Unable to connect to Android if disable SSLv2 / SSLv3 on HTTPS server
On an Android app (Kitkat 4.4.4 on a Nexus 7) I am using the Retrofit REST library to access an HTTPS server, which I have configured to only allow TLS but not SSL (to fix the Poodle vulnerability).
My setup code for my customization is simple
RetrofitInterface retrofitInterface = new RestAdapter.Builder()
.setEndpoint(API.API_URL).build().create(RetrofitInterface.class);
and I am no longer setting up SSL specific configuration.
If I deny SSLv2 / SSLv3 in the server configuration, the REST resource request fails with this error message:
failure retrofit.RetrofitError: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x69978800: Failure in SSL library, usually a protocol error
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1256 0x683cddf8:0x00000003)
When I configure my HTTPS server to allow SSLv2 / SSLv3 the problem goes away.
Is there any additional configuration needed to force the HTTP HTTP library to use TLS instead of SSL?
+3
source to share