You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jerry Malcolm <te...@malcolms.com> on 2018/11/02 20:58:53 UTC
[users@httpd] SSL Handshake Exception in call from Android
I am writing an Android app that needs to make calls to my httpd server
(Apache 2.4.33). I am getting the following exception in my Android app:
Exception: javax.net.ssl.SSLHandshakeException:
javax.net.ssl.SSLProtocolException: SSL handshake aborted:
ssl=0x809adc78: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure (external/openssl/ssl/s23_clnt.c:744
0x725e0cfc:0x00000000)
The same Android app calls Google Maps https with no problem and also
calls another server with https that I do not own with no problem. So
I'm assuming I have something wrong in my httpd config. But I need some
help figuring it out.
The same web site responds just fine to https calls from browsers. It
just doesn't work when called from my Android app. It also works fine if
I use http instead of https. But I need https.
Suggestions as to what might be wrong?
Thx.
Jerry
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: SSL Handshake Exception in call from Android
Posted by "@lbutlr" <kr...@kreme.com>.
On 02 Nov 2018, at 14:58, Jerry Malcolm <te...@malcolms.com> wrote:
> The same Android app calls Google Maps https with no problem and also calls another server with https that I do not own with no problem. So I'm assuming I have something wrong in my httpd config. But I need some help figuring it out.
Have you checked your server against an ssl reporter like SSL Labs?
<https://www.ssllabs.com/ssltest/>
If you domain is malcolms.com there are some minor issues:
<https://www.ssllabs.com/ssltest/analyze.html?d=malcolms.com&latest>
I suspect the source of your issues are the SNI mismatch, though it could be allowing the deprecated/weak TLS_RSA_* cipher suites.
The lack of SNI leads to “Not trusted by Android trust store"
--
'It's a lovely morning, lads,' he said. 'I feel like a million dollars.
Don't you?' There was a murmur of reluctant agreement. 'Good,' said
Cohen. 'Let's go and get some.' --Interesting Times
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL Handshake Exception in call from Android
Posted by John <jo...@iliffe.ca>.
Be sure that there is at least one cipher suite in common between the
server and the Android app. The most likely issue is that all SSL
protocols and also TLS v1 have been disabled on the server. (required
for any e-commerce server taking VISA or Mastercard).
There is a **lot** of info about how to do this at:
https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite
John
==============================================
On Fri, 2018-11-02 at 19:10 -0500, Jerry Malcolm wrote:
> Hi Jeffrey, Thanks for the quick response.
>
> I set the LogLevel to debug. I'm getting a ton of debug info
> everywhere. However, the https requests from my app are not even
> showing up in any logs.... not even the virtual host access or error
> logs or the apache system logs. Nada... nothing. As if the calls were
> never made. Just to make sure there wasn't something else wrong, I
> changed https:// to http:// in my app, and everything works, including a
> ton of debug info in all of the logs. But as soon as I use https, it
> looks like the requests aren't even making it into httpd. But again....
> the whole site works fine in https when using a browser.
>
> Any ideas? Am I not looking at the right place for the logs?
>
> Jerry
>
>
> On 11/2/2018 4:55 PM, Jeff Cauhape wrote:
> > Jerry,
> >
> > Have you set LogLevel to "debug" in httpd.conf and then check the sever
> > error logs?
> > Could be helpful to see what the server is objecting to.
> >
> > Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator
> > Nevada Department of Employment, Training and Rehabilitation
> > (775) 684-3804 (office) jpcauhape@detr.nv.gov
> >
> > -----Original Message-----
> > From: Jerry Malcolm [mailto:techstuff@malcolms.com]
> > Sent: Friday, November 2, 2018 1:59 PM
> > To: users@httpd.apache.org
> > Subject: [users@httpd] SSL Handshake Exception in call from Android
> >
> > I am writing an Android app that needs to make calls to my httpd server
> > (Apache 2.4.33). I am getting the following exception in my Android app:
> >
> > Exception: javax.net.ssl.SSLHandshakeException:
> > javax.net.ssl.SSLProtocolException: SSL handshake aborted:
> > ssl=0x809adc78: Failure in SSL library, usually a protocol error
> > error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> > handshake failure (external/openssl/ssl/s23_clnt.c:744
> > 0x725e0cfc:0x00000000)
> >
> > The same Android app calls Google Maps https with no problem and also calls
> > another server with https that I do not own with no problem. So I'm
> > assuming I have something wrong in my httpd config. But I need some help
> > figuring it out.
> >
> > The same web site responds just fine to https calls from browsers. It just
> > doesn't work when called from my Android app. It also works fine if I use
> > http instead of https. But I need https.
> >
> > Suggestions as to what might be wrong?
> >
> > Thx.
> >
> > Jerry
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] {Resolved] SSL Handshake Exception in call from
Android
Posted by Jerry Malcolm <te...@malcolms.com>.
I admit to knowing just enough about ssl/tls config to be dangerous....
When I first implemented SSL a couple of years ago, I had cloned the
sslprotocol and cipher lines from a another httpd I was managing at the
time (but did not set up...so no clue as to origin of the config). It
was working there, and it worked for me (at least with browsers). It
listed a bunch of cipher suites that I have no idea where they came
from. But obviously, it wasn't listing the one that Android was using.
Trying not to have to get a PhD in ssl/tls, I gave up trying to figure
out from android docs what cipher would make android happy. I decided
to wipe out what I was using and replace with the default config
specified in httpd_ssl.conf:
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:c:/wamp/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
This config worked. Apparently in lieu of specifying individual
ciphers, this says just use 'any high or medium cipher'. Good enough
for me if both android and httpd are happy.
On to the next problem....
Thanks as always for the help.
Jerry
On 11/2/2018 7:10 PM, Jerry Malcolm wrote:
> Hi Jeffrey, Thanks for the quick response.
