Petr,
Thank you for the references and example on how to configure SSL/TLS.
This is clear and should be very helpful.
The exception stack trace is attached for an Android 5 device. I do not
find it illuminating.
I am not sure how to run Android Studio to pass the option
-Djavax.net.debug=all
I have enabled the client trace
client.getProperties().put(ClientProperties.LOG_HTTP_UPGRADE, true);
but unfortunately this prints to standard output, which I can read on an
Android 4.4 device (which connects), but not on Android 5 (SSL handshake
failure).
http://stackoverflow.com/q/26535287/4107809
So far merely changing the TLS values on the client has not helped.
There are some reports that particular cipher suites are cause problems,
I will try changing which are enabled and report back if I make further
progress.
https://code.google.com/p/android/issues/detail?id=81603
Thanks again,
Matt
On 01/17/2015 09:31 AM, Petr Janouch wrote:
> Hi Matt,
>
> first could you send the entire Exception? The Deployment exception is
> just a wrapper and its cause should tell as more.
>
> If the exception stack trace does not clarify the problem, you can run
> your client with -Djavax.net.debug=all and it will print a detailed
> SSL debug output. This output might tell you what went wrong. If it
> does not, post it here and I will have a look at it (Just make sure it
> does not contain any information you don't want us to see ;) ).
>
> You can refer to Tyrus documentation where it is shown how o configure
> ssl on the client:
> https://tyrus.java.net/documentation/1.9/user-guide.html#d0e1128
> The link shows how to use the ClientProperties.SSL_ENGINE_CONFIGURATOR
> and classes SslContextConfigurator and SslEngineConfigurator to
> configure SSL. You should not use WLS_SSL_PROTOCOLS_PROPERTY, it is an
> internal API and therefore it is not documented.
>
> About how to configure protocols. This page contains the standard
> names of protocols and cipher suites:
> http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#jssenames
> Those are the names that are expected in SslEngineConfigurator methods
> parameters.
>
> Here is a modified sample from the documentation that configures Tyrus
> client to use SSL TLS 1 and TLS 1.1 and also prints the result and the
> information which protocols are supported on your platform:
>
> final ClientManager client = createClient();
> final SslContextConfigurator defaultConfig = new
> SslContextConfigurator();
>
> defaultConfig.retrieve(System.getProperties());
> // or setup SSLContextConfigurator using its API.
>
> SslEngineConfigurator sslEngineConfigurator =
> new SslEngineConfigurator(defaultConfig, true,
> false, false);
>
> sslEngineConfigurator.setEnabledProtocols(new
> String[]{"TLSv1", "TLSv1.1"});
> // the specified protocols must be supported by the
> platform, so just to check:
> SSLEngine sslEngine =
> sslEngineConfigurator.createSSLEngine("whatever");
>
> System.out.println("Suported: ");
> for (String s : sslEngine.getSupportedProtocols()) {
> System.out.println(s);
> }
>
> System.out.println("Enabled: ");
> for (String s : sslEngine.getEnabledProtocols()) {
> System.out.println(s);
> }
>
> client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR,
> sslEngineConfigurator);
>
> Hope this will help.
> Petr
>
> On Jan 17, 2015, at 12:43 AM, Matthew Mah wrote:
>
>> Could you please elaborate on how this can be done?
>>
>> From the documentation,
>> https://tyrus.java.net/apidocs/1.9/org/glassfish/tyrus/client/ClientManager.htm
>>
>> I am not sure whether to set WLS_SSL_PROTOCOLS_PROPERTY or the
>> ClientProperties.SSL_ENGINE_CONFIGURATOR. It is also not apparent
>> what String or array of Strings to use.
>>
>> https://tyrus.java.net/apidocs/1.9/org/glassfish/tyrus/client/SslEngineConfigurator.html#setEnabledProtocols(java.lang.String[])
>>
>> Thanks,
>> Matt
>>
>> On 01/16/2015 05:59 PM, Salatiel Filho wrote:
>>>
>>> Try disable tlsv1.2 And check if it works.
>>>
>>> On Jan 16, 2015 5:04 PM, "Matthew Mah" <matthew.y.mah_at_gmail.com
>>> <mailto:matthew.y.mah_at_gmail.com>> wrote:
>>>
>>> I am encountering problems connecting Android 5.0 using the
>>> tyrus websocket to either nginx or tomcat servers using a secure
>>> websocket.
>>>
>>> javax.websocket.DeploymentException: SSL handshake has failed
>>>
>>> The code works fine for Android 4.4 , so I think this is related
>>> to the SSL changes in Android 5.0:
>>> http://developer.android.com/about/versions/android-5.0-changes.html#ssl
>>>
>>> Is there a way I can tell what exactly is failing? I am not sure
>>> whether its a problem with the certificate or with the TLS
>>> protocol or the cipher suites available.
>>>
>>> Thanks,
>>> Matt
>>>
>>
>