Antennapod: SSL problems on 4.4 KitKat

This recently started to appear a few days ago as an issue for me as well.

cm11 (2016-08-15) kitkat 4.4.4, open gapps arm 4.4 nano (2018-09-19), ap 1.6.5

ssl errors only noticed when trying to download episodes of "Here and Now" feed
https://www.npr.org/templates/rss/podcast.php?id=510051

I am able to use the share episode file url to clipboard for streaming (after removing the title portion and leaving just the url) with vlc 3.0.13 just fine on the same device.

I have disabled stock and GC browser, leaving only Fx 62.0.2 as well.

error within ap log shows...

javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x606aef48: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x5d89dd40:0x00000000) 

File URL:
https://play.podtrac.com/npr-510051/npr.mc.tritondigital.com/NPR_510051/media/anon.npr-podcasts/podcast/510051/653408998/npr_653408998.mp3?orgId=1&d=2482&p=510051&story=653408998&t=podcast&e=653408998&ft=pod&f=510051

I started experiencing this error as well on Android 4.4.4 using AntennaPod to download episodes of NPR News Now:
https://www.npr.org/templates/rss/podcast.php?id=500005

The problem comes when AntennaPod tries to establish a TLS connection with the npr.mc.tritondigital.com server, which happens to be the same server @jmichael2497 is reporting a problem with.

I dug into the error using a packet capture, and I found that the problem is that AntennaPod and the server do not have any cipher suites in common, and so the server terminates the connection with a failed TLS handshake. This likely started happening due to a change on the server NPR uses to stream their podcasts, rather than a change in AntennaPod, though it is AntennaPod (or possibly the underlying TLS library AntennaPod is using) that needs to be updated to support more modern TLS cipher suites.

Here are the cipher suites that AntennaPod is offering to the server (according to the packet capture):

Cipher Suites (8 suites)
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
    Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
    Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

And these are the cipher suites the server supports (according to an SSL Labs analysis):

Cipher Suites
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    128

Note that none of the four cipher suites supported by the server are in the list that AntennaPod offers in its TLS Client Hello.

According to SSL Labs, Android 4.4.2 should support three out of those four cipher suites natively. AntennaPod must be doing something special that gives it a different set of supported cipher suites than the KitKat default.

Would a developer please consider adding support for the necessary newer cipher suites in AntennaPod?

We use the predefined set of cipher suites from OkHttp at the moment (because they know far better than me which cipher suites are secure and which are not).
There probably is a newer version that might also include these cipher suites, though.

@mfietz Thanks for the info. I looked into the history of OkHttp, and if I'm reading things correctly, it looks like AntennaPod is currently using 3.9.0:
https://github.com/AntennaPod/AntennaPod/blob/a79c7c0cfc40eaa508344a7c0ebab8697e8c4791/build.gradle#L57

This version already has support for all four of the cipher suites being offered by the NPR server. While it's probably good practice to upgrade to the latest OkHttp, I don't think it will solve this particular issue.

Further research leads me to believe that the discrepancy is due to the fact that Android 4.4 (API 19) actually does not support any of these cipher suites natively, contrary to what I posted earlier. Apparently, SSL Labs' claim that Android 4.4.2 supports these cipher suites is due to the fact that they're testing WebView, which has started to gain more modern TLS support than the underlying Android operating system itself.

There's a relevant Stack Overflow Q&A surrounding OkHttp and Android KitKat here. I don't understand why the name of AntennaPod's private SSLSocketFactory variable should matter, but apparently OkHttp has some hacky voodoo in place that keys in on your variable name and if your variable is named "delegate", it performs extra magic that includes enabling newer cipher suites and TLS protocols on older Android platforms.

This makes it sound like the solution might be as simple as changing this line and any references to this field name:
https://github.com/AntennaPod/AntennaPod/blob/a0543ff09877a5c80344d431744ab2922ccaa1e9/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java#L173

This issue now affects podcasts from kpfa.org. I am using CM11/Android 4.4.4; AntennaPod 1.7.2b.

Also have this issue with AntennaPod 1.7.2b on a Android 4.4.2 device.

two podcast feed affected so far:
Late night linux
The skeptic's Guide to the Universe

If I start downloading an episode from one of those feed, the SLL error 14077410 appear.
If I try listening it online thru AntennaPod. The player start but stays at 0sec and eventually stop working.

