Android Question Server calls not working on Android 5 and lower since api 26

dieterp

Active Member
Licensed User
Ever since I started using api 26 as my targetSDKVersion, it appears that older versions of Android (Generally 5 and down) can no longer make calls to my server. I don't have an older device to test on, but these are reports that are coming in from users. My minSDKVersion is set to 4. I use the okhttp libraries for the calls, but the switch from http to okhttp was possibly done haphazardly, so I'm not sure if something is clashing somewhere. Does anyone have any idea of what could be causing the problem?
 

dieterp

Active Member
Licensed User
I managed to get the exact error message being thrown: javax.net.ssl.sslpeerunverifiedexception no peer certificate

Does this have to do with using the "HttpUtils2 source code instead of the library and replace hc.Initialize with hc.InitializeAcceptAll", as suggested by Erel?
 

dieterp

Active Member
Licensed User
It also seems that the issue escalated shortly after I replaced my expired SSL certificate on the server. Could the problem also be that something isn't configured correctly with the new certificate?
 

dieterp

Active Member
Licensed User
Server issues aside, is there a smoking gun amongst those configurations that would cause older versions of Android to have problems uploading to the server?

@DonManfred, I haven't made any changes to httputils2 yet. I first want to establish if this could be server issues
 

techknight

Well-Known Member
Licensed User
First off, you have to verify that your Certificate Authority is trusted and not expired in older versions of android, Also, you need to check compatible Cipher suites that older versions of android works with.

For example, your Root CA is this:
https://www.xolphin.com/support/FAQ/Transition_from_Comodo_CA_to_Sectigo

That right there is a glaring issue becuase it used to be COMODO. its not anymore, and it changed in 2019. This means older versions of android that are not receiving updates, no longer have a valid Root CA for this company. So any new certificates issued under the new authority will have a broken chain of trust. This right here could very well be your problem.

Otherwise if this is not your issue,

Android 4.X has known SSL issues, and the fixes escape me.

New SDKs also have more strict SSL requirements. The fact that your server responds to SSL V3 in of itself could be a huge issue. Google is known to do crazy things like that.

Once you get your server configured properly, at least get it to a Grade B or better, then you can troubleshoot more easily.
 
Last edited:

dieterp

Active Member
Licensed User
Update: I've resolved the problem by updating the httputils2 source code library in my app, and changing the hc.Initialize part to hc.InitializeAcceptAll. It looks like the SSL certificate was installed correctly on the server, but it's hard to say whether the renewed certificate caused any problems. Either way, everything is on track again. Thanks to all who assisted with this query!
 

techknight

Well-Known Member
Licensed User
InitializeAcceptAll is a workaround, it basically approves any SSL clerical errors by forcing the system to bypass the certificate checks.

So it'll accept anything. This can be dangerous if your server for some reason gets taken over, it'll just accept any certificate thrown at it, including self-signed ones.

However, At least it works.
 

dieterp

Active Member
Licensed User
Thanks for the heads up. I'll try dig a bit deeper to understand if there is still something that can be done on the server
 
Top