[GitHub] [cordova-android] breautek commented on issue #1435: Authentication call not working to remote API in release mode because SSL Error

[GitBox <gi...@apache.org>]

breautek commented on issue #1435:
URL: https://github.com/apache/cordova-android/issues/1435#issuecomment-1135881026

   SSL errors are generally caused by:
   
   1. Missing intermediate certificate on the local device (e..g the webserver does not supply the full certificate chain)
   2. There is a mismatch of supported encryption algorithms and/or ciphers between the device and the server. This is often the case with older phones or phones that isn't up-to-date with their updates. Sometimes in order to support older devices, you need to use/enable weaker, potentially insecure SSL settings on the server. Of course, this becomes a risk vs value assessment.
   
   [SSL Labs](https://www.ssllabs.com/ssltest/) offers a great testing tool for the server to test your server's configuration, including potential security vulnerabilities, as well as generally supported browsers / devices.
   
   > SystemWebViewClient onReceivedSslError method treats the SSL errors differently in debug mode and makes calls being handled differently
   
   I think I agree with this sentiment. Relaxed SSL errors are often saught upon for local development, so that you can run self-signed certificates for example, but maybe this should be either an opt-in or opt-out kind of feature.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org