Search code examples
androidxmppasmack

Asmack login issue on Android 5.0 and above

I am facing an asmack SSL connection issue on Android 5.0 and above. I think it's related to security.

I resolved it by disabling following before connecting:

config.setSASLAuthenticationEnabled(false);
config.setSecurityMode(SecurityMode.disabled);

But I do want security enabled. How to resolve it without disabling setSecurityMode?

I looked the changes 5.0 http://developer.android.com/about/versions/android-5.0-changes.html#ssl

But can't find the solution

my logcat is 

02-26 17:28:20.596: W/System.err(23043):   -- caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
02-26 17:28:20.596: W/System.err(23043): javax.net.ssl.SSLHandshakeException: Handshake failed
02-26 17:28:20.596: W/System.err(23043):    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:392)
02-26 17:28:20.601: W/System.err(23043):    at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:652)
02-26 17:28:20.601: W/System.err(23043):    at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:614)
02-26 17:28:20.601: W/System.err(23043): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x9fca9e00: Failure in SSL library, usually a protocol error
02-26 17:28:20.601: W/System.err(23043): error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error (external/openssl/ssl/s23_clnt.c:765 0xaec30bf9:0x00000000)
02-26 17:28:20.601: W/System.err(23043):    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
02-26 17:28:20.601: W/System.err(23043):    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:320)
Solution

  • The problem was 

    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.ICE_CREAM_SANDWICH) {
        config.setTruststoreType("AndroidCAStore");
        config.setTruststorePassword(null);
        config.setTruststorePath(null);
    } else {
        config.setTruststoreType("BKS");
        String path = System.getProperty("javax.net.ssl.trustStore");
        if (path == null)
            path = System.getProperty("java.home") + File.separator
                    + "etc" + File.separator + "security"
                    + File.separator + "cacerts.bks";
        config.setTruststorePath(path);
    }

    With this I was using self signed ssl certificate. It should be resolved by adding ssl certificate on openfire and using it in the app

    [email protected]