SSLHandshakeException: Handshake failed on Android N/7.0

by

This is a known regression in Android 7.0, acknowledged by Google and fixed sometime before the release of Android 7.1.1. Here is the bug report: https://code.google.com/p/android/issues/detail?id=224438.

To be clear, the bug here is that 7.0 only supports ONE elliptic curve: prime256v1 aka secp256r1 aka NIST P-256, as Cornelis points out in the question. So if your users are facing this issue, these are the workarounds available to you (ignoring the fact that your users should ideally just upgrade to Android 7.1.1):

  • Configure your server to use the elliptic curve prime256v1. For example, in Nginx 1.10 you do this by setting ssl_ecdh_curve prime256v1;.

  • If that doesn’t work, use older cipher suites that don’t rely on elliptic-curve cryptography (e.g., DHE-RSA-AES256-GCM-SHA384) (make sure you understand what you’re doing here in terms of data security)

NOTE: I am not an expert in elliptic-curve cryptography, make sure to do your own research on the security implications of my suggestions. Here are some other links I referred to while writing this answer:

More Related Contents:

  1. Javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: Failure in SSL library, usually a protocol error
  2. How to get charles proxy work with Android 7 nougat?
  3. Html.fromHtml deprecated in Android N
  4. How to enable TLS 1.2 support in an Android application (running on Android 4.1 JB)
  5. javax.net.ssl.SSLException: Read error: ssl=0x9524b800: I/O error during system call, Connection reset by peer
  6. Trusting all certificates with okHttp
  7. android.os.TransactionTooLargeException on Nougat
  8. Android N requires the IDE to be running with Java 1.8 or later?
  9. Detect CONNECTIVITY CHANGE in Android 7 and above when app is killed/in background
  10. Glide – javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
  11. Android volley self signed HTTPS trust anchor for certification path not found
  12. android webview with client certificate
  13. Job Scheduler not running on Android N
  14. ‘No peer certificate’ error in Android 2.3 but NOT in 4
  15. “Canvas: trying to draw too large bitmap” when Android N Display Size set larger than Small
  16. Expand/Collapse Lollipop toolbar animation (Telegram app)
  17. In Android 7 (API level 24) my app is not allowed to mute phone (set ringer mode to silent)
  18. SSL certificate is not trusted – on mobile only [closed]
  19. CLEARTEXT communication not supported on Retrofit
  20. Google Play security alert for insecure TrustManager
  21. job scheduler in android N with less then 15 minutes interval
  22. Reusing SSL Sessions in Android with HttpClient
  23. Xamarin Android issue connecting via HTTPS to site with self-signed certificate: “Trust anchor for certification path not found.”
  24. javax.net.ssl.sslpeerunverifiedexception no peer certificate
  25. Error “Could not load SSL library” on Android with TidHTTP
  26. How can I set SignalR in Android Studio to ignore SSL issues for delvelopement
  27. How can I implement SSL Certificate Pinning while using React Native
  28. How can I make Android Volley perform HTTPS request, using a certificate self-signed by an Unknown CA?
  29. android Google Play Warning: SSL Error Handler Vulnerability
  30. How to pick image for crop from camera or gallery in Android 7.0?

Leave a Comment