Force SSLContext to TLSv1.2 or TLSv1.1 #298
Description
Hi,
I am currently having an issue on Android version 4.4 forcing the Socket to connect to my server using TLS. Our server is currently rejecting all connection using SSLv3, which is the default on Android 4.4. I have already set the app to default to use TLS on other HTTPS connections. Unfortunately, this change isn't working when I am using the Socket.
Here is some code to show how I am setting up the socket.
HostnameVerifier verifier = new RelaxedHostNameVerifier();
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, null, null);
IO.setDefaultSSLContext(sslContext);
IO.setDefaultHostnameVerifier(verifier);
HttpsURLConnection.setDefaultHostnameVerifier(verifier);
HttpsURLConnection.setDefaultSSLSocketFactory(new TLSSocketFactory());
IO.Options options = new IO.Options();
options.hostnameVerifier = verifier;
options.sslContext = sslContext;
options.secure = true;The RelaxedHostNameVerifier is a verifier that merely returns true for every host name.
The TLSSocketFactory will set the enabled protocols to TLSv1.1, and TLSv1.2 whenever a socket is created.
Here is the stack trace when I attempt to connect to the server.
W: io.socket.engineio.client.EngineIOException: xhr poll error
W: at io.socket.engineio.client.Transport.onError(Transport.java:64)
W: at io.socket.engineio.client.transports.PollingXHR.access$100(PollingXHR.java:21)
W: at io.socket.engineio.client.transports.PollingXHR$6$1.run(PollingXHR.java:125)
W: at io.socket.thread.EventThread$2.run(EventThread.java:75)
W: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
W: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
W: at java.lang.Thread.run(Thread.java:841)
W: Caused by: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8a84e00: Failure in SSL library, usually a protocol error
W: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0xa8e6d926:0x00000000)
W: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:449)
W: at com.android.okhttp.Connection.upgradeToTls(Connection.java:146)
W: at com.android.okhttp.Connection.connect(Connection.java:107)
W: at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294)
W: at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255)
W: at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206)
W: at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345)
W: at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:296)
W: at com.android.okhttp.internal.http.HttpURLConnectionImpl.getHeaderFields(HttpURLConnectionImpl.java:160)
W: at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getHeaderFields(HttpsURLConnectionImpl.java:214)
W: at io.socket.engineio.client.transports.PollingXHR$Request$1.run(PollingXHR.java:209)
W: ... 1 more
W: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8a84e00: Failure in SSL library, usually a protocol error
W: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0xa8e6d926:0x00000000)
W: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
W: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:406)
W: ... 11 more
As you can see there is first an xhr poll error, and then an SSL handshake error, it appears that it is attempting to upgrade to TLS though. If anybody could give me some advice on why TLSv1.2 might not be working that would be greatly appreciated.
Thanks in advance.