javax.net.ssl.SSLException

[BrunoVT1992]

We sometimes get following exception in Android:

javax.net.ssl.SSLException: Read error: ssl=0x99daa400: I/O error during system call, Connection reset by peer
    at com.android.org.conscrypt.NativeCrypto.SSL_read(Native Method)
    at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.read(OpenSSLSocketImpl.java:728)
    at okio.Okio$2.read(Okio.java:137)
    at okio.AsyncTimeout$2.read(AsyncTimeout.java:211)
    at okio.RealBufferedSource.indexOf(RealBufferedSource.java:295)
    at okio.RealBufferedSource.indexOf(RealBufferedSource.java:289)
    at okio.RealBufferedSource.readUtf8LineStrict(RealBufferedSource.java:196)
    at com.squareup.okhttp.internal.http.HttpConnection.readResponse(HttpConnection.java:190)
    at com.squareup.okhttp.internal.http.HttpTransport.readResponseHeaders(HttpTransport.java:80)
    at com.squareup.okhttp.internal.http.HttpEngine.readNetworkResponse(HttpEngine.java:830)
    at com.squareup.okhttp.internal.http.HttpEngine.access$200(HttpEngine.java:95)
    at com.squareup.okhttp.internal.http.HttpEngine$NetworkInterceptorChain.proceed(HttpEngine.java:823)
    at com.squareup.okhttp.internal.http.HttpEngine.readResponse(HttpEngine.java:684)
    at com.squareup.okhttp.Call.getResponse(Call.java:272)
    at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:228)
    at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:199)
    at com.squareup.okhttp.Call.access$100(Call.java:34)
    at com.squareup.okhttp.Call$AsyncCall.execute(Call.java:162)
    at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
    at java.lang.Thread.run(Thread.java:818)

I researched this and found this stackoverflow post but there is no way to fix this with this client.

[dodyg]

Are you connecting to TLS 1.2 only server? I got similar problem.

[kunni80]

@dodyg Which version of Android is this breaking for you?

[dodyg]

Minimum Android Target API Level 15 (v4.0.3)

[kunni80]

Support for TLS 1.2 on Android versions below 4.4 is not automatically enabled so a workaround is needed for it to work. I have a pull request #210 pending that fixes this issue - maybe this could help you.

[dodyg]

Great thanks. I've made a test project (a single file) that demonstrate the problem. https://github.com/dodyg/modern-http-client-android-tls-problem

There is a new nuget https://www.nuget.org/packages/enjin-modernhttpclient but I am not sure what that package has.

[kunni80]

Not sure either on that one.
Would be good to get @paulcbetts to accept the pull request

[dodyg]

Did you ever try the Xamarin fork?

[dodyg]

https://www.nuget.org/packages/enjin-modernhttpclient is quite useless in this regard. I just tried it and it returns the same error.

[kunni80]

Nope didn't try the Xamarin fork - for my project I used my fork.

[dodyg]

@kunni80 Thank you so much. It works. I updated my sample project with a release build of your fork. https://github.com/dodyg/modern-http-client-android-tls-problem/tree/master.

[kunni80]

Great. Glad it worked for you.

[dodyg]

I got another problem though :( The forked ModernHttpClient works fine in app but it fails in test library.

System.NullReferenceException was unhandled by user code
  HResult=-2147467261
  Message=Object reference not set to an instance of an object.
  Source=Mono.Android
  StackTrace:
       at Android.Runtime.JNIEnv.SetEnv()
       at Android.Runtime.JNIEnv.get_Handle()
       at Android.Runtime.JNIEnv.get_Env()
       at Android.Runtime.JNIEnv.NewString(Char[] text, Int32 length)
       at Android.Runtime.JNIEnv.BinaryName(String classname)
       at Android.Runtime.JNIEnv.FindClass(String classname)
       at Android.Runtime.JNIEnv.FindClass(String className, IntPtr& cachedJniClassHandle)
       at Square.OkHttp.OkHttpClient..ctor()
       at ModernHttpClient.NativeMessageHandler..ctor(Boolean throwOnCaptiveNetwork, Boolean customSSLVerification, NativeCookieHandler cookieHandler)
       at ModernHttpClient.NativeMessageHandler..ctor()
       at MigrantFootprints.Core.API.HttpClientExtensions.Instance() in H:\Repository\Journey\App\MigrantFootprints.Core\API\HttpClientExtensions.cs:line 63
       at MigrantFootprints.Core.API.LookupAPI.<GetLookupAsync>d__0.MoveNext() in H:\Repository\Journey\App\MigrantFootprints.Core\API\LookupAPI.cs:line 13
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
       at MigrantFootprints.Core.Tests.API.LookupTests.<GetLookupTest>d__0.MoveNext() in H:\Repository\Journey\App\MigrantFootprints.Core.Tests\API\LookupTests.cs:line 17
  InnerException: 

[dodyg]

Never mind. I have to do #if conditional compilation so the normal test library uses non ModernHttpClient. HttpClient

[ghost]

Is there any plan that this fix will be included in the next release of ModernHttpClient?

[ghost]

Hi, In TLS negotiation I found out only the following cipher suite is the strongers that is supported:
-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Is there any change that we can get support for all cipher suites (the stronger)?

[ghost]

I found that not all cipher suites are supported, actually exactly as stated here:
http://developer.android.com/reference/javax/net/ssl/SSLSocket.html

Here are the screenshots of TLS handshake:
The Client:

The Server:

Is there any chance to make other (stronger) cipher suites to work?

[kunni80]

@NovakSavicOPAL I have added in support for cipher suites in my fork see if that works out for you - i have also added it to the #210 pull request

[ghost]

@kunni80
Thanks, can you tell me where can I find TlsSSLSocketFactory?

[kunni80]

It is a custom class - you can find it in her here

[ghost]

Ok. For some reason it was not added to the ModernHttpClient.Android project.

[ghost]

As I expected. It the same, since your change only explicitly set supported cipher suites. But supported one are as specified:
http://developer.android.com/reference/javax/net/ssl/SSLSocket.html
Maybe I did not put it clearly, sorry for that. All cipher suites that are officially supported on 4.2.2 are there.

But :-), I need more, actually all cipher suites that are supported on Android 5.

[alexrainman]

Guys, i released an updated version of the this library and i will be incorporating fixes using the bugs from this repo. You can find it by this name modernhttpclient-updated.2.4.3