Databases
StackOverflow2013
Postsdbo
POAndroid HttpsUrlConnection javax.net.ssl.SSLException Connection closed by peer handshake error when using local truststore
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAndroid HttpsUrlConnection javax.net.ssl.SSLException Connection closed by peer handshake error when using local truststore
    primarykey
    data
    text
    <p>I'm having trouble with getting Android to connect to a simple <code>OpenSSL</code> server using the <code>HttpsUrlConnection</code> object (I've combed through StackOverflow and a bunch of online tutorials, and followed the examples pretty much line for line and I still can't figure out why mine is broken when I use my local truststore).</p> <p>I currently have an Android activity that attempts to connect to a simple <code>OpenSSL server</code> (I can connect to my server using a OpenSSL client), once the <code>HttpsUrlConnection.connect()</code> is called I receive a "<code>javax.net.ssl.SSLException: Connection closed by peer" error during the SSL handshake.</code> Perhaps I am setting up my sample server incorrectly? </p> <p>Things to note:</p> <ul> <li>no client authorization at the moment</li> <li>am able to connect to <a href="https://www.google.com">https://www.google.com</a> when loading default trust store</li> <li>am not able to connect to server on localhost with self-signed certificate</li> <li>do not want to trust all certificates</li> <li>do not want to use Apache HttpClient</li> <li>want to use local truststore only</li> <li>created local truststore with bouncy castle</li> <li>am able to correctly load truststore into </li> <li>behind a proxy firewall, proxy is set on my android virtual device</li> <li>AVD set to <code>Android 4.1 API 16</code>. </li> </ul> <p>Things I have already tried: </p> <ul> <li>connecting to both <code>127.0.0.1 and 10.0.2.2</code></li> <li>using a new <code>SecureRandom() with the SSLContext.init()</code></li> <li>creating the URL with <code>'URL u = new URL("https", "10.0.2.2", 443, "/");'</code></li> <li>using <code>TrustManagerFactory.getDefaultAlgorithms()</code> instead of the "X509" <ul> <li>gives <code>"Unexpected response code error 503"</code> instead of "Connection closed by peer" </li> </ul></li> </ul> <p>Thank you in advance for taking the time to review my question!</p> <p>Simple server started with command:</p> <pre><code>$ sudo openssl s_server -accept 443 -cert server-cert.pem -key server-key.pem -pass file:passphrase.txt -state -www -verify 0 </code></pre> <p>Client connection tested with command:</p> <pre><code>$ openssl s_client -connect 127.0.0.1:443 </code></pre> <p>Android activity code (edited to remove complete running code for simplification - please let me know if more code is needed) - error output is below the code.</p> <pre><code> try { TrustManagerFactory tmf; // local trust store tmf = TrustManagerFactory.getInstance("X509"); tmf.init(loadLocalKeyStore(getApplicationContext())); // default trust store - works for https://www.google.com // tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); // tmf.init((KeyStore) null); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.STRICT_HOSTNAME_VERIFIER; URL u = new URL("https://10.0.2.2"); HttpsURLConnection urlConnection = (HttpsURLConnection) u.openConnection(); urlConnection.setSSLSocketFactory(context.getSocketFactory()); urlConnection.setHostnameVerifier(hostnameVerifier); urlConnection.connect(); System.out.println("Response Code: " + urlConnection.getResponseCode()); System.out.println("Response Code: " + urlConnection.getCipherSuite()); } ... private KeyStore loadLocalKeyStore(Context context) { InputStream in = context.getResources().openRawResource(R.raw.newserverkeystore); KeyStore trusted = null; try { trusted = KeyStore.getInstance("BKS"); trusted.load(in, "thisisasecret".toCharArray()); } finally { in.close(); } return trusted; } </code></pre> <p>Output when connecting correctly to <a href="https://www.google.com">https://www.google.com</a>:</p> <pre><code>09-09 21:58:09.947: I/System.out(669): Response Code: 200 09-09 21:58:09.947: I/System.out(669): Response Code: TLS_ECDHE_RSA_WITH_RC4_128_SHA </code></pre> <p>Output when trying to connect to my server with self-signed certificate:</p> <pre><code>09-09 22:03:23.377: D/HttpsProxy(717): Https Request error 09-09 22:03:23.377: D/HttpsProxy(717): javax.net.ssl.SSLException: Connection closed by peer 09-09 22:03:23.377: D/HttpsProxy(717): at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method) 09-09 22:03:23.377: D/HttpsProxy(717): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:395) 09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:210) 09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478) 09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:442) 09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:289) 09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:239) 09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:80) 09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:165) 09-09 22:03:23.377: D/HttpsProxy(717): at com.example.myfirstapp.HttpsUrlConnectionActivity$3.doInBackground(HttpsUrlConnectionActivity.java:257) 09-09 22:03:23.377: D/HttpsProxy(717): at com.example.myfirstapp.HttpsUrlConnectionActivity$3.doInBackground(HttpsUrlConnectionActivity.java:1) 09-09 22:03:23.377: D/HttpsProxy(717): at android.os.AsyncTask$2.call(AsyncTask.java:287) 09-09 22:03:23.377: D/HttpsProxy(717): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305) 09-09 22:03:23.377: D/HttpsProxy(717): at java.util.concurrent.FutureTask.run(FutureTask.java:137) 09-09 22:03:23.377: D/HttpsProxy(717): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230) 09-09 22:03:23.377: D/HttpsProxy(717): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076) 09-09 22:03:23.377: D/HttpsProxy(717): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569) 09-09 22:03:23.377: D/HttpsProxy(717): at java.lang.Thread.run(Thread.java:856) </code></pre> <p>Thanks again!!</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USaspergillusOryzae
    1. USaspergillusOryzae
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POAndroid HttpsUrlConnection javax.net.ssl.SSLException Connection closed by peer handshake error when using local truststore
      1. USBo.
      1. VTFavorite
    2. VO
      singulars
      1. POAndroid HttpsUrlConnection javax.net.ssl.SSLException Connection closed by peer handshake error when using local truststore
      1. This table or related slice is empty.
      1. VTDownMod
    3. VO
      singulars
      1. POAndroid HttpsUrlConnection javax.net.ssl.SSLException Connection closed by peer handshake error when using local truststore
      1. This table or related slice is empty.
      1. VTApproveEditSuggestion
    1. COI forgot to mention that I don't see any server activity when I try to connect with the Android emulator, only with my OpenSSL client.
      singulars
      1. POAndroid HttpsUrlConnection javax.net.ssl.SSLException Connection closed by peer handshake error when using local truststore
      1. USaspergillusOryzae
    2. COvery difficult to format this question ;-)
      singulars
      1. POAndroid HttpsUrlConnection javax.net.ssl.SSLException Connection closed by peer handshake error when using local truststore
      1. USSandip Armal Patil
    3. COSorry, is there a way I can make it easier to understand before down voting the question? I was trying explain methods I had taken from other posts before I get re-directed to them.
      singulars
      1. POAndroid HttpsUrlConnection javax.net.ssl.SSLException Connection closed by peer handshake error when using local truststore
      1. USaspergillusOryzae
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload