https://community.letsencrypt.org/t/android-7-0-cant-establish-ssl-connection/152050
Android 7.0 can't establish ssl connection
My domain is: starline.ru I ran this command: android 7.0 can't connect It produced this output: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x76a8eb8a00: Failure in SSL library, usually a protocol error error:10000410:SSL
community.letsencrypt.org
My domain is: starline.ru 4
I ran this command: android 7.0 can't connect
It produced this output:
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x76a8eb8a00: Failure in SSL library, usually a protocol error error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0x76a8e2b0a0:0x00000001) error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:800 0x76d2e2c253:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
SSLV3 - wrapper string, actualy sslv3 not use
My web server is (include version):
nginx version: nginx/1.14.1
built with OpenSSL 1.1.0f 25 May 2017 (running with OpenSSL 1.1.0l 10 Sep 2019)
TLS SNI support enabled
The operating system my web server runs on is (include version): Debian GNU/Linux 9.13 (stretch)
Previously, the RSA private key was generated. And everything worked.
Now a private key has been generated as EC and application (with okhttp3 https://square.github.io/okhttp 12 or direct use ssl) on Android 7.0 - cannot connect (application using android webclient backend is working).
Once again I regenerated the certificate with the RSA, since ApplePay also had problems.
You're almost certainly running into this issue:
W…
The only way to fix this is by NOT using an EC certificate. Right now you can work around by switching to P-256, but as the future E1 intermediate is P-384, that's not a long term solution.
요약
Android Side 에서 SSL Connection Handshake 가 날 때에 인증에 EC 인증서를 사용하면 안된다는 이야기이다. 즉, 안드로이 측면에서 고치려면 RSA 를 강제하고 인증서를 넘기면 된다.
'ANDROID' 카테고리의 다른 글
| When to use guard let rather than if let (0) | 2024.03.11 |
|---|---|
| Trusty TEE (0) | 2024.03.11 |
| [Admob] Google Admob 조지기 직전 (197/3.6.27 release) (0) | 2023.12.20 |
| [Trouble Shooting] AccessToken 의 특이점 발견 (31) | 2023.08.08 |
| [Android] Classpath 문제 해결하기 (0) | 2023.06.26 |