pitiphong-p
commented
6 years ago Thank you for your help. We're investigating on this issue.
Closed Ak10990 closed 6 years ago
pitiphong-p
commented
6 years ago Thank you for your help. We're investigating on this issue.
pitiphong-p
commented
6 years ago @Ak10990 What's the Android version of the device you found this issue?
Ak10990
commented
6 years ago I am facing this issue on pre-lollipop devices notably jelly bean and kitkat.
pitiphong-p
commented
6 years ago Hi @Ak10990, we had reviewed and discussed on this issue and came up with a solution.
This issue is caused by the lack of a strong cipher suites support in pre-Lolipop and Omise dropped support of those weak suites those are supported in pre-Lolipop due to the security issue.
However there is an workaround here. Google provide a security update via the Google Play Service API. You can update your app to get an update for that. Please have a look at https://developer.android.com/training/articles/security-gms-provider . You can call the update code in your app Activity, the update will affect Omise Android SDK library that comes with your app bundle
We'll promote this into an official statement for this library soon. Thank you
Ak10990
commented
6 years ago Hi Can you provide some timeline for when this issue will be fixed and the sdk will be updated?
pitiphong-p
commented
6 years ago We can't do anything here since it's an issue caused by Android. What we can do is to update the README with the solution we told you in the last comment.
Ak10990
commented
6 years ago But that won't help since the custom builder for API is created in sdk itself. The app just uses the callbacks from there. The sdk has to be updated accordingly.
pitiphong-p
commented
6 years ago The SDK uses the Android default SSL factory which will be updated to support the newer suites with the installed Provider even though it was installed in the app. The Provider installation affects the whole process and the SDK should be ran in your app process
We did an experiment and it works as expected in a testing project. Could you try that workaround to see if that works for you?
PS. Please test on the real device or API 19 emulator. Google doesn't update GMS for emulator API 18 or lower anymore
pitiphong-p
commented
6 years ago @Ak10990 How's your situation now? Does the workaround work for you?
Ak10990
commented
6 years ago Still testing. Haven't faced this issue yet again.
pitiphong-p
commented
6 years ago Have you face this issue again? May we close this issue if you're ok?
Ak10990
commented
6 years ago Hi This issue is not fixed in the omise sdk master branch. Also we are still in the middle of release for testing the same with our users. The workaround changes in the 'pinning-certificate' branch will require the code to be copied into the project instead of using the sdk path in gradle itself.
pitiphong-p
commented
6 years ago The change in pinning-certificate is not related to this issue. As I told you this issue is on Android side. We can't do anything to fix this.
We try the workaround that we gave you and it works correctly on the API 19 emulator (with Play Store installed)
Could you re-validate your solution?
chakrit
commented
6 years ago No update for a month, closing.
Error description:- javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x59188280: Failure in SSL library, usually a protocol error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x5c43ed38:0x00000000)
Can you please check that proper certificates are provided in the client builder to fix this.