Closed eldk closed 7 years ago
Hello,
I have switched to OkHttp3, same result. (Simple sync url call on https url)
javax.net.ssl.SSLHandshakeException: org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate signature.
Thanks,
Eric
Trying to force TLS1_2 (still with OkHttp - https://github.com/square/okhttp/wiki/HTTPS), I have this error :
java.net.UnknownServiceException: Unable to find acceptable protocols. isFallback=false, modes=[ConnectionSpec(cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256], tlsVersions=[TLS_1_2], supportsTlsExtensions=true)], supported protocols=[SSLv3, TLSv1]
So device is supporting SSLv3 and TLSv1.
Not sure that SNI is supported (it seems to not be the case for device < = Android 2.3.7).
https://developer.android.com/reference/javax/net/ssl/SSLEngine.html
Ok,
That's solved : the full chain cert was not in correct order + (extra) old key kept in file. When this occur, it seems that some devices will go ahead, but not some others.
APACHE: https://community.letsencrypt.org/t/incorrect-order-and-extra-certificate-error/8759
So when check the SSL conf of your server, check that there is no "Chain issues Incorrect order, Extra certs" for example here : https://www.ssllabs.com/ssltest/index.html.
If so correct the order of keys in file.
I will check for the next key renewall if the order is right.
Thanks, Eric
Hello,
Using API 19, and one PIWIK Server 2.16.5 (NGINX, SSL, letsencrypt) the events are sent.
With the same server and app, API 10 device throw this exception :
have you any clue ?
Thanks, Eric
Screen capture from info on Certificate when browsing PIWIK SSL server index page with API 10 device (https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394):
From https://www.ssllabs.com/ssltest/analyze.html on PIWIK SERVER