SSL handshake terminated

[davidbilly]

Hi Guys, seek some helps on SSL issue :(

SDK Error :

com.parse.ParseRequest$ParseRequestException: i/o failure
Caused by: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x63c74398: Failure in SSL library, usually a protocol error
error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error (external/openssl/ssl/s3_pkt.c:1290 0x6793e4c8:0x00000003)

SDK only work for Android SDK 5.0 and above. below than this version all throw with SSL handshake terminated.

Test case :
Phone : HTC ONE 4.2.2
i tested my own custom Http client to request my server and it's works

1. HttpURLConnection - working

try {
            URL obj = new URL("https://ip_of_server/parse/classes/Apps/oICnAdvAVG");
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            con.setRequestMethod("GET");
            con.setRequestProperty("X-Parse-Application-Id", PARSE_APP_ID);

            int responseCode = con.getResponseCode();
            System.out.println("\nSending 'GET' request to URL : " + PARSE_URL);
            System.out.println("Response Code : " + responseCode);

            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
            String inputLine;
            StringBuffer response = new StringBuffer();

            while ((inputLine = in.readLine()) != null) {
                response.append(inputLine);
            }
            in.close();

            //print result
            System.out.println(response.toString());
        } catch (Exception e) {
            e.printStackTrace();
        }


output : {"ACL":{"*":{"read":true}},"objectId":"oICnAdvAVG","name":" abc ","updatedAt":"2016-05-04T14:58:55.346Z","createdAt":"2016-05-04T14:58:45.478Z","age":"20"}

2. DefaultHttpClient - failed

try {
            String url = "https://ip_of_server/parse/classes/Apps/oICnAdvAVG";

            HttpClient client = new DefaultHttpClient();
            HttpGet request = new HttpGet(url);

            // add request header
            request.addHeader("X-Parse-Application-Id", PARSE_APP_ID);
            HttpResponse response = client.execute(request);
            BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));

            StringBuffer result = new StringBuffer();
            String line = "";
            while ((line = rd.readLine()) != null) {
                result.append(line);
            }
            System.out.println(result.toString());
        } catch (Exception e) {
            e.printStackTrace();
        }

output :  javax.net.ssl.SSLProtocolException: SSL handshake terminated
error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error (external/openssl/ssl/s3_pkt.c:1290 0x6db7a600:0x00000003)
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate

3. OKHttp - v 2.7.5

OkHttpClient client = new OkHttpClient();
    String doGetRequest(String url) throws IOException {
        Request request = new Request.Builder()
                .header("X-Parse-Application-Id", PARSE_APP_ID)
                .url(url)
                .build();

        Response response = client.newCall(request).execute();
        return response.body().string();
    }

System.out.println(doGetRequest(url));

output : testSSL3{"ACL":{"*":{"read":true}},"objectId":"oICnAdvAVG","name":"abc","updatedAt":"2016-05-04T14:58:55.346Z","createdAt":"2016-05-04T14:58:45.478Z","age":"20"}

And also, i saw the SDK using Apache http clint if less than KITKAT. may i know any reason cant using HttpURLConnection?

public static ParseHttpClient createClient(int socketOperationTimeout,
      SSLSessionCache sslSessionCache) {
    String httpClientLibraryName;
    ParseHttpClient httpClient;
    if (hasOkHttpOnClasspath()) {
      httpClientLibraryName = OKHTTP_NAME;
      httpClient =  new ParseOkHttpClient(socketOperationTimeout, sslSessionCache);
    } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
      httpClientLibraryName = URLCONNECTION_NAME;
      httpClient =  new ParseURLConnectionHttpClient(socketOperationTimeout, sslSessionCache);
    } else {
      httpClientLibraryName = APACHE_HTTPCLIENT_NAME;
      httpClient =  new ParseApacheHttpClient(socketOperationTimeout, sslSessionCache);
    }
    PLog.i(TAG, "Using " + httpClientLibraryName + " library for networking communication.");
    return httpClient;
  }

Please help me guys :( Thanks!

PS : i clone repo and remove :

    okHttpClient.setSslSocketFactory(SSLCertificateSocketFactory.getDefault(
        socketOperationTimeout, sslSessionCache));

from ParseOkHttpClient and works :@

and i cant use repo codes due to my project need target sdk 23

[danielapsmaior]

Hi,
I'm having the same issue.
Could someone help me?

