During developing Android application I faced a problem with SSL connection in android lower than KIT KAT.
Application is using ch.boye.httpclientandroidlib to connect. When I tried to get httpConnection I'm getting error:
here was error during executing http request.
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
In Android newest than KIT KAT everything works fine.
I'm trying to use solution sugested in here but i have a problem with casting types from ch.boye.httpclientandroidlib to apache elements in my current implemetations.
Is there any solution for using this library for android lower than KIT KAT?
I found a solution to this same issue here... using the class TlsSniSocketFactory (you'll have to also download IgnoreSSLTrustManager and SelfSignedTrustManager from the same "util" folder) and add it to your project.
Then register the new scheme on your SchemeRegistry object like so:
schemeRegistry.register(new Scheme("https", new TlsSniSocketFactory(), port));
My issue was my web service is set to use TLS 1.2 only.
Android devices running Android 4.4.4 and below do not automatically enable TLS 1.2 so you have to manually enable it (IMPORTANT * devices older than Android 4.1 cannot support TLS 1.2 at all, so this solution wont work for those older devices)
Late answer but hopefully helps someone
Cheers
Related
I am getting the error " SVN: SSLv3 SSLContext not available SVN: OPTIONS request failed on ('SVN URL') while trying to connect to SVN repository through RAD 7.5.
I am using web sphere 7.0.
I am able to remote desktop to the server and also can login using the URL directly.
Only problem is through RAD.
Can anyone please help.
Thanks
It seems that RAD 7.5 does not support modern TLS/SSL versions, and supports only SSL 3.0 or older. I think that your server does not enable SSL 3.0 for security reasons. SSL 3.0 is deprecated and not secure.
I'm trying to make a third-party SOAP service call that uses HTTPS from local (development environment) AEM 5.6.1. The SOAP service accepts the requests with a minimum TLS Protocols of TLSv1.1.
I have AEM 5.6.1 that uses JDK7 and for JDK7 the default TLSv1.
To achieve the minimum acceptable TLS. I tried the below two approaches:
Approach 1:
Made AEM start with -Dhttps.protocols=TLSv1.2
Approach 2:
Updated the SSLContext to update TLS.
SSLContext context = null;
try {
context = SSLContext.getInstance("TLSv1.2");
context.init(null, null, new java.security.SecureRandom());
SSLContext.setDefault(context);
LOGGER.info("Currecnt TLS:" + SSLContext.getDefault().getProtocol());
}catch (Exception e){
LOGGER.error("Error while updating TLS:",e);
}
First one doesn't work will, but the other one to update the TLS protocol for AEM to TLSv1.2.
But I'm still unable to access the service. The error remains the same.
Error:
The required TLS connection level has not been met. SSL Protocol level: TLSv1
Reference:
https://stackoverflow.com/a/42291244/4802007
https://stackoverflow.com/a/32346644/4802007
I would like to know 2 things here,
Am'I missing anything that is stopping the proper TLS update.
Is there any way to update the TLS only for this particular service, instead of changing it globally.
Thanks
This is a bug in CQ 5.5/5.6. The core issue boils down to the fact that in older CQ version SSLv3 was not allowed to be disabled by config and therefore TLS parameters never took effect.
You need to contact Daycare support and ask for a hotfix for your version.
Alternatively, check out this HF from your package share account: HOTFIX-5220 as this may have the fix for your TLS issue.
AEM 6.0 released a hotfix for this issue available via package share. Use your login and search for HOTFIX-5238 under 6.0 and ask Daycare for a back port or a compatible package for your version of AEM if the above mentioned hot fix does not work for you.
My java version is 1.6 and connect to a server over ssl using axis 2 stub; all used to work fine. It seems like they did some upgrade (apache2.4) and the ssl handshake doesn't happen anymore. I receive javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake error. Just for testing purpose, I locally installed jdk 8 and tested it works fine. Is there any way to make this work using jdk1.6? It is not possible to upgrade jdk now.
It is hard to tell without more details but I guess that the server either requires a TLS version unsupported by JDK 6 (e.g. TLS 1.1 or TLS 1.2) or uses ciphers which are not supported by JDK 6 yet. Another option might be that the server needs SNI (server name indication) which is not supported by JDK 6. If the problem is any of these things you are unfortunately out of luck with JDK 6.
I suggest you check with SSLLabs to get more details about the problem. They show also compatibility information regarding various JDK versions.
You could try using a 3rd party JCE provider, Bouncy Castle comes into mind:
https://www.bouncycastle.org
I am new to J2ME midlet. i created the midlet application for nokia. application works fine with http. but after changing the url from http to https it's not working. other https sites (like google) are working fine. but our server link is not working.i got the following exception java.io.IOException Native Error-5 . This is my sample code.
String url = "https://domain";
HttpsConnection hc = (HttpsConnection)Connector.open(url);
SecurityInfo si = hc.getSecurityInfo();
Certificate c = si.getServerCertificate();
String subject = c.getSubject();
I remember Nokia phones report errors like that (errors from native code layer). It was not easy to find meaning for them. If it is a Symbian phone, you can try to check Symbian I/O error codes, from Symbian SDK doc (not Java as it absent there). The error codes are reported to J2ME with negative sign, as far as I remember.
For your case I think that it happens because you use a self-signed SSL certificate on your server, and the device can't validate it against root authorities certificates installed on the device. This explains why you can access other HTTPS sites like google, which use proper certs on server.
Solution can be:
(1) to buy and install SSL cert from Twante or Verysign on your server. Some devices may not recognize Twante (they do not have appropriate root certs), some Verysign (it's unlikely, but few devices had such problem). Major part of J2ME devices should accept Twante certs, which are (were when I developed for J2ME some time ago) cheaper than Verysign
(2) install your root cert to device (possible on some devices, very few though). It's a bad solution for generic case, as you can't install cert in every device, each time user installs the app
(3) do not use SSL at all :)
(4) use HTTP but encrypt data yourself, there even are some J2ME crypto libs such as port of BouncyCastle http://en.wikipedia.org/wiki/Bouncy_Castle_(cryptography). But processing SSL in java code severely impacts performance. Acceptable for not big amount of data (texts, etc), but you may want to transfer images over regular HTTP w/o SSL
There is a simple scan call going to dynamo from my code which works fine in Java 6 and not in Java 7. The amazon forums mention this problem and recommend disabling certificate verification, which seems risky to me. Does anyone know what changed between Java 6 & 7 to cause this issue?
3-Jul-2012 3:51:27 PM com.amazonaws.http.AmazonHttpClient executeHelper
WARNING: Unable to execute HTTP request: peer not authenticated
If it works with one JRE and not another, the problem is likely that you don't have the correct CA cert installed in your 1.7 JRE keystore. See this post for details:
http://welocally.com/?p=1358
You can also just connect to the http:// version of the Dynamo endpoint and so avoid ssl altogether (and get a nice performance boost as a result).