Handshake failed #46

Schoumi · Apr 2, 2017

I can't connect to the Mastodon instance i use.
I have the message: "This app could not obtain authentication from that server instance"

i have in the adb logcat the following message when i click on the Login with Mastodon button:
I run the app on Android 7.
The server used is https://social.targaryen.house
it use strict tls version, you can see here: https://tls.imirhil.fr/https/social.targaryen.house

04-03 01:11:05.560 1477-1477/com.keylesspalace.tusky W/System.err: javax.net.ssl.SSLHandshakeException: Handshake failed
04-03 01:11:05.561 1477-1477/com.keylesspalace.tusky W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429)
04-03 01:11:05.562 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:267)
04-03 01:11:05.562 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:237)
04-03 01:11:05.562 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:148)
04-03 01:11:05.563 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:186)
04-03 01:11:05.563 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121)
04-03 01:11:05.563 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100)
04-03 01:11:05.564 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
04-03 01:11:05.564 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
04-03 01:11:05.564 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
04-03 01:11:05.565 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
04-03 01:11:05.565 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
04-03 01:11:05.565 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
04-03 01:11:05.566 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
04-03 01:11:05.566 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
04-03 01:11:05.567 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120)
04-03 01:11:05.567 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
04-03 01:11:05.567 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
04-03 01:11:05.568 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:179)
04-03 01:11:05.568 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.RealCall$AsyncCall.execute(RealCall.java:129)
04-03 01:11:05.569 1477-1477/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32)
04-03 01:11:05.569 1477-1477/com.keylesspalace.tusky W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
04-03 01:11:05.569 1477-1477/com.keylesspalace.tusky W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
04-03 01:11:05.570 1477-1477/com.keylesspalace.tusky W/System.err:     at java.lang.Thread.run(Thread.java:776)
04-03 01:11:05.571 1477-1477/com.keylesspalace.tusky W/System.err: 	Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
04-03 01:11:05.572 1477-1477/com.keylesspalace.tusky W/System.err: 		... 24 more
04-03 01:11:05.573 1477-1477/com.keylesspalace.tusky W/System.err: 	Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7646f11a40: Failure in SSL library, usually a protocol error
04-03 01:11:05.574 1477-1477/com.keylesspalace.tusky W/System.err: error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0x76460766e0:0x00000001)
04-03 01:11:05.574 1477-1477/com.keylesspalace.tusky W/System.err: error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0x7657bf2f76:0x00000000)
04-03 01:11:05.574 1477-1477/com.keylesspalace.tusky W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
04-03 01:11:05.575 1477-1477/com.keylesspalace.tusky W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
04-03 01:11:05.575 1477-1477/com.keylesspalace.tusky W/System.err: 		... 23 more
04-03 01:11:05.576 1477-1477/com.keylesspalace.tusky W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7646f11a40: Failure in SSL library, usually a protocol error
04-03 01:11:05.577 1477-1477/com.keylesspalace.tusky W/System.err: error:1000042e:SSL routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION (external/boringssl/src/ssl/s3_pkt.c:610 0x76460766e0:0x00000001)
04-03 01:11:05.577 1477-1477/com.keylesspalace.tusky W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
04-03 01:11:05.577 1477-1477/com.keylesspalace.tusky W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
04-03 01:11:05.578 1477-1477/com.keylesspalace.tusky W/System.err: 	... 23 more

I have investigate more on this issue.
seems that it's an Android 7 issue. I've found this(https://code.google.com/p/android/issues/detail?id=224438), and with a minimum code i reproduce the bug on Android 7 but the same code work on older version (5.1).

Schoumi · Apr 3, 2017

I have investigate more on this issue.
seems that it's an Android 7 issue. I've found this(https://code.google.com/p/android/issues/detail?id=224438), and with a minimum code i reproduce the bug on Android 7 but the same code work on older version (5.1).

Hello,
Same problem with mastodon.xyz instance. I can connect Tusky with a Samsun Galaxy Tab (android 5.0.2) but it's impossible with a Samsung Galaxy III (android 4.4.4).

opitux · Apr 5, 2017

Hello,
Same problem with mastodon.xyz instance. I can connect Tusky with a Samsun Galaxy Tab (android 5.0.2) but it's impossible with a Samsung Galaxy III (android 4.4.4).

Same problem with social.tchncs.de on Android 7 (Honor 8).

SkyzohKey · Apr 5, 2017

Same problem with social.tchncs.de on Android 7 (Honor 8).

Same problem with mastodon.cloud instance.
Cipher configuration at this moment, as reported by ssl-labs:

TLS 1.2 (suites in server-preferred order)

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

TLS 1.1 (suites in server-preferred order)

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

And using an EC key.

kav2k · Apr 6, 2017

Same problem with mastodon.cloud instance.
Cipher configuration at this moment, as reported by ssl-labs:

TLS 1.2 (suites in server-preferred order)

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

TLS 1.1 (suites in server-preferred order)

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

And using an EC key.

I get the same error with Android 4.4.2 on mstdn.io.

Any work-around until there is a proper solution?

ghost · Apr 6, 2017

I get the same error with Android 4.4.2 on mstdn.io.

Any work-around until there is a proper solution?

For mastodon.cloud, the ciphers can be seen at https://tls.imirhil.fr/https/mastodon.cloud

Another instance with issues, mastodon.xyz is not using ECDSA and prefers DHE: https://tls.imirhil.fr/https/mastodon.xyz

For comparison, issue-free mastodon.social: https://tls.imirhil.fr/https/mastodon.social

Common point of failure is not obvious from the configuration; and we have reports from Android 4.4.* as well.

kav2k · Apr 6, 2017

For mastodon.cloud, the ciphers can be seen at https://tls.imirhil.fr/https/mastodon.cloud

Another instance with issues, mastodon.xyz is not using ECDSA and prefers DHE: https://tls.imirhil.fr/https/mastodon.xyz

For comparison, issue-free mastodon.social: https://tls.imirhil.fr/https/mastodon.social

Common point of failure is not obvious from the configuration; and we have reports from Android 4.4.* as well.

Since android 4.3 (API 18) Many evolution has been made on encryption support. But some cipher were only support recently so if the instance you use has a strict tls support (only recent tls and drop weak encryption). Android may not handle this directly. Android 7 (not 7.1) seems to have a particular regression on this part.
I search for a workaround but it may take some times :/

Schoumi · Apr 6, 2017

Since android 4.3 (API 18) Many evolution has been made on encryption support. But some cipher were only support recently so if the instance you use has a strict tls support (only recent tls and drop weak encryption). Android may not handle this directly. Android 7 (not 7.1) seems to have a particular regression on this part.
I search for a workaround but it may take some times :/

I don't want to "promote" an alternative project, but just wanted to add that things worked flawlessly with TootyFruity (android 7.0) while that was a no go with Tusky.
Hoping that could help spot the issue/workaround.

Cheers

rtripault · Apr 6, 2017

I don't want to "promote" an alternative project, but just wanted to add that things worked flawlessly with TootyFruity (android 7.0) while that was a no go with Tusky.
Hoping that could help spot the issue/workaround.

Cheers

Same issue with octodon.social (Android 7.0). As @rtripault suggested, TootyFruity works fine on my instance but Tusky looks way slicker, would love to use it

tbouron · Apr 6, 2017

Same issue with octodon.social (Android 7.0). As @rtripault suggested, TootyFruity works fine on my instance but Tusky looks way slicker, would love to use it

I actually don't have an android 7 device and I haven't gotten an emulator with 7 working, so that makes testing on my part difficult. I could test with 4.4 I suppose?

It's useful to know TootyFruity works, though. Because it indicates there's something Tusky can do to fix it, even on that android version and instance combination.

Vavassor · Apr 6, 2017

I actually don't have an android 7 device and I haven't gotten an emulator with 7 working, so that makes testing on my part difficult. I could test with 4.4 I suppose?

It's useful to know TootyFruity works, though. Because it indicates there's something Tusky can do to fix it, even on that android version and instance combination.

If you could make a build that gives some useful debug information, we'd gladly test it on 7.

kav2k · Apr 6, 2017

If you could make a build that gives some useful debug information, we'd gladly test it on 7.

@Vavassor I thought android studio was shipped with different emulator version, including one for 7.0. isn't the case?

Anyway, I would gladly help, same as @kav2k

tbouron · Apr 6, 2017

@Vavassor I thought android studio was shipped with different emulator version, including one for 7.0. isn't the case?

Anyway, I would gladly help, same as @kav2k

@tbouron It's true, but when I try to use it, it just gives a black screen. I think it has to do with a warning it gives about my CPU possibly not supporting features needed, because it runs through hardware virtualization. And software emulation would be too slow.

Vavassor · Apr 6, 2017

@tbouron It's true, but when I try to use it, it just gives a black screen. I think it has to do with a warning it gives about my CPU possibly not supporting features needed, because it runs through hardware virtualization. And software emulation would be too slow.

Edit: Since these are both seem to be related to failing to connect for too long, and the server closing the (unresponsive) connection, it's possible these are emulator-related?

On an android 4.4 emulator, I seem to be getting two sets of errors.

One is this ConnectException caused by an error ENETUNREACH. This was also what I got from social.targaryen.house, mastodon.cloud, social.tchncs.de, witches.town, social.lu.lt, and mstdn.io.

04-06 22:52:06.886 32358-32358/com.keylesspalace.tusky W/System.err: java.net.ConnectException: Failed to connect to social.tchncs.de/2a00:f820:417::5e51:c752:443
04-06 22:52:06.886 32358-32358/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:222)
04-06 22:52:06.886 32358-32358/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:146)
...
04-06 22:52:06.896 32358-32358/com.keylesspalace.tusky W/System.err: Caused by: java.net.ConnectException: failed to connect to social.tchncs.de/2a00:f820:417::5e51:c752 (port 443) after 10000ms: isConnected failed: ENETUNREACH (Network is unreachable)
04-06 22:52:06.896 32358-32358/com.keylesspalace.tusky W/System.err:     at libcore.io.IoBridge.isConnected(IoBridge.java:223)
04-06 22:52:06.896 32358-32358/com.keylesspalace.tusky W/System.err:     at libcore.io.IoBridge.connectErrno(IoBridge.java:161)
...
04-06 22:52:06.896 32358-32358/com.keylesspalace.tusky W/System.err: Caused by: libcore.io.ErrnoException: isConnected failed: ENETUNREACH (Network is unreachable)
04-06 22:52:06.906 32358-32358/com.keylesspalace.tusky W/System.err:     at libcore.io.IoBridge.isConnected(IoBridge.java:208)

The other is the SSLHandshakeException, which I'm getting from mastodon.xyz and mastodon.social.

04-06 22:47:11.866 32358-32358/com.keylesspalace.tusky W/System.err: javax.net.ssl.SSLException: SSL handshake aborted: ssl=0xb95a7a90: I/O error during system call, Connection reset by peer
04-06 22:47:11.866 32358-32358/com.keylesspalace.tusky W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
04-06 22:47:11.866 32358-32358/com.keylesspalace.tusky W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
...

Oddly, icosahedron.website, awoo.space, and octodon.social work?

Vavassor · Apr 7, 2017

Edit: Since these are both seem to be related to failing to connect for too long, and the server closing the (unresponsive) connection, it's possible these are emulator-related?

On an android 4.4 emulator, I seem to be getting two sets of errors.

One is this ConnectException caused by an error ENETUNREACH. This was also what I got from social.targaryen.house, mastodon.cloud, social.tchncs.de, witches.town, social.lu.lt, and mstdn.io.

04-06 22:52:06.886 32358-32358/com.keylesspalace.tusky W/System.err: java.net.ConnectException: Failed to connect to social.tchncs.de/2a00:f820:417::5e51:c752:443
04-06 22:52:06.886 32358-32358/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:222)
04-06 22:52:06.886 32358-32358/com.keylesspalace.tusky W/System.err:     at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:146)
...
04-06 22:52:06.896 32358-32358/com.keylesspalace.tusky W/System.err: Caused by: java.net.ConnectException: failed to connect to social.tchncs.de/2a00:f820:417::5e51:c752 (port 443) after 10000ms: isConnected failed: ENETUNREACH (Network is unreachable)
04-06 22:52:06.896 32358-32358/com.keylesspalace.tusky W/System.err:     at libcore.io.IoBridge.isConnected(IoBridge.java:223)
04-06 22:52:06.896 32358-32358/com.keylesspalace.tusky W/System.err:     at libcore.io.IoBridge.connectErrno(IoBridge.java:161)
...
04-06 22:52:06.896 32358-32358/com.keylesspalace.tusky W/System.err: Caused by: libcore.io.ErrnoException: isConnected failed: ENETUNREACH (Network is unreachable)
04-06 22:52:06.906 32358-32358/com.keylesspalace.tusky W/System.err:     at libcore.io.IoBridge.isConnected(IoBridge.java:208)

The other is the SSLHandshakeException, which I'm getting from mastodon.xyz and mastodon.social.

04-06 22:47:11.866 32358-32358/com.keylesspalace.tusky W/System.err: javax.net.ssl.SSLException: SSL handshake aborted: ssl=0xb95a7a90: I/O error during system call, Connection reset by peer
04-06 22:47:11.866 32358-32358/com.keylesspalace.tusky W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
04-06 22:47:11.866 32358-32358/com.keylesspalace.tusky W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
...

Oddly, icosahedron.website, awoo.space, and octodon.social work?

I post it here because it could help other instance administrators. A friend found this on stackoverflow and it solved the issue for my instance aleph.land.

Madeorsk · Apr 7, 2017

I post it here because it could help other instance administrators. A friend found this on stackoverflow and it solved the issue for my instance aleph.land.

@Madeorsk Back when I was on Android 7.0, I couldn't login to my Nextcloud server.

Replacing ssl_ecdh_curve secp384r1; with ssl_ecdh_curve prime256v1; solved the issue for me.

Indeed with apps like Tusky or Nextcloud, we're using the SSL toolkit from the OS, whereas on a browser we're using the browser's.

And Google decided to remove curves > P-256 on Android 7.0, because why not. On Android 7.1, it's back.

So I don't think the tusky dev can provide any fix, just ask your admin to use a 256 bits ECDH curve.

Edit : Note that this will only work if you're using a RSA certificate. If you're using an ECC 384 bits cert the problem will still be here

Angristan · Apr 7, 2017

@Madeorsk Back when I was on Android 7.0, I couldn't login to my Nextcloud server.

Replacing ssl_ecdh_curve secp384r1; with ssl_ecdh_curve prime256v1; solved the issue for me.

Indeed with apps like Tusky or Nextcloud, we're using the SSL toolkit from the OS, whereas on a browser we're using the browser's.

And Google decided to remove curves > P-256 on Android 7.0, because why not. On Android 7.1, it's back.

So I don't think the tusky dev can provide any fix, just ask your admin to use a 256 bits ECDH curve.

Edit : Note that this will only work if you're using a RSA certificate. If you're using an ECC 384 bits cert the problem will still be here

Can't Tusky dev detect connection failure, and then retry with elliptic ciphers explicitly disabled? I am not an Android programmer, but I assume you can specify client cipher preferences for SSL.

I'm fully aware it's a hacky workaround, not a solution, but still it might be worth doing.

kav2k · Apr 7, 2017

Can't Tusky dev detect connection failure, and then retry with elliptic ciphers explicitly disabled? I am not an Android programmer, but I assume you can specify client cipher preferences for SSL.

I'm fully aware it's a hacky workaround, not a solution, but still it might be worth doing.

@kav2k I assume this is not possible because most of us use ECDH-only curves, and if there is the ssl_ecdh_curve parameter on the server side, the client can't use another one

Angristan · Apr 7, 2017

@kav2k I assume this is not possible because most of us use ECDH-only curves, and if there is the ssl_ecdh_curve parameter on the server side, the client can't use another one

@Angristan Fair enough; can you trace the source of this "most used" configuration?

I left a comment on the (sadly closed) Android bug describing the situation, but could not quickly trace the recommended configuration that would explicitly use another EC curve.

kav2k · Apr 7, 2017

@Angristan Fair enough; can you trace the source of this "most used" configuration?

I left a comment on the (sadly closed) Android bug describing the situation, but could not quickly trace the recommended configuration that would explicitly use another EC curve.

Heh, Apache using secp256r1 by default put me on the wrong track yesterday, my bad. Good catch @Angristan~

Komic · Apr 7, 2017

Heh, Apache using secp256r1 by default put me on the wrong track yesterday, my bad. Good catch @Angristan~

Before the handshake, Retrofit is supposed to negotiate the preferred options with the server, so even if there's an unsupported elliptic cipher in the server's preferences it should just choose another it is still okay with.

For the record though, this is Retrofit's CipherSuite default list in preference order. I could broaden compatibility using the list of what Android generally supports (the tables in the middle of the page).

I feel like making servers have to conform to a particular cipher and TLS setup is a bad way to resolve this problem, so I'm really trying to explore every option I have client-side.

Vavassor · Apr 7, 2017

Before the handshake, Retrofit is supposed to negotiate the preferred options with the server, so even if there's an unsupported elliptic cipher in the server's preferences it should just choose another it is still okay with.

For the record though, this is Retrofit's CipherSuite default list in preference order. I could broaden compatibility using the list of what Android generally supports (the tables in the middle of the page).

I feel like making servers have to conform to a particular cipher and TLS setup is a bad way to resolve this problem, so I'm really trying to explore every option I have client-side.

I think I understand more now. Okhttp by default tries its "approved" list of cipher suites, not android's enabled ciphers. So it negotiates with the server and they agree on the elliptic cipher, and they go for the handshake and find out it's not enabled, and there's the exception.

So the fix might just be to use a fallback spec built with ConnectionSpec.Builder.allEnabledCipherSuites instead of the approved list?

Vavassor · Apr 8, 2017

I think I understand more now. Okhttp by default tries its "approved" list of cipher suites, not android's enabled ciphers. So it negotiates with the server and they agree on the elliptic cipher, and they go for the handshake and find out it's not enabled, and there's the exception.

So the fix might just be to use a fallback spec built with ConnectionSpec.Builder.allEnabledCipherSuites instead of the approved list?

Edit I got someone with Android 7.0 to try the below apk. mstdn.io, mastodon.xyz, and octodon.social are fixed, but mastodon.cloud and social.targaryen.house still don't work. It seems to indicate it's down to cipher config selection but I still do have to make a diagnostic apk I think.

I implemented that fix. If anyone with android 7.0 who could try this .apk file for me, it'd be a very helpful.
Tusky-1.1.1-handshake-test-1.apk

If that doesn't work I suppose the next thing to do would be a diagnostic-spitting apk. I really didn't want to ask others to do my debugging, mostly because back-and-forth is slow, but I'm running low options.

Vavassor · Apr 8, 2017

Edit I got someone with Android 7.0 to try the below apk. mstdn.io, mastodon.xyz, and octodon.social are fixed, but mastodon.cloud and social.targaryen.house still don't work. It seems to indicate it's down to cipher config selection but I still do have to make a diagnostic apk I think.

I implemented that fix. If anyone with android 7.0 who could try this .apk file for me, it'd be a very helpful.
Tusky-1.1.1-handshake-test-1.apk

If that doesn't work I suppose the next thing to do would be a diagnostic-spitting apk. I really didn't want to ask others to do my debugging, mostly because back-and-forth is slow, but I'm running low options.

@Vavassor i also lost someone by dropping TLSv1. Is this included in the test apk?

verymilan · Apr 8, 2017

@Vavassor i also lost someone by dropping TLSv1. Is this included in the test apk?

@Vavassor no luck here on unixcorn.xyz

rtripault · Apr 8, 2017

@Vavassor no luck here on unixcorn.xyz

@tchncs In that apk I specify the list TLS1.3, TLS1.2, TLS1.1, TLS1.0 to the ConnectionSpec object, but I'm not sure how it determines which it picks. The table halfway down this page https://developer.android.com/reference/javax/net/ssl/SSLSocket.html indicates that only TLS1.0 is enabled by default on Android 5.0 and above (or as it says it, API level 20+). It's a wild guess, but if they're on one of those older versions it might be checking the list I give against what's enabled, and choosing TLS1.0.

Vavassor · Apr 8, 2017

@tchncs In that apk I specify the list TLS1.3, TLS1.2, TLS1.1, TLS1.0 to the ConnectionSpec object, but I'm not sure how it determines which it picks. The table halfway down this page https://developer.android.com/reference/javax/net/ssl/SSLSocket.html indicates that only TLS1.0 is enabled by default on Android 5.0 and above (or as it says it, API level 20+). It's a wild guess, but if they're on one of those older versions it might be checking the list I give against what's enabled, and choosing TLS1.0.

There's probably a way for me to enable TLS1.1 and TLS1.2 manually, since it is "supported", though.

Vavassor · Apr 8, 2017

There's probably a way for me to enable TLS1.1 and TLS1.2 manually, since it is "supported", though.

Android 7.0 (Galaxy S7)

Server	1.1.0	1.1.1-1
mastodon.social	✔️	✔️
mastodon.xyz	✔️	✔️
social.targaryen.house	❌	❌
unixcorn.xyz	❌	❌
mastodon.cloud	❌	❌
social.tchncs.de	✔️	✔️
mstdn.io	✔️	✔️
witches.town	✔️	✔️

Sadly, it seems that no test case shows improvement. Some servers seemingly implemented workarounds instead.

kav2k · Apr 8, 2017

Android 7.0 (Galaxy S7)

Server	1.1.0	1.1.1-1
mastodon.social	✔️	✔️
mastodon.xyz	✔️	✔️
social.targaryen.house	❌	❌
unixcorn.xyz	❌	❌
mastodon.cloud	❌	❌
social.tchncs.de	✔️	✔️
mstdn.io	✔️	✔️
witches.town	✔️	✔️

Sadly, it seems that no test case shows improvement. Some servers seemingly implemented workarounds instead.

social.tchncs.de is atm at ugly compatible config and not valid in your test. :)
(but it was similar to the mozilla recommended modern config)

verymilan · Apr 8, 2017

social.tchncs.de is atm at ugly compatible config and not valid in your test. :)
(but it was similar to the mozilla recommended modern config)

@kav2k Ah!! I was hoping that wasn't the case but I knew it had happened with social.tchncs.de and this one fairly large french instance I'm forgetting the name of. Thanks for the thoroughness, though.

Vavassor · Apr 8, 2017

@kav2k Ah!! I was hoping that wasn't the case but I knew it had happened with social.tchncs.de and this one fairly large french instance I'm forgetting the name of. Thanks for the thoroughness, though.

@kav2k We can see the 3 servers with failed connection use ECC 384 bits certificates.

Angristan · Apr 8, 2017

@kav2k We can see the 3 servers with failed connection use ECC 384 bits certificates.

Same issue here on https://mastodon.network and Android 7.0

lhall-adexos · Apr 8, 2017

Same issue here on https://mastodon.network and Android 7.0

However, mastodon.network works with 1.1.1-1 test version! We have ourselves a case of improvement.

Cipher settings: https://tls.imirhil.fr/https/mastodon.network

kav2k · Apr 8, 2017

However, mastodon.network works with 1.1.1-1 test version! We have ourselves a case of improvement.

Cipher settings: https://tls.imirhil.fr/https/mastodon.network

@kav2k This is because the web server has DHE ciphers available

Angristan · Apr 8, 2017

@kav2k This is because the web server has DHE ciphers available

On Android 4.4.4 of all the instances mentioned here, I can only connect to octodon.social and social.tchncs.de using v1.1.0 and v1.1.1-1 (and contrary to a comment above, also not aleph.land where I got my account, probably due to different Android version).

Error logs (first for mastodon.social, 2nd for aleph.land): https://pastebin.com/5nC002mQ

fbrausse · Apr 9, 2017

On Android 4.4.4 of all the instances mentioned here, I can only connect to octodon.social and social.tchncs.de using v1.1.0 and v1.1.1-1 (and contrary to a comment above, also not aleph.land where I got my account, probably due to different Android version).

Error logs (first for mastodon.social, 2nd for aleph.land): https://pastebin.com/5nC002mQ

@fbrausse Could you try mstdn.io ?

Angristan · Apr 9, 2017

@fbrausse Could you try mstdn.io ?

@Angristan same with both versions; log from 1.1.1-1: https://gist.github.com/fbrausse/c8e3180dbe6ba05675e02d7b30d905e6

fbrausse · Apr 9, 2017

@Angristan same with both versions; log from 1.1.1-1: https://gist.github.com/fbrausse/c8e3180dbe6ba05675e02d7b30d905e6

@fbrausse Thank you. I enabled DH ciphers with a 4096 bits key. What about now ?

Angristan · Apr 9, 2017

@fbrausse Thank you. I enabled DH ciphers with a 4096 bits key. What about now ?

No luck on 4.4.2.

ghost · Apr 9, 2017

No luck on 4.4.2.

By the way, social.tchncs.de is back to its old tls setup and can be used for comparing again. (i don't have a device to test)

verymilan · Apr 9, 2017

By the way, social.tchncs.de is back to its old tls setup and can be used for comparing again. (i don't have a device to test)

I'm afraid no change on social.tchncs.de with 1.1.1-1

kav2k · Apr 9, 2017

I'm afraid no change on social.tchncs.de with 1.1.1-1

@Angristan Sorry, no luck either.

fbrausse · Apr 9, 2017

@Angristan Sorry, no luck either.

👍 for Android 7.0 and mastadon.cloud.

clayzermk1 · Apr 10, 2017

👍 for Android 7.0 and mastadon.cloud.

social.targaryen.house supports the following curves for ECDH : X25519, P-521, P-384, P-256. So I think it comes from the ECC certificate, and thus the ECDHE-ECDSA cipher suites.

Wonderfall · Apr 10, 2017

social.targaryen.house supports the following curves for ECDH : X25519, P-521, P-384, P-256. So I think it comes from the ECC certificate, and thus the ECDHE-ECDSA cipher suites.

Okay, I made a second test .apk that I'd appreciate if some folks on android 7.0 could try. I've tested on emulators for versions ≤Android 4.4, but if any of those folks would like to confirm my results I'd also like that. It's this .apk direct link or on https://tusky.keylesspalace.com under experimental releases as handshake-test-2.

It outputs connection diagnostics in a window instead where elephant_friend is normally. So any connections that don't work you can copy and paste the results from there. It only shows what the app side of the connection requests, so it has to be compared with what is known about the server from cryptcheck or other tools.

There are instances especially on ≤4.4 where the authentication step succeeds, it redirects to browser, and then the BROWSER gives "secure connection failed". So be aware that is a possibility.

Vavassor · Apr 11, 2017

Okay, I made a second test .apk that I'd appreciate if some folks on android 7.0 could try. I've tested on emulators for versions ≤Android 4.4, but if any of those folks would like to confirm my results I'd also like that. It's this .apk direct link or on https://tusky.keylesspalace.com under experimental releases as handshake-test-2.

It outputs connection diagnostics in a window instead where elephant_friend is normally. So any connections that don't work you can copy and paste the results from there. It only shows what the app side of the connection requests, so it has to be compared with what is known about the server from cryptcheck or other tools.

There are instances especially on ≤4.4 where the authentication step succeeds, it redirects to browser, and then the BROWSER gives "secure connection failed". So be aware that is a possibility.

Works on 4.4.2! :D

ghost · Apr 11, 2017

Works on 4.4.2! :D

Unfortunately doesn't work on tchncs.de 😞

tramtrist · Apr 12, 2017

Unfortunately doesn't work on tchncs.de 😞

Yup!

liathit · Apr 12, 2017

Yup!

No luck either on 7.0 & unixcorn.xyz (no diagnostics displayed)

rtripault · Apr 12, 2017

No luck either on 7.0 & unixcorn.xyz (no diagnostics displayed)

@rtripault Did it give the authentication failure message, or something different? It's supposed to be giving diagnostics if it tries to make any kind of connection at all (more specifically if it creates a socket object). So nothing is puzzling.

Vavassor · Apr 12, 2017

@rtripault Did it give the authentication failure message, or something different? It's supposed to be giving diagnostics if it tries to make any kind of connection at all (more specifically if it creates a socket object). So nothing is puzzling.

@tramtrist Are you on Android 7 or one of the earlier versions?

Vavassor · Apr 12, 2017

@tramtrist Are you on Android 7 or one of the earlier versions?

Nothing means nothing new:

Android 7.0 on Samsung Galaxy S7. Since the mammoth isn't there it's the correct version, but no dice on any diagnostics.

kav2k · Apr 12, 2017

Nothing means nothing new:

Android 7.0 on Samsung Galaxy S7. Since the mammoth isn't there it's the correct version, but no dice on any diagnostics.

@rtripault Interestingly enough, it works for me with mastodon.xyz - no reaction at first (no dreaded "Failed authentication") for several seconds, then it redirects to OAuth. I guess that's the workaround working.

No diagnostics at any point though. Including .xyz, and social.tchncs.de

(Ooops, I misread - you were trying unixcorn.xyz, not mastodon.xyz)

kav2k · Apr 12, 2017

@rtripault Interestingly enough, it works for me with mastodon.xyz - no reaction at first (no dreaded "Failed authentication") for several seconds, then it redirects to OAuth. I guess that's the workaround working.

No diagnostics at any point though. Including .xyz, and social.tchncs.de

(Ooops, I misread - you were trying unixcorn.xyz, not mastodon.xyz)

@Vavassor similar message as from @kav2k screenshot (authentication failure with the instance)

rtripault · Apr 12, 2017

@Vavassor similar message as from @kav2k screenshot (authentication failure with the instance)

Android 7 and exactly the same result as kav2k

tramtrist · Apr 12, 2017

Android 7 and exactly the same result as kav2k

Having seen that release 1.1.2 didn't solve this, I tried your handshake-test-2.apk too and got the same results with my instance https://bunyip.space. Same generic message "Failed authenticating with that instance."

Has anyone at least isolated what is working and what is not? As instance admin, maybe I can implement some workaround?

sjpickup · Apr 14, 2017

Having seen that release 1.1.2 didn't solve this, I tried your handshake-test-2.apk too and got the same results with my instance https://bunyip.space. Same generic message "Failed authenticating with that instance."

Has anyone at least isolated what is working and what is not? As instance admin, maybe I can implement some workaround?

@sjpickup Vavassor#46 (comment)

Angristan · Apr 14, 2017

@sjpickup Vavassor#46 (comment)

@sjpickup I took a look at the instance through https://tls.imirhil.fr/https/bunyip.space and it only has cipher suites with elliptic curves (ECDHE). There isn't anything I can do short of shipping my own SSL implementation, which I won't do. Changing the server config to user secp256r1 as the elliptic curve or using a lower-security cipher would fix it, but that's a bit extreme.

Vavassor · Apr 14, 2017

@sjpickup I took a look at the instance through https://tls.imirhil.fr/https/bunyip.space and it only has cipher suites with elliptic curves (ECDHE). There isn't anything I can do short of shipping my own SSL implementation, which I won't do. Changing the server config to user secp256r1 as the elliptic curve or using a lower-security cipher would fix it, but that's a bit extreme.

https://mastodon.cloud/users/TheAdmin/updates/131473 Also, mastodon.cloud's admin made an announcement regarding this problem.

Vavassor · Apr 14, 2017

https://mastodon.cloud/users/TheAdmin/updates/131473 Also, mastodon.cloud's admin made an announcement regarding this problem.

BTW, prime256v1 (=secp256r1) is still secure. it's better than a 4096 bits DH key, so no worries...

Angristan · Apr 14, 2017

BTW, prime256v1 (=secp256r1) is still secure. it's better than a 4096 bits DH key, so no worries...

Will keep using tooty fruity for now I suppose

tramtrist · Apr 16, 2017

Will keep using tooty fruity for now I suppose

Still affected on Android 7.0 with the 1.1.2 tusky version (my instance is https://mastodonti.co)

elvisangelaccio · Apr 18, 2017

Still affected on Android 7.0 with the 1.1.2 tusky version (my instance is https://mastodonti.co)

FYI https://mastodon.social/@Tusky/2568936

Angristan · Apr 18, 2017

FYI https://mastodon.social/@Tusky/2568936

The same message appears on alien dalvik (jolla sailfish os). The instance I've tried with is funcitonal.cafe, while mastodon.technology works without any issues.

ivan-cukic · Apr 22, 2017

The same message appears on alien dalvik (jolla sailfish os). The instance I've tried with is funcitonal.cafe, while mastodon.technology works without any issues.

It seems that some Mastodon instances simply have too strict cipher suite, supported only by TLS 1.2 and new enough OpenSSL (or other SSL library).

Example: niu.moe
Cipher suites available on this instance (via Observatory by Mozilla):

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256

Here is diff produced by comparing cipher suites outputted by Mozilla SSL Configuration Generator: https://www.diffchecker.com/dtqucpek (version on the left side is for intermediate mode, which is supported by Android 2.3+ and the right one is supported by Android 5.0+).

The solution is to edit cipher suites list in web server configuration to include ciphers supported by older Android versions: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29

BluRaf · Apr 23, 2017

It seems that some Mastodon instances simply have too strict cipher suite, supported only by TLS 1.2 and new enough OpenSSL (or other SSL library).

Example: niu.moe
Cipher suites available on this instance (via Observatory by Mozilla):

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256

Here is diff produced by comparing cipher suites outputted by Mozilla SSL Configuration Generator: https://www.diffchecker.com/dtqucpek (version on the left side is for intermediate mode, which is supported by Android 2.3+ and the right one is supported by Android 5.0+).

The solution is to edit cipher suites list in web server configuration to include ciphers supported by older Android versions: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29

Tusky 1.2 is working fine for me now that I've got Android 7.1, at least on https://bunyip.space.

sjpickup · Apr 23, 2017

Tusky 1.2 is working fine for me now that I've got Android 7.1, at least on https://bunyip.space.

@BluRaf @ivan-cukic @elvisangelaccio @tramtrist could someone please test it with 1.2 please?

charlag · Nov 6, 2017

@BluRaf @ivan-cukic @elvisangelaccio @tramtrist could someone please test it with 1.2 please?

I can't test anymore as I have since upgraded to Android 7.1.1, which is not affected by the issue.

elvisangelaccio · Nov 6, 2017

I can't test anymore as I have since upgraded to Android 7.1.1, which is not affected by the issue.

Mstdn.io works.

ghost · Nov 6, 2017

Mstdn.io works.

I guess I will close this because we don't hear any complains now and no one is working on this. Thanks for testing.

charlag · Nov 11, 2017

I guess I will close this because we don't hear any complains now and no one is working on this. Thanks for testing.

Vavassor added the bug label Apr 6, 2017

Vavassor referenced this issue Apr 9, 2017
Closed
f-droid repo out of date #6

alerque referenced this issue Apr 12, 2017
Closed
It doesn't connect to mastodon.cloud server #131

Angristan referenced this issue in tootsuite/mastodon Apr 12, 2017
Closed
Add CHACHA, revert ECDH curve #948

BluRaf referenced this issue Apr 22, 2017
Closed
Handshake failed [pre-Lollipop/Kitkat Watch] #221

Vavassor referenced this issue Jun 18, 2017
Closed
Images not loading (avatars and media) #198

Vavassor added a commit that referenced this issue Jul 6, 2017

Adds or updates Bouncy Castle as a security provider. A possible fix …
…for alleviating issues with connections (issue #46 in particular).

74e3958

charlag closed this Nov 11, 2017

charlag referenced this issue Nov 12, 2017
Closed
Support TLS 1.1 and 1.2 for old android versions #448

Xananax referenced this issue Jan 3, 2018
Closed
Failed authenticating with that instance #348

tuskyapp/Tusky

Join GitHub today

Handshake failed #46

Comments

Schoumi commented Apr 2, 2017

This comment has been minimized.

Schoumi commented Apr 3, 2017

This comment has been minimized.

opitux commented Apr 5, 2017

This comment has been minimized.

SkyzohKey commented Apr 5, 2017

This comment has been minimized.

TLS 1.2 (suites in server-preferred order)

TLS 1.1 (suites in server-preferred order)

kav2k commented Apr 6, 2017

TLS 1.2 (suites in server-preferred order)

TLS 1.1 (suites in server-preferred order)

This comment has been minimized.

ghost commented Apr 6, 2017

This comment has been minimized.

kav2k commented Apr 6, 2017

This comment has been minimized.

Schoumi commented Apr 6, 2017

This comment has been minimized.

rtripault commented Apr 6, 2017

This comment has been minimized.

tbouron commented Apr 6, 2017

This comment has been minimized.

Vavassor commented Apr 6, 2017

This comment has been minimized.

kav2k commented Apr 6, 2017

This comment has been minimized.

tbouron commented Apr 6, 2017

This comment has been minimized.

Vavassor commented Apr 6, 2017

Vavassor added the bug label Apr 6, 2017

This comment has been minimized.

Vavassor commented Apr 7, 2017 • edited Edited 1 time Vavassor edited Apr 8, 2017 (most recent)

This comment has been minimized.

Madeorsk commented Apr 7, 2017

This comment has been minimized.

Angristan commented Apr 7, 2017 • edited Edited 1 time Angristan edited Apr 14, 2017 (most recent)

This comment has been minimized.

kav2k commented Apr 7, 2017 • edited Edited 1 time kav2k edited Apr 7, 2017 (most recent)

This comment has been minimized.

Angristan commented Apr 7, 2017

This comment has been minimized.

kav2k commented Apr 7, 2017

This comment has been minimized.

Komic commented Apr 7, 2017

This comment has been minimized.

Vavassor commented Apr 7, 2017

This comment has been minimized.

Vavassor commented Apr 8, 2017

This comment has been minimized.

Vavassor commented Apr 8, 2017 • edited Edited 1 time Vavassor edited Apr 8, 2017 (most recent)

This comment has been minimized.

verymilan commented Apr 8, 2017

This comment has been minimized.

rtripault commented Apr 8, 2017

This comment has been minimized.

Vavassor commented Apr 8, 2017

This comment has been minimized.

Vavassor commented Apr 8, 2017

This comment has been minimized.

kav2k commented Apr 8, 2017

This comment has been minimized.

verymilan commented Apr 8, 2017 • edited Edited 1 time verymilan edited Apr 8, 2017 (most recent)

This comment has been minimized.

Vavassor commented Apr 8, 2017

This comment has been minimized.

Angristan commented Apr 8, 2017

This comment has been minimized.

lhall-adexos commented Apr 8, 2017

This comment has been minimized.

kav2k commented Apr 8, 2017 • edited Edited 1 time kav2k edited Apr 8, 2017 (most recent)

This comment has been minimized.

Angristan commented Apr 8, 2017

This comment has been minimized.

fbrausse commented Apr 9, 2017 • edited Edited 1 time fbrausse edited Apr 9, 2017 (most recent)

Vavassor commented Apr 7, 2017 •

edited

Edited 1 time

Vavassor edited Apr 8, 2017 (most recent)

Angristan commented Apr 7, 2017 •

edited

Edited 1 time

Angristan edited Apr 14, 2017 (most recent)

kav2k commented Apr 7, 2017 •

edited

Edited 1 time

kav2k edited Apr 7, 2017 (most recent)

Vavassor commented Apr 8, 2017 •

edited

Edited 1 time

Vavassor edited Apr 8, 2017 (most recent)

verymilan commented Apr 8, 2017 •

edited

Edited 1 time

verymilan edited Apr 8, 2017 (most recent)

kav2k commented Apr 8, 2017 •

edited

Edited 1 time

kav2k edited Apr 8, 2017 (most recent)

fbrausse commented Apr 9, 2017 •

edited

Edited 1 time

fbrausse edited Apr 9, 2017 (most recent)

verymilan commented Apr 9, 2017 •

edited

Edited 1 time

verymilan edited Apr 9, 2017 (most recent)

Wonderfall commented Apr 10, 2017 •

edited

Edited 1 time

Wonderfall edited Apr 12, 2017 (most recent)