Android Question okHttp - javax.net.ssl.SSLProtocolException SHA-256

MarcoRome

Expert
Licensed User
Longtime User
Hi all. Time ago i write time ago one library Paypal credit card, now seem that this library have a few problems with SSL, when i call:
B4X:
https://api.sandbox.paypal.com/v1/oauth2/token","grant_type=client_credentials")

find message i have this error:
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
After i change this line code:
B4X:
Change hc.Initialize in HttpUtils2Service to hc.InitializeAcceptAll
as suggestion Erel HERE

Now i have this error:
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException:
SSL handshake aborted: ssl=0x7a11ad08: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x74686718:0x00000000)

Any idea ?
Thank you
Marco
 

MarcoRome

Expert
Licensed User
Longtime User
Yes i have some Error:

Screenshot 2016-02-22 07.16.35.png


and without modified library ( hc.Initialize.... ), i use in this contest okHttp library + okHttpUtils2 library
 
Upvote 0

MarcoRome

Expert
Licensed User
Longtime User
Screenshot 2016-02-22 07.36.38.png


Screenshot 2016-02-22 07.38.46.png


This is error:
Installing file.
PackageAdded: package:b4a.example
** Service (starter) Create **
** Service (starter) Start **
** Activity (main) Create, isFirst = true **
** Activity (main) Resume **
** Service (httputils2service) Create **
** Service (httputils2service) Start **
[errormessage=javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7abe6d98: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x74686718:0x00000000), httputils2service=null, jobname=
, password=, req=anywheresoftware.b4h.okhttp.OkHttpClientWrapper$OkHttpRequest@421e0438, username=
, tag=java.lang.Object@421e0450, target=class b4a.example.main, taskid=1
, success=false]

Compiled B4A 5.80 #1 / JDK 1.8.0_66 / android.jar ( 23 )

Screenshot 2016-02-22 07.34.21.png
 
Upvote 0

MarcoRome

Expert
Licensed User
Longtime User
I have try also with HttpUtils2 ( 2.01 ) / Http ( 1.36 )
But i have some effect.
The thing strain is that work with a lot program that use HttpUtil and i havent this problem with another apps.
Today i try also with another devices.
anyway this is error:

** Service (starter) Create **
** Service (starter) Start **
** Activity (main) Create, isFirst = true **
** Activity (main) Resume **
** Service (httputils2service) Create **
** Service (httputils2service) Start **
[errormessage=javax.net.ssl.SSLPeerUnverifiedException: No peer certificate, httputils2service=null, jobname=
, password=, [EMAIL]req=anywheresoftware.b4a.http.HttpClientWrapper$HttpUriRequestWrapper@421b74d8[/EMAIL], username=
, tag=java.lang.Object@421b74f0, target=class b4a.example.main, taskid=1
, success=false]
-- AppUpdating.NewInst2: processing service_start
-- AppUpdating.NewInst2: processing service_start


1.jpg


2.jpg
 
Upvote 0

Pendrush

Well-Known Member
Licensed User
Longtime User
Sandbox Endpoints - Ready Now
The PayPal Sandbox endpoints have been configured with the latest security standards to which the Production endpoints will be moving. You can use these endpoints to verify that your code supports the required standards prior to the Production endpoints getting updated. These endpoints have been upgraded to the new SHA-256, 2048-bit certificates:
  • api.sandbox.paypal.com
  • api-3t.sandbox.paypal.com
  • api-aa.sandbox.paypal.com
  • api-aa-3t.sandbox.paypal.com
  • svcs.sandbox.paypal.com
  • pointofsale.sandbox.paypal.com
  • ipnpb.sandbox.paypal.com
  • www.sandbox.paypal.com (for IPN)

Production Endpoints - Ready after June 17, 2016
The following Production endpoints will be upgraded to new SHA-256, 2048-bit certificates after June 17, 2016:
  • api.paypal.com
  • api-3t.paypal.com
  • api-aa.paypal.com
  • api-aa-3t.paypal.com
  • svcs.paypal.com
  • ipnpb.paypal.com

https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1766&expand=true&locale=en_US
 
Upvote 0

MarcoRome

Expert
Licensed User
Longtime User
I realized this error because one of our colleagues (that use device Huawei with Android 4.2) has had this problem with Library PayPal CreditCard ( HERE )
So i try the library and actually the problem exists. Until december 2015 never had this problem.
Is it possibile that also THIS depends because they have made changes ?
 
Upvote 0

MarcoRome

Expert
Licensed User
Longtime User
But anyway this code should be valid:

B4X:
Sub Activity_Create(FirstTime As Boolean)
   Dim j As HttpJob
   j.Initialize("", Me)
   j.Download("https://api.sandbox.paypal.com/v1/oauth2/token")
    
End Sub

Sub jobdone(j As HttpJob)
   Log(j)
End Sub

or no ? :confused:
 
Upvote 0

MarcoRome

Expert
Licensed User
Longtime User
Not sure why it doesn't work on your device. It does work here with OkHttp. You will need to use Http for now.
Maybe understand because dont work.

Looks that server is using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher. It only started being supported in API 20 (L Preview). You can see a list of supported ciphers by API level on the SSLSocket docs.
Try running your test on a 5.0 or above device. For example, the following code is successful on a device running 5.0, but gets an SSL exception on 4.4.4 --

The issue is not retrofit or okhttp, but the limitations of the default security providers provided on older phones.
You can work around it by installing a new provider. Google makes one available through google play services, and is easy to install. One line (plus exception handling, etc).

"Updating Your Security Provider to Protect Against SSL Exploits" from Google.
Found this information HERE

Erel do you have any tricks ?
 
Last edited:
Upvote 0
Top