I/ParseLogInterceptor(27817): --------------
I/ParseLogInterceptor(28236): Type : Request
I/ParseLogInterceptor(28236): Request-Id : 0
I/ParseLogInterceptor(28236): Url : https://site.com/parse/functions/cloudFunction
I/ParseLogInterceptor(28236): Method : POST
I/ParseLogInterceptor(28236): Headers : {X-Parse-Application-Id=app_id, X-Parse-App-Display-Version=1.0.3, X-Parse-Installation-Id=xxxx, Content-Length=40, X-Parse-OS-Version=4.4.2, User-Agent=Parse Android SDK 1.13.1 (mypackage/15) API Level 19, Content-Type=application/json, X-Parse-Client-Key=null, X-Parse-Client-Version=a1.13.1, X-Parse-App-Build-Version=15}
I/ParseLogInterceptor(28236): Body : {
I/ParseLogInterceptor(28236):     "platform": "android",
I/ParseLogInterceptor(28236):     "version": "4.4.2"
I/ParseLogInterceptor(28236): }
I/ParseLogInterceptor(28236): --------------
I/ParseLogInterceptor(28236): Type : Error
I/ParseLogInterceptor(28236): Request-Id : 0
I/ParseLogInterceptor(28236): Error : javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x566c2c38: Failure in SSL library, usually a protocol error
I/ParseLogInterceptor(28236): error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error (external/openssl/ssl/s23_clnt.c:744 0x54d7e6fd:0x00000000)

[abhijeet-aressindia]

I am also getting the same exception.
Temporarily i am using HTTP(not recommended).
In my case Parse-Server is hosted on Heroku and signed by COMODO CA

here are the log of android:

com.parse.ParseRequest$ParseRequestException: i/o failure
12-06 16:46:34.476 20772-20772/com.app.myapp W/System.err:     at com.parse.ParseRequest.newTemporaryException(ParseRequest.java:290)
12-06 16:46:34.476 20772-20772/com.app.myapp W/System.err:     at com.parse.ParseRequest$2.then(ParseRequest.java:145)
12-06 16:46:34.476 20772-20772/com.app.myapp  W/System.err:     at com.parse.ParseRequest$2.then(ParseRequest.java:139)
12-06 16:46:34.476 20772-20772/com.app.myapp W/System.err:     at bolts.Task$15.run(Task.java:917)
12-06 16:46:34.476 20772-20772/com.app.myapp  W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
12-06 16:46:34.476 20772-20772/com.app.myapp W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
12-06 16:46:34.476 20772-20772/com.app.myapp W/System.err:     at java.lang.Thread.run(Thread.java:841)
12-06 16:46:34.476 20772-20772/com.app.myapp W/System.err: Caused by: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x63722528: Failure in SSL library, usually a protocol error
12-06 16:46:34.476 20772-20772/com.app.myapp  W/System.err: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error (external/openssl/ssl/s23_clnt.c:744 0x5c96bd74:0x00000000)
12-06 16:46:34.481 20772-20772/com.app.myapp W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:449)
12-06 16:46:34.486 20772-20772/com.app.myapp W/System.err:     at android.net.SSLCertificateSocketFactory.verifyHostname(SSLCertificateSocketFactory.java:232)
12-06 16:46:34.486 20772-20772/com.app.myapp W/System.err:     at android.net.SSLCertificateSocketFactory.createSocket(SSLCertificateSocketFactory.java:481)
12-06 16:46:34.486 20772-20772/com.app.myapp W/System.err:     at com.android.okhttp.Connection.upgradeToTls(Connection.java:131)
12-06 16:46:34.486 20772-20772/com.app.myapp W/System.err:     at com.android.okhttp.Connection.connect(Connection.java:107)
12-06 16:46:34.486 20772-20772/com.app.myapp W/System.err:     at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294)
12-06 16:46:34.486 20772-20772/com.app.myapp W/System.err:     at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255)
12-06 16:46:34.486 20772-20772/com.app.myapp W/System.err:     at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206)
12-06 16:46:34.486 20772-20772/com.app.myapp W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345)
12-06 16:46:34.491 20772-20772/com.app.myapp W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:89)
12-06 16:46:34.491 20772-20772/com.app.myapp W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:197)
12-06 16:46:34.491 20772-20772/com.app.myapp W/System.err:     at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:254)
12-06 16:46:34.491 20772-20772/com.app.myapp W/System.err:     at com.parse.ParseURLConnectionHttpClient.executeInternal(ParseURLConnectionHttpClient.java:51)
12-06 16:46:34.491 20772-20772/com.app.myapp W/System.err:     at com.parse.ParseHttpClient$ParseNetworkInterceptorChain.proceed(ParseHttpClient.java:158)
12-06 16:46:34.491 20772-20772/com.app.myapp W/System.err:     at com.parse.ParsePlugins$1.intercept(ParsePlugins.java:115)
12-06 16:46:34.491 20772-20772/com.app.myapp W/System.err:     at com.parse.ParseHttpClient$ParseNetworkInterceptorChain.proceed(ParseHttpClient.java:147)
12-06 16:46:34.496 20772-20772/com.app.myapp W/System.err:     at com.parse.ParseHttpClient.execute(ParseHttpClient.java:122)
12-06 16:46:34.496 20772-20772/com.app.myapp W/System.err:     at com.parse.ParseRequest$3.then(ParseRequest.java:136)
12-06 16:46:34.496 20772-20772/com.app.myapp W/System.err:     at com.parse.ParseRequest$3.then(ParseRequest.java:133)
12-06 16:46:34.496 20772-20772/com.app.myapp W/System.err:     at bolts.Task$15.run(Task.java:917)
12-06 16:46:34.496 20772-20772/com.app.myapp W/System.err:     at bolts.BoltsExecutors$ImmediateExecutor.execute(BoltsExecutors.java:105)
12-06 16:46:34.501 20772-20772/com.app.myapp W/System.err:     at bolts.Task.completeAfterTask(Task.java:908)
12-06 16:46:34.501 20772-20772/com.app.myapp W/System.err:     at bolts.Task.continueWithTask(Task.java:715)
12-06 16:46:34.501 20772-20772/com.app.myapp W/System.err:     at bolts.Task.continueWithTask(Task.java:726)
12-06 16:46:34.501 20772-20772/com.app.myapp W/System.err:     at bolts.Task$13.then(Task.java:818)
12-06 16:46:34.506 20772-20772/com.app.myapp W/System.err:     at bolts.Task$13.then(Task.java:806)
12-06 16:46:34.506 20772-20772/com.app.myapp W/System.err: 	... 4 more
12-06 16:46:34.506 20772-20772/com.app.myapp W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x63722528: Failure in SSL library, usually a protocol error
12-06 16:46:34.506 20772-20772/com.app.myapp W/System.err: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error (external/openssl/ssl/s23_clnt.c:744 0x5c96bd74:0x00000000)
12-06 16:46:34.511 20772-20772/com.app.myapp W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
12-06 16:46:34.511 20772-20772/com.app.myapp W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:406)
12-06 16:46:34.511 20772-20772/com.app.myapp W/System.err: 	... 29 more
12-06 16:46:34.546 20772-20772/com.app.myapp W/dalvikvm: VFY: unable to find class referenced in signature (Landroid/view/SearchEvent;)

[paatz04]

I'm having the same issue and upgrading to 1.13.1 and 1.4.0 didn't solve the issue. It is working in the simulator and on iOS devices.
Working on Android 6 not working on API 22

[rogerhu]

This is possibly related to an OkHttp and Heroku not accepting TLS v1/v2 on older Android devices.

square/okhttp#2372

[abhijeet-aressindia]

@rogerhu I have add the suggested code in Parse-android-sdk 1.13.3 but no luck still getting the Exception.
Do you have any more details on this to get resolved.

[rogerhu]

This is the same issue as #430 right?

[abhijeet-aressindia]

Yes, this both are same issues.

[rogerhu]

Also you should know that you can force TLS v1.2 for Android 4.0 devices that don't have it enabled by default:

This should be in the first line of your Application (before OkHttp initializes):

  try {
            ProviderInstaller.installIfNeeded(getApplicationContext());
            SSLContext sslContext;
            sslContext = SSLContext.getInstance("TLSv1.2");
            sslContext.init(null, null, null);
            sslContext.createSSLEngine();
        } catch (GooglePlayServicesRepairableException | GooglePlayServicesNotAvailableException
                | NoSuchAlgorithmException | KeyManagementException e) {
            e.printStackTrace();
        }

[Jawnnypoo]

For TLS v1.2, you will need to bump your minimum to 4.1, which is when this version of TLS was added to Android. You then need to create an appropriate OkHttpClient.Builder to pass to Parse following the instructions here

[rogerhu]

You shouldn't need to pass in a special OkHttpBuilder so long as the SSL Engine is initialized before Parse/OkHttp is initialized.

[edson-gaspar]

rogerhu solution worked fo me on LG K10 Android 7.0

[Jawnnypoo]

We now use OkHttp 3 by default and allow customization of the SSL setup if needed.