You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After the Conscrypt Mainline module auto-updated to version 361331440 (delivered via Google Play System Update on April 5, 2026), all TLS connections stall for approximately 30 seconds on app cold start. The issue affects every HTTPS request — including simple HEAD requests to connectivitycheck.gstatic.com — ruling out any server-side cause.
The issue does not occur on a device with the older Conscrypt version 361153320.
Environment
Affected device (reproduces):
Fairphone 6 (FP6), Android 16 (API 36)
Build: FP6.QREL.16.48.0
Security patch: 2026-02-05
Conscrypt module: 361331440 (updated 2026-04-05)
Control device (works fine):
Pixel 7 (panther), Android 16 (API 36)
Build: CP1A.260305.018
Security patch: 2026-03-05
Conscrypt module: 361153320
App environment:
React Native 0.81.5 (Expo SDK 54)
OkHttp (bundled with React Native)
targetSdkVersion 36
Steps to Reproduce
Have a device with Conscrypt version 361331440 (delivered via April 2026 Google Play System Update)
Cold-start the app
Observe that all HTTPS connections (fetch/OkHttp) fail or hang for ~10-15 up to 30 seconds before succeeding
Every probe — including HEAD requests to Google's own connectivity check endpoint — aborts after 5 seconds (JS-side timeout). The underlying tRPC fetch hangs for 30+ seconds before finally completing:
Custom OkHttpClientFactory with 15s connect timeout: no change
❌ Ruled out
HTTP/2 multiplexing
Forced HTTP/1.1 via protocols(listOf(Protocol.HTTP_1_1)): no change
❌ Ruled out
App code regression
No code changes; issue appeared after Conscrypt auto-update
❌ Ruled out
Android OS update
OS build unchanged since Feb; only Conscrypt Mainline module updated April 5
❌ Ruled out
WiFi/network issue
NetInfo reports connected + internetReachable=true; Chrome works fine on same WiFi
❌ Ruled out
DNS resolution
Both IP-based and domain-based requests fail identically
❌ Ruled out
Key Observations
NetInfo (Android ConnectivityManager) reports the network is fully connected and internet-reachable during the entire stall period. The OS network stack is functional.
expo-updates (which uses its own native HTTP client, not OkHttp) successfully downloaded and applied an OTA update during the hang. This confirms the stall is specific to the TLS path used by OkHttp/Conscrypt, not the entire network stack.
The stall duration is consistently ~30 seconds, suggesting a hardcoded timeout or retry interval somewhere in the TLS handshake path.
Cross-App Verification
Tested other apps on the affected Fairphone 6 (Conscrypt 361331440):
Coinbase (React Native, standard OkHttp): hangs on cold start — same behavior as our app
Discord (React Native, custom native networking layer): works fine — consistent with this being an OkHttp/Conscrypt interaction, not a general Android networking issue
This confirms the issue affects any app using OkHttp's default TLS path through Conscrypt, not just our app.
Impact
This affects any Android app using OkHttp (including all React Native apps) on devices that received the Conscrypt 361331440 update. Cold starts are delayed by 30-60+ seconds, making apps appear completely broken to users.
Expected Behavior
TLS connections should establish within normal timeframes (< 1 second on WiFi) on cold start, as they do with Conscrypt version 361153320.
Description
After the Conscrypt Mainline module auto-updated to version
361331440(delivered via Google Play System Update on April 5, 2026), all TLS connections stall for approximately 30 seconds on app cold start. The issue affects every HTTPS request — including simple HEAD requests toconnectivitycheck.gstatic.com— ruling out any server-side cause.The issue does not occur on a device with the older Conscrypt version
361153320.Environment
Affected device (reproduces):
FP6.QREL.16.48.0Control device (works fine):
CP1A.260305.018App environment:
Steps to Reproduce
361331440(delivered via April 2026 Google Play System Update)Evidence
Affected device (Fairphone 6, Conscrypt 361331440)
Every probe — including HEAD requests to Google's own connectivity check endpoint — aborts after 5 seconds (JS-side timeout). The underlying tRPC fetch hangs for 30+ seconds before finally completing:
What We've Ruled Out
protocols(listOf(Protocol.HTTP_1_1)): no changeKey Observations
NetInfo (Android ConnectivityManager) reports the network is fully connected and internet-reachable during the entire stall period. The OS network stack is functional.
expo-updates (which uses its own native HTTP client, not OkHttp) successfully downloaded and applied an OTA update during the hang. This confirms the stall is specific to the TLS path used by OkHttp/Conscrypt, not the entire network stack.
The ntfy app (29.7k GitHub stars) reports an identical issue on Android 16: OkHttp stuck in CONNECTING state while HTTP polling works fine. See: Stuck in CONNECTING state with passed nextRetryTime on Android 16 (SDK 36) binwiederhier/ntfy#1634
The stall duration is consistently ~30 seconds, suggesting a hardcoded timeout or retry interval somewhere in the TLS handshake path.
Cross-App Verification
Tested other apps on the affected Fairphone 6 (Conscrypt
361331440):This confirms the issue affects any app using OkHttp's default TLS path through Conscrypt, not just our app.
Impact
This affects any Android app using OkHttp (including all React Native apps) on devices that received the Conscrypt
361331440update. Cold starts are delayed by 30-60+ seconds, making apps appear completely broken to users.Expected Behavior
TLS connections should establish within normal timeframes (< 1 second on WiFi) on cold start, as they do with Conscrypt version
361153320.