>
> I set the LogLevel to debug. I'm getting a ton of debug info
> everywhere. However, the https requests from my app are not even
> showing up in any logs.... not even the virtual host access or error
> logs or the apache system logs. Nada... nothing. As if the calls
> were never made. Just to make sure there wasn't something else wrong,
> I changed https:// to http:// in my app, and everything works,
> including a ton of debug info in all of the logs. But as soon as I
> use https, it looks like the requests aren't even making it into
> httpd. But again.... the whole site works fine in https when using a
> browser.
>
> Any ideas? Am I not looking at the right place for the logs?
>
> Jerry
>
>
> On 11/2/2018 4:55 PM, Jeff Cauhape wrote:
>> Jerry,
>>
>> Have you set LogLevel to "debug" in httpd.conf and then check the
>> sever error logs?
>> Could be helpful to see what the server is objecting to.
>>
>> Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator
>> Nevada Department of Employment, Training and Rehabilitation
>> (775) 684-3804 (office) jpcauhape@detr.nv.gov
>>
>> -----Original Message-----
>> From: Jerry Malcolm [mailto:techstuff@malcolms.com]
>> Sent: Friday, November 2, 2018 1:59 PM
>> To: users@httpd.apache.org
>> Subject: [users@httpd] SSL Handshake Exception in call from Android
>>
>> I am writing an Android app that needs to make calls to my httpd
>> server (Apache 2.4.33). I am getting the following exception in my
>> Android app:
>>
>> Exception: javax.net.ssl.SSLHandshakeException:
>> javax.net.ssl.SSLProtocolException: SSL handshake aborted:
>> ssl=0x809adc78: Failure in SSL library, usually a protocol error
>> error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
>> handshake failure (external/openssl/ssl/s23_clnt.c:744
>> 0x725e0cfc:0x00000000)
>>
>> The same Android app calls Google Maps https with no problem and also
>> calls another server with https that I do not own with no problem.
>> So I'm assuming I have something wrong in my httpd config. But I
>> need some help figuring it out.
>>
>> The same web site responds just fine to https calls from browsers.
>> It just doesn't work when called from my Android app. It also works
>> fine if I use http instead of https. But I need https.
>>
>> Suggestions as to what might be wrong?
>>
>> Thx.
>>
>> Jerry
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL Handshake Exception in call from Android
Posted by Jerry Malcolm <te...@malcolms.com>.
Hi Jeffrey, Thanks for the quick response.
I set the LogLevel to debug. I'm getting a ton of debug info
everywhere. However, the https requests from my app are not even
showing up in any logs.... not even the virtual host access or error
logs or the apache system logs. Nada... nothing. As if the calls were
never made. Just to make sure there wasn't something else wrong, I
changed https:// to http:// in my app, and everything works, including a
ton of debug info in all of the logs. But as soon as I use https, it
looks like the requests aren't even making it into httpd. But again....
the whole site works fine in https when using a browser.
Any ideas? Am I not looking at the right place for the logs?
Jerry
On 11/2/2018 4:55 PM, Jeff Cauhape wrote:
> Jerry,
>
> Have you set LogLevel to "debug" in httpd.conf and then check the sever error logs?
> Could be helpful to see what the server is objecting to.
>
> Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator
> Nevada Department of Employment, Training and Rehabilitation
> (775) 684-3804 (office) jpcauhape@detr.nv.gov
>
> -----Original Message-----
> From: Jerry Malcolm [mailto:techstuff@malcolms.com]
> Sent: Friday, November 2, 2018 1:59 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] SSL Handshake Exception in call from Android
>
> I am writing an Android app that needs to make calls to my httpd server (Apache 2.4.33). I am getting the following exception in my Android app:
>
> Exception: javax.net.ssl.SSLHandshakeException:
> javax.net.ssl.SSLProtocolException: SSL handshake aborted:
> ssl=0x809adc78: Failure in SSL library, usually a protocol error
> error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744
> 0x725e0cfc:0x00000000)
>
> The same Android app calls Google Maps https with no problem and also calls another server with https that I do not own with no problem. So I'm assuming I have something wrong in my httpd config. But I need some help figuring it out.
>
> The same web site responds just fine to https calls from browsers. It just doesn't work when called from my Android app. It also works fine if I use http instead of https. But I need https.
>
> Suggestions as to what might be wrong?
>
> Thx.
>
> Jerry
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] SSL Handshake Exception in call from Android
Posted by Jeff Cauhape <jp...@detr.nv.gov>.
Jerry,
Have you set LogLevel to "debug" in httpd.conf and then check the sever error logs?
Could be helpful to see what the server is objecting to.
Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator
Nevada Department of Employment, Training and Rehabilitation
(775) 684-3804 (office) jpcauhape@detr.nv.gov
-----Original Message-----
From: Jerry Malcolm [mailto:techstuff@malcolms.com]
Sent: Friday, November 2, 2018 1:59 PM
To: users@httpd.apache.org
Subject: [users@httpd] SSL Handshake Exception in call from Android
I am writing an Android app that needs to make calls to my httpd server (Apache 2.4.33). I am getting the following exception in my Android app:
Exception: javax.net.ssl.SSLHandshakeException:
javax.net.ssl.SSLProtocolException: SSL handshake aborted:
ssl=0x809adc78: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744
0x725e0cfc:0x00000000)
The same Android app calls Google Maps https with no problem and also calls another server with https that I do not own with no problem. So I'm assuming I have something wrong in my httpd config. But I need some help figuring it out.
The same web site responds just fine to https calls from browsers. It just doesn't work when called from my Android app. It also works fine if I use http instead of https. But I need https.
Suggestions as to what might be wrong?
Thx.
Jerry
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org