Closed europrimus closed 2 years ago
europrimus
commented
2 years ago A bad idea could be to allow bad cert
SSLSession session = sslSocket.getSession();
if (!session.isValid() && !allowBadCert) {
if (Logger.DEBUG) { Log.d(TAG, "[Handshake failure]"); }
throw new SSLHandshakeException("Handshake failure");
}A better way is to add the new ISRG Root X1 to the trusted cert like in that stackoverflow question
bfabiszewski
commented
2 years ago I don't want to add any trusted certificates to the application. It should be done at the OS level. In the times before Let's Encrypt I used self signed certificates and I installed my own CA certificate on the Android devices. You may try to go this way. Should be still possible. Here I found some info how to do it on Android 5.
europrimus
commented
2 years ago Thanks for your reply. I added the cert to my phone by following support.google.com instruction. By this way the cert is available for all my app.
Hello, I explain my situation. My ulogger server use ssl with Let's Encrypt I have an old phone (android 5.1.1) and the new Let's Encrypt root cert is not present in my device.
The DST Root CA X3 Expiration (September 2021) caused "Handshake failure" for me.
In android app, I changed the url of my server from https to http to continue to use synchronization.