The problem is reproduced, and is narrowed down to issues with OkHttp that we don't know if there is any workaround yet.

Reproduced the problem for https://therestartproject.org/feed/podcast, reported by @z3ntu on Android 4.4.2 emulator and an even older 4.1.2 device.

Could not reproduce https://latenightlinux.com/feed/mp3 and https://feed.theskepticsguide.org/feed/rss.aspx?feed=sgu reported by @jackless .

I tried quite a few variation of @blkeller 's suggestion of tweaking CustomSSLSocketFactory but not worked. [*]

Based on an SSL Lab Analysis, there should be a cipher suite that works for https://therestartproject.org/feed/podcast , specifically, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

• For therestartproject.org, see supported ciphers from SSL Labs Analysis.
• I get the list of enabled ciphers on AntennaPod side by calling SSLSocket.getEnabledCipherSuites() in CustomSSLSocketFactory [**]

Conclusion: I believe the issue is due to

1. issues with OkHttp, that the workarounds in [*] do not help;
2. it is backed by that when using plain Android API, with URL.openConnection() rather than OkHttp, the same emulator / device can get the URL. See the gist for sample code.

[*] Fixes tried: I tried quite a few different things but none worked.

1. Followed @blkeller 's suggestion of renaming CustomSSLSocketFactory's private member to delegate
2. Moved CustomSSLSocketFactory from an inner private static class to a top-level public one (in case the delegate hack could not work on inner classes)
3. add SSLv3 to enabled protocols in CustomSSLSocketFactory
4. enable TLSv1.2 protocol only
5. enable TLSv1.0 protocol only
6. Upgrade OkHttp to the latest (supported on Android 4.x): okhttpVersion = "3.12.5" and okioVersion = "1.17.4"

[**] SSLSocket.getEnabledCipherSuites() from AntennaPod's CustomSSLSocketFactory

 SSL_RSA_WITH_RC4_128_SHA 
 TLS_RSA_WITH_AES_128_CBC_SHA 
 TLS_RSA_WITH_AES_256_CBC_SHA 
 TLS_ECDH_ECDSA_WITH_RC4_128_SHA 
 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 
 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
 TLS_ECDH_RSA_WITH_RC4_128_SHA 
 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 
 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 
 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA  <-- also available on therestartproject.org
 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
 TLS_ECDHE_RSA_WITH_RC4_128_SHA 
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 
 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
 TLS_DHE_DSS_WITH_AES_128_CBC_SHA 
 TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
 SSL_RSA_WITH_3DES_EDE_CBC_SHA 
 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 
 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 
 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 
 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 
 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 
 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 
 SSL_RSA_WITH_DES_CBC_SHA 
 SSL_DHE_RSA_WITH_DES_CBC_SHA 
 SSL_DHE_DSS_WITH_DES_CBC_SHA 
 SSL_RSA_EXPORT_WITH_RC4_40_MD5 
 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 
 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 
 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 
 TLS_EMPTY_RENEGOTIATION_INFO_SCSV 

Did you also try this? https://github.com/square/okhttp/issues/4053#issuecomment-402579554

List<CipherSuite> cipherSuites = new ArrayList<>();
cipherSuites.addAll(ConnectionSpec.MODERN_TLS.cipherSuites());
cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);

ConnectionSpec legacyTls = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
    .cipherSuites(cipherSuites.toArray(new CipherSuite[0]))
    .build();

OkHttpClient client = new OkHttpClient.Builder()
    .connectionSpecs(Arrays.asList(legacyTls, ConnectionSpec.CLEARTEXT))
    .build();

@ByteHamster your suggestion worked, and is consistent with the findings. I've also verified it also fixes the #3436 reported by @grizzee.

PR coming.

I'm sorry to report that the issue persists with a few of the podcasts I subscribe to. Error messages:

`javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x58c439b0: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x54631cfc:0x00000000)

File URL:
https://superkultur.dk/wp-content/uploads/2019/09/Superkultur_podcast_03_14159.mp3

javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x590845f8: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x545dacfc:0x00000000)

File URL:
https://traffic.libsyn.com/secure/lostdrivein/Day_of_the_Dead_85_FINAL.mp3?dest-id=1514597

javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x57c0f9a0: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x545dacfc:0x00000000)

File URL:
https://chtbl.com/track/E258G7/traffic.libsyn.com/skeptic/200_Monstertalk.mp3?dest-id=14796`

Somewhat embarrassingly, the first error is with a podcast I co-host, but the last two seem to pertain to Libsyn certficates.

I use the latest F-droid version (1.7.3c) on KitKat 4.4.2

I use the latest F-droid version (1.7.3c) on KitKat 4.4.2

The fix is not yet included in 1.7.3

Holding my breath a little longer then. Thanks!

I just updated to 1.8.0 that showed up in F-Droid a few days ago, and I'm afraid I'm still seeing the same issues from this bug on Android 4.4.

Here's an example feed that won't read at all due to a lack of common cipher suites:
https://extras.show/rss

And this one will load the episode list but won't download any episodes:
https://latenightlinux.com/feed/mp3

The fix depends on closed-source Google libraries that replace your SSL security provider. It is therefore not available on F-Droid, unfortunately. I do not know of any open-source alternative.

OK, that makes sense. Thanks for the clarification.

I guess I'll either switch to the Play Store version, or I'll just leave it as is and use the increasing SSL errors as motivation to finally get my act together and upgrade my version of Android.

I installed version 1.8.0 from F-Droid and am not experiencing the problem now.

FYI for anyone else having this problem: I upgraded from AntennaPod 1.7.something to AntennaPod 1.8.0 from F-Droid, but it did not fix the problem. Certain podcasts failed due to the same SSL error. Then I uninstalled AntennaPod and installed the current version from the Play Store, which is 1.8.1. Those certain podcasts now download successfully. I would certainly prefer to use the F-Droid version, but I guess that's not an option anymore.

Thanks to those who helped fix and work around this problem. It was becoming very frustrating.

FYI for anyone else having this problem: I upgraded from AntennaPod 1.7.something to AntennaPod 1.8.0 from F-Droid, but it did not fix the problem.

f-droid shows v1.8.1 added 2020-02-22

@jmichael2497 According to https://github.com/AntennaPod/AntennaPod/issues/2814#issuecomment-583051675, the F-Droid builds won't have the fix, regardless of version, IIUC.

@blkeller, @alphapapa and anyone else suffering from this and wants to remain free from the proprietary Google services:

I managed to build AntennaPod with a modern security provider (Conscrypt) bundled with the app (through maven like all other dependencies). It solves all problems I was having. This means TLSv1.3 and all modern cipher suites are available on all versions of Android (including 4.4). Without depending on Google services.

Here is my fork (it can be installed and used in parallel with the normal AntennaPod):
Source Code
Latest Release (includes an apk)

I've been testing the app for a few days without any problems. I hope to create a pull request (of the conscrypt_bundle branch). The code changes are minimal but I'm not sure if the idea of bundling conscrypt will be accepted upstream. @ByteHamster how do you feel about my solution of bundling conscrypt with the app itself (for the free/f-droid version)? Should I go ahead and make a pull request?

I took the liberty of making a pull request.

@Slinger Thank you very much for your work on this. I'd be glad to test it, but I'm curious: you say it can co-exist with the official build, but does that mean it shares the same database and settings? Or would I need to export and import the official build's database into your build? If it is shared, what would happen if I accidentally ran both apps at the same time? I do make backups, but I'd like to avoid causing more corruption.

Edit: I see you covered this in your excellently written readme: https://github.com/Slinger/AntennaPod_CryptoBundle#migrating-podcast-data-between-antennapod-and-antennapod-cryptobundle Thank you very much!

Thank you! It's nice to know other people have use for it. I hope more apps will do this to improve the security/protocol situation without relying on the closed google ecosystem.

My dream would be that someone makes an app with a minimal API that offers something similar to google's "ProviderInstaller" (maybe a "ConscrypInstaller"?), which could then be installed and updated through F-Droid. And through it all apps could access a modern Conscrypt (instead of each one having to bundle a copy). Or maybe it'd be possible to replace the provider that comes with the android OS...