Sslv3 alert handshake failure
AutoImport-xatr0z last edited by
I get the following error with my nginx server:
javax.net.ssl.SSL.ProtocolException: SSL handshake aborted: ssl=0x52.....: Failure in in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO_:sslv3 alert handshake failure
Firefox works fine with the same URLs. I got similar errors with other programs in the past because they lacked support for Server Name Indication. (I use SNI to proxy the client to the right server). Is it possible to add support for SNI?
Sounds like your server only supports SSLv3. DAVdroid uses the default Android
HttpsUrlConnectionand doesn't change any SSL/TLS settings. SNI is supported as it's supported by
Please provide more information, maybe the host name? Which protocol versions are supported?
Any news on this?
I have an apache 2.4 web server configured to only allow TLS v1.2 connections. My SSL cipher suite is
I got the following error message:
javax.net.ssl SSL ProtocolException: SSL handshake aborted: ssl=0xf0f058: Failure in SSL library, usually a protocol error
alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x5d570d74:0x00000000)
Will TLS v1.2 be supported by CAdroid in the future?
On my android (4.4.4) the internal browser and firefox can display the website just fine.
Sounds like your server only supports SSLv3.DAVdroid uses the default Android HttpsUrlConnection and doesn't change any SSL/TLS settings. According to your description, it seems that Android 4.4.4 doesn't activate TLSv1.2 by default, which is quite… strange? But yes, I think it's only enabled in Android 5+ by default, so we'll have to hack the default Android settings to enable essential encryption features.
I don't understand why you say: Sounds like your server only supports SSLv3
I dropped the support for all protocols that are below TLSv1.2 with the following rule in my apache:
I am running paranoid android 4.6 beta 5 (from 2014-10-22) and the stock browser provided can perfectly connect to websites using TLSv1.2. Is it not CAdroid program that doesn't know how to connect using TLSv1.2?
Sorry, I can't concentrate today. Just ignore the first sentence in my previous post.
TLSv1.2 support comes by default with Android 5+, see http://blog.dev001.net/post/67082904181/android-using-sni-and-tlsv1-2-with-apache and https://code.google.com/p/android/issues/detail?id=61085#c6
On versions below, we'll have to hack the default Android settings to enable essential encryption features.
Ok, thanks. The good news is that it is possible in android >= 4.1/4.2 and < 5.0 but has to be activated manually. Let me know if you need more details. I am ready for testing futur versions of CAdroid.
@rfc2822: any news about it? when will it be fixed?
@markus80: Don't know when I can find an hour. Pull requests are always welcome, basically it's only a few lines (see my blog article).
Hi, I also would be interesed to have this fixed in order to be able to sync contacts and calendar with my owncloud. For now I just have imported all my contacts manually and I'm not using calendar. I don't want to activate TLSv1.0 on my server. Would it help motivating you if we do a small donation?
donations should not be dependent on specific bugfixes / features.. :s
I have already a bugfix - except for Android version 4.0 (API level 15) which only supports TLSv1 and SSLv3 regarding SSLSocketFactory.
Currently I'm testing it with all supported Android versions...
Pull request is provided: https://github.com/bitfireAT/cadroid/pull/20
Thanks, I hope I can release a new version soon.