Skip to content
This repository has been archived by the owner on Aug 8, 2023. It is now read-only.

SSL handshake aborted: Failure in SSL library #9640

Closed
tobrun opened this issue Jul 28, 2017 · 6 comments
Closed

SSL handshake aborted: Failure in SSL library #9640

tobrun opened this issue Jul 28, 2017 · 6 comments
Assignees
@tobrun
Labels
Android Mapbox Maps SDK for Android
Milestone
android-v5.3.2

Comments

@tobrun
Copy link
Member

tobrun commented Jul 28, 2017
edited
Loading

A user reported seeing:

07-18 13:54:54.006 3071-3071/com.mapbox.mapboxsdk.testapp E/mbgl: {pboxsdk.testapp}[Style]: Failed to load tile 0/0/0=>0 for source tileset-id: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7aecb620: Failure in SSL library, usually a protocol error
error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version (external/openssl/ssl/s23_clnt.c:741 0x731e7d5c:0x00000000)

When connecting to an external vector source as shown in our examples here. This issue only seems pre nougat devices. Been researching this a bit, and I think the following could resole it:

I found the solution for it by analyzing the data packets using wireshark. What I found is that while making a secure connection, android was falling back to SSLv3 from TLSv1 . It is a bug in android versions <= 4.4 , and it can be solved by removing the SSLv3 protocol from Enabled Protocols list.

I'm going to take proposed workaround in link above for a spin and see if it resolves the error in first section.
@tobrun tobrun added the Android Mapbox Maps SDK for Android label Jul 28, 2017
@tobrun tobrun self-assigned this Jul 28, 2017
@tobrun
Copy link
Member Author

tobrun commented Jul 28, 2017

Looked into the proposed workaround from OP, doesn't seem to fix the issue. Since we only have heard about one occurrence specific to these vector tiles. Don't think this actionable for us right now.

@tobrun tobrun closed this as completed Jul 28, 2017
@davidpronk
Copy link

For reasons beyond my influence we use our own tile server which only supports TLS 1.2
Therefore Android clients running api 19 and below are unable to load vector tiles. Would it be possible for Mapbox to add the workaround as mentioned at https://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/

@tobrun
Copy link
Member Author

tobrun commented Oct 10, 2017

@davidpronk thank you for the ping on this. Have you tried out the linked code and does it resolve your issue?

@davidpronk
Copy link

davidpronk commented Oct 10, 2017
edited
Loading

@tobrun I ran into this while working on a NativeScript app using the nativescript-mapbox plugin. So I am unable to apply the workaround in our setup.
The reason we use the plugin is to avoid implementing Mapbox ourselves.

@tobrun
Copy link
Member Author

tobrun commented Oct 10, 2017

I'm going to reopen this issue so we can look into the differences between the setup linked in #9640 (comment) versus #9640 (comment).

@tobrun tobrun reopened this Oct 10, 2017
@tobrun tobrun added this to the android-future milestone Oct 10, 2017
@tobrun tobrun removed this from the android-future milestone Dec 8, 2017
@tobrun tobrun mentioned this issue Jan 17, 2018
Merged
@tobrun tobrun added this to the android-v5.3.2 milestone Jan 17, 2018
@tobrun
Copy link
Member Author

tobrun commented Jan 17, 2018

With #10948 we are allowing to change OkHttpClient used, this allows to implement workarounds as mentioned above.

@tobrun tobrun closed this as completed Jan 17, 2018
@shankari shankari mentioned this issue Oct 2, 2019
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@tobrun tobrun

Labels
Android Mapbox Maps SDK for Android
Projects
None yet
Milestone
android-v5.3.2
Development

No branches or pull requests
2 participants
@davidpronk @tobrun