Closed JeffreyCA closed 7 years ago
Ick. You’ll need to customize the cipher suite – which is difficult – and maybe also the trusted root certificate. Here’s a big ugly sample.
https://gist.github.com/swankjesse/db5619904ea9c3352a9cb18ae903cc25
Thank you for your help, really appreciate it. I tried your example and implemented it in an Android activity. On 4.4.2, I get the following message:
java.lang.IllegalArgumentException: cipherSuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is not supported.
I don't think the server accepts any of the cipher suites listed here that are compatible with pre-API 20 devices. The devices do not support TLS 1.2, and the server only deals with TLS 1.2.
The server allows these ciphers:
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
CipherSuite.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
All of them except for the last one result in java.lang.IllegalArgumentException: cipherSuite is not supported.
The last one results in a handshake error.
I tried this suggestion as well, but still got that error.
Thank you, it solved it for me! I followed the stuff under Patching Asynchronously, and put the OkHttp request in the onProviderInstalled
method, and now the device supports the TLS 1.2 ciphers. I didn't even need to use the NasaClient code. The only requirement was that the device needed an up-to-date version of Google Play Services installed.
Hey Jeffrey, What if device don't have play services installed and cannot install it. I want to use it in lower version without having play service. Any suggestion. Thanks in advance.
OkHttp Version: 2.7.5
Relevant code:
Error Message:
SSLLabs Analysis for the apod.nasa.gov domain shows
Server sent fatal alert: handshake_failure
for all pre-Lollipop devices (4.4.2 is an exception, but I tested in an emulator and I still got that error) On post-Lollipop devices, the cipher is:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
. Compare to the SSLLabs Analysis of NASA's other domains: there are no handshake errors.Is this an issue on the provider's side? Is there a solution to successfully connect to the server
https://apod.nasa.gov/apod/astropix.html
on those older Android devices?I've tried countless posted solutions such as using custom SocketFactory, using Google Play Services dynamic security provider, unfortunately none worked for me for that specific server.
I don't know much about HTTPS & TLS stuff. I would really appreciate some help. Thank you.