SSLHandshakeException

[fahimk]

I'm seeing the same issue as #1582 when connecting to https://jet.com. All devices are accessing the internet through the same wifi connection.

05-11 16:31:12.465    5977-6080/com.jet.jet.staging D/Retrofit﹕ javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8f9d4a8: Failure in SSL library, usually a protocol error
    error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x9dd58d4d:0x00000000)
            at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:436)
            at com.squareup.okhttp.Connection.upgradeToTls(Connection.java:242)
            at com.squareup.okhttp.Connection.connect(Connection.java:159)
            at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:175)
            at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:120)
            at com.squareup.okhttp.internal.http.HttpEngine.nextConnection(HttpEngine.java:330)
            at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:319)
            at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:241)
            at com.squareup.okhttp.Call.getResponse(Call.java:271)
            at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:228)
            at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:199)
            at com.squareup.okhttp.Call.execute(Call.java:79)
            at retrofit.client.OkClient.execute(OkClient.java:53)
            at retrofit.RestAdapter$RestHandler.invokeRequest(RestAdapter.java:326)
            at retrofit.RestAdapter$RestHandler.access$100(RestAdapter.java:220)
            at retrofit.RestAdapter$RestHandler$1.invoke(RestAdapter.java:265)
            at retrofit.RxSupport$2.run(RxSupport.java:55)
            at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:442)
            at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
            at java.util.concurrent.FutureTask.run(FutureTask.java:137)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
            at retrofit.Platform$Android$2$1.run(Platform.java:142)
            at java.lang.Thread.run(Thread.java:856)
     Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8f9d4a8: Failure in SSL library, usually a protocol error
    error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x9dd58d4d:0x00000000)
            at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
            at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:395)
            ... 23 more

I saw some of the work arounds in the other issue, and this is what my ConnectionSpec looks like:

        ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
                .tlsVersions(TlsVersion.TLS_1_2)
                .build();
        okHttpClient.setConnectionSpecs(Collections.singletonList(spec));

From my understanding this will ensure that all the overlapped CipherSuites are used. Here are the results I got from testing it on different Android versions:

OkHttp 2.3.0
5.1 - working
5.0 - working
4.4.4 - error
4.3 - error
4.2.2 - error
4.1.1 - error
4.0 - error

OkHttp 2.2.0
5.1 - working
5.0 - working
4.4.4 - working
4.3 - working
4.2.2 - working
4.1.1 - working
4.0 - error

[swankjesse]

You'll also need to manually install additional cipher suites. See here for more details.
https://github.com/square/okhttp/wiki/HTTPS

(Even better: get your HTTPS server to use a more modern cipher suite.)

[IgorGanapolsky]

Is this still an issue with OkHttp 2.5?