@BodoBiker said in Handshake error: SL23_GET_SERVER_HELLO:
Obviously, TLS 1.2 and cipher suite use/need each other, but have different origin. That’s why they have different “responsible persons”. Dit I understand this correct?
TLS is a network protocol, and cipher suites are encryption algorithms. TLS makes it possible to use these algorithms on transport layer in network communication (by defining handshake, key exchange, cipher suite selection etc.).
I assumed TLS 1.2 and cipher suite belongs together. If you support TLS 1.2 you support the necessary cipher suites. May be you can point me to an explanation (for users).
No, you can use the protocol with any cipher suites. For instance, servers can be configured to use TLS 1.2, but many (even obsolete and unsecure) cipher suites. Or it can be configured to a very limited set of ciphers, like your server.
It is possible to get the necessary cipher suite similar to the TLS 1.2 support from a third party security provider rather than from an Android update for KitKat, which is may be more unlikely?
Theoretically, you may implement these cipher suites on application level. However, they don’t belong there. Cipher suites should be used from the operating system/framework, and Android doesn’t support your server’s cipher suites until API level 20.
On the other side I ask my web hoster to aktivate the older cipher suites knowing that its settings based on a strong security advise.
Yes, they will have to enable cipher suites which are compatible with your device. It seems they have disabled all SHA ciphers in favor of SHA256 and SHA384, which are more secure, but not supported by your device.
Of course, you can also update your device to a recent Android version (for instance, with a custom ROM, if your manufactorer doesn’t provide an up-to-date operating system).
I don’t understand for whatever reason I’m the only person of 32,5 % KitKat users facing this issue.
Because your server is configured to a very limited set of ciphers, which is not a common configuration.