)
06-27 13:59:08.088 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.RealCall.getResponse(RealCall.java:240)
06-27 13:59:08.088 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:198)
06-27 13:59:08.088 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:160)
06-27 13:59:08.098 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.RealCall.access$100(RealCall.java:30)
06-27 13:59:08.098 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.RealCall$AsyncCall.execute(RealCall.java:127)
06-27 13:59:08.098 30006-32692/a.b.ssltestapp W/System.err: at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:33)
06-27 13:59:08.098 30006-32692/a.b.ssltestapp W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
06-27 13:59:08.098 30006-32692/a.b.ssltestapp W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
06-27 13:59:08.098 30006-32692/a.b.ssltestapp W/System.err: at java.lang.Thread.run(Thread.java:841)
06-27 13:59:08.098 30006-32692/a.b.ssltestapp W/System.err: Suppressed: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x60068d10: Failure in SSL library, usually a protocol error
06-27 13:59:08.098 30006-32692/a.b.ssltestapp W/System.err: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1256 0x5ff9aa20:0x00000003)
06-27 13:59:08.108 30006-32692/a.b.ssltestapp W/System.err: ... 18 more
06-27 13:59:08.108 30006-32692/a.b.ssltestapp W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x60068d10: Failure in SSL library, usually a protocol error
06-27 13:59:08.108 30006-32692/a.b.ssltestapp W/System.err: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1256 0x5ff9aa20:0x00000003)
06-27 13:59:08.118 30006-32692/a.b.ssltestapp W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
06-27 13:59:08.118 30006-32692/a.b.ssltestapp W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:486)
06-27 13:59:08.118 30006-32692/a.b.ssltestapp W/System.err: ... 17 more
06-27 13:59:08.118 30006-32692/a.b.ssltestapp W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x60068d10: Failure in SSL library, usually a protocol error
06-27 13:59:08.118 30006-32692/a.b.ssltestapp W/System.err: error:1409443E:SSL routines:SSL3_READ_BYTES:tlsv1 alert inappropriate fallback (external/openssl/ssl/s3_pkt.c:1256 0x6006e6b0:0x00000003)
06-27 13:59:08.118 30006-32692/a.b.ssltestapp W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
06-27 13:59:08.118 30006-32692/a.b.ssltestapp W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:486)
06-27 13:59:08.118 30006-32692/a.b.ssltestapp W/System.err: ... 17 more
733
This is not a solution but provides some network debugging in case it relates to the issue mentioned above.
If it is the problem with the network interface mentioned in issue 1940 above then you can workaround that issue by implementing the Dns interface, and also the socketFactory. It could be you get back two DNS records and one works for you and the other doesn't, and it changes after a restart.
https://github.com/yschimke/oksocial/blob/master/src/main/java/com/baulsupp/oksocial/network/DnsSelector.java
https://github.com/yschimke/oksocial/blob/master/src/main/java/com/baulsupp/oksocial/network/InterfaceSocketFactory.java
Try confirming by adding debugging looking at the results of
Dns.SYSTEM.lookup(hostname)
NetworkInterface.getByInetAddress(address)
NetworkInterface.getNetworkInterfaces()
UPDATE
Code within the Callback.OnFailure to debug this problem :
@Override
public void onFailure(final Call call, final IOException e) {
if (call.isCanceled()) {
SLog.w(TAG, "onFailure: Canceled");
return;
}
if(e instanceof SSLException){
try {
Log.d(getClass().getSimpleName(), "Checking DNS hosts ... ");
List<InetAddress> list = Dns.SYSTEM.lookup(call.request().url().host());
Log.d(getClass().getSimpleName(), "Number of Entries: "+list.size());
for (InetAddress address : list) {
Log.d(getClass().getSimpleName(), address.toString());
}
Log.d(getClass().getSimpleName(), "End of Checking DNS hosts");
} catch (UnknownHostException e1) {
e1.printStackTrace();
}
try {
Log.d(getClass().getSimpleName(), "Checking Network Interfaces ... ");
Enumeration<NetworkInterface> interfaces = NetworkInterface.getNetworkInterfaces();
ArrayList<NetworkInterface> list = Collections.list(interfaces);
Log.d(getClass().getSimpleName(), "Number of Entries: "+list.size());
for(NetworkInterface netintface : list) {
Log.d(getClass().getSimpleName(), netintface.toString());
List<InterfaceAddress> listaddresses = netintface.getInterfaceAddresses();
Log.d(getClass().getSimpleName(), " Number of Interface Addresses: "+listaddresses.size());
for (InterfaceAddress infcaddress : listaddresses) {
Log.d(getClass().getSimpleName(), " > InterfaceAddress : "+infcaddress.toString());
}
}
Log.d(getClass().getSimpleName(), "End of Checking Network Interfaces");
} catch (SocketException e1) {
e1.printStackTrace();
}
}
}
DEBUG OUTPUT from code above
06-21 11:43:19.495 12890-12890/com.app.stg D/[StandardRequest]: ->
------------- Request -------------
********** METHOD sendRequest() **********
GET
-----------------------------------
06-21 11:43:24.330 12890-21401/com.app.stg D/StandardRequestCallback: Checking DNS hosts ...
06-21 11:43:24.450 12890-21401/com.app.stg D/StandardRequestCallback: Number of Entries: 8
06-21 11:43:24.450 12890-21401/com.app.stg D/StandardRequestCallback: arc.stg.issa.sainsburys.co.uk/52.85.69.145
06-21 11:43:24.450 12890-21401/com.app.stg D/StandardRequestCallback: arc.stg.issa.sainsburys.co.uk/52.85.69.20
06-21 11:43:24.450 12890-21401/com.app.stg D/StandardRequestCallback: arc.stg.issa.sainsburys.co.uk/52.85.69.185
06-21 11:43:24.450 12890-21401/com.app.stg D/StandardRequestCallback: arc.stg.issa.sainsburys.co.uk/52.85.69.84
06-21 11:43:24.450 12890-21401/com.app.stg D/StandardRequestCallback: arc.stg.issa.sainsburys.co.uk/52.85.69.249
06-21 11:43:24.450 12890-21401/com.app.stg D/StandardRequestCallback: arc.stg.issa.sainsburys.co.uk/52.85.69.52
06-21 11:43:24.450 12890-21401/com.app.stg D/StandardRequestCallback: arc.stg.issa.sainsburys.co.uk/52.85.69.159
06-21 11:43:24.450 12890-21401/com.app.stg D/StandardRequestCallback: arc.stg.issa.sainsburys.co.uk/52.85.69.246
06-21 11:43:24.460 12890-21401/com.app.stg D/StandardRequestCallback: End of Checking DNS hosts
06-21 11:43:24.460 12890-21401/com.app.stg D/StandardRequestCallback: Checking Network Interfaces ...
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: Number of Entries: 4
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: [lo][1][/::1%1%1][/127.0.0.1]
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: Number of Interface Addresses: 2
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: > InterfaceAddress : /::1%1%1/128 [null]
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: > InterfaceAddress : /127.0.0.1/8 [null]
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: [sit0][2]
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: Number of Interface Addresses: 0
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: [wlan0][4][/fe80::4283:deff:fe94:b0ff%wlan0%4][/172.24.90.253]
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: Number of Interface Addresses: 2
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: > InterfaceAddress : /fe80::4283:deff:fe94:b0ff%wlan0%4/64 [null]
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: > InterfaceAddress : /172.24.90.253/19 [/172.24.95.255]
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: [ip6tnl0][3]
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: Number of Interface Addresses: 0
06-21 11:43:24.480 12890-21401/com.app.stg D/StandardRequestCallback: End of Checking Network Interfaces
06-21 11:43:24.480 12890-12890/com.app.stg D/JS-[LauncherActivity]: ErrorReport{type='SSLHandshakeException'}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
