K-9: SSLHandshakeException after update to Android 7.0
Expected behavior
Email should be fetched.
Actual behavior
Getting SSLHandshakeException and started to get it after updating to Android 7.0 on OnePlus 3, it works using the Gmail client so seems to be related to the k9 client. The cert is also a ECDSA certificate from Let's Encrypt.
01-27 10:34:22.758 23033-23050/? E/k9: Failed to login, closing connection for conn112983937
01-27 10:34:22.760 23033-23050/? E/k9: IOException for [email protected]:INBOX/MessagingController/conn112983937
javax.net.ssl.SSLHandshakeException: Handshake failed
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:682)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:644)
at com.fsck.k9.mail.store.imap.ImapConnection.setUpStreamsAndParserFromSocket(ImapConnection.java:228)
at com.fsck.k9.mail.store.imap.ImapConnection.open(ImapConnection.java:114)
at com.fsck.k9.mail.store.imap.ImapConnection.sendCommand(ImapConnection.java:640)
at com.fsck.k9.mail.store.imap.ImapConnection.executeSimpleCommand(ImapConnection.java:623)
at com.fsck.k9.mail.store.imap.ImapConnection.executeSimpleCommand(ImapConnection.java:612)
at com.fsck.k9.mail.store.imap.ImapFolder.executeSimpleCommand(ImapFolder.java:109)
at com.fsck.k9.mail.store.imap.ImapFolder.internalOpen(ImapFolder.java:145)
at com.fsck.k9.mail.store.imap.ImapFolder.open(ImapFolder.java:114)
at com.fsck.k9.controller.MessagingController.synchronizeMailboxSynchronous(MessagingController.java:845)
at com.fsck.k9.controller.MessagingController$9.run(MessagingController.java:739)
at com.fsck.k9.controller.MessagingController.runInBackground(MessagingController.java:204)
at com.fsck.k9.controller.MessagingController.access$000(MessagingController.java:115)
at com.fsck.k9.controller.MessagingController$1.run(MessagingController.java:173)
at java.lang.Thread.run(Thread.java:761)
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7f32ac49c0: Failure in SSL library, usually a protocol error
error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0x7f30ff7f80:0x00000001)
error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0x7f6acbdf76:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
... 16 more
01-27 10:34:22.763 23033-23050/? E/k9: synchronizeMailbox
com.fsck.k9.mail.MessagingException: IO Error
at com.fsck.k9.mail.store.imap.ImapFolder.ioExceptionHandler(ImapFolder.java:1366)
at com.fsck.k9.mail.store.imap.ImapFolder.internalOpen(ImapFolder.java:163)
at com.fsck.k9.mail.store.imap.ImapFolder.open(ImapFolder.java:114)
at com.fsck.k9.controller.MessagingController.synchronizeMailboxSynchronous(MessagingController.java:845)
at com.fsck.k9.controller.MessagingController$9.run(MessagingController.java:739)
at com.fsck.k9.controller.MessagingController.runInBackground(MessagingController.java:204)
at com.fsck.k9.controller.MessagingController.access$000(MessagingController.java:115)
at com.fsck.k9.controller.MessagingController$1.run(MessagingController.java:173)
at java.lang.Thread.run(Thread.java:761)
Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:682)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:644)
at com.fsck.k9.mail.store.imap.ImapConnection.setUpStreamsAndParserFromSocket(ImapConnection.java:228)
at com.fsck.k9.mail.store.imap.ImapConnection.open(ImapConnection.java:114)
at com.fsck.k9.mail.store.imap.ImapConnection.sendCommand(ImapConnection.java:640)
at com.fsck.k9.mail.store.imap.ImapConnection.executeSimpleCommand(ImapConnection.java:623)
at com.fsck.k9.mail.store.imap.ImapConnection.executeSimpleCommand(ImapConnection.java:612)
at com.fsck.k9.mail.store.imap.ImapFolder.executeSimpleCommand(ImapFolder.java:109)
at com.fsck.k9.mail.store.imap.ImapFolder.internalOpen(ImapFolder.java:145)
at com.fsck.k9.mail.store.imap.ImapFolder.open(ImapFolder.java:114)
at com.fsck.k9.controller.MessagingController.synchronizeMailboxSynchronous(MessagingController.java:845)
at com.fsck.k9.controller.MessagingController$9.run(MessagingController.java:739)
at com.fsck.k9.controller.MessagingController.runInBackground(MessagingController.java:204)
at com.fsck.k9.controller.MessagingController.access$000(MessagingController.java:115)
at com.fsck.k9.controller.MessagingController$1.run(MessagingController.java:173)
at java.lang.Thread.run(Thread.java:761)
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7f32ac49c0: Failure in SSL library, usually a protocol error
error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0x7f30ff7f80:0x00000001)
error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0x7f6acbdf76:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
... 16 more
I have SSL2/3 disallowed on the IMAP server (Dovecot) and can't find why the connection fails.
Pretty much the same result for SMTP except it supports a few more ciphers.
Steps to reproduce
- Add account for mail server
- Connection to server fails
Environment
K-9 Mail version: 5.203
Android version: 7.0
Account type (IMAP, POP3, WebDAV/Exchange): IMAP (Dovecot)
BlackVoid
All 5 comments
Maybe this: http://stackoverflow.com/questions/39133437/sslhandshakeexception-handshake-failed-on-android-n-7-0
I don't believe this is a K-9 Mail issue. We're using the platform support for TLS and only disable SSLv3 and some ciphers considered insecure.
cketti
on 27 Jan 2017
Hi
I think I am having the same issue. However I have more evidence that this is some kind of and7 related.
I tried the same account on both lollipop and nougat using the same k9 versions. I do not get ssl error with lollipop device but and7 device cant login to the very same account.
11-18 12:37:08.750 16172 16702 E k9 : Failed to login, closing connection for conn134677455
11-18 12:37:08.751 16172 16702 E k9 : Error while testing settings
11-18 12:37:08.751 16172 16702 E k9 : com.fsck.k9.mail.MessagingException: Unable to connect
11-18 12:37:08.751 16172 16702 E k9 : at com.fsck.k9.mail.store.imap.ImapStore.checkSettings(ImapStore.java:306)
11-18 12:37:08.751 16172 16702 E k9 : at com.fsck.k9.activity.setup.AccountSetupCheckSettings$CheckAccountTask.checkIncoming(AccountSetupCheckSettings.java:494)
11-18 12:37:08.751 16172 16702 E k9 : at com.fsck.k9.activity.setup.AccountSetupCheckSettings$CheckAccountTask.checkServerSettings(AccountSetupCheckSettings.java:464)
11-18 12:37:08.751 16172 16702 E k9 : at com.fsck.k9.activity.setup.AccountSetupCheckSettings$CheckAccountTask.doInBackground(AccountSetupCheckSettings.java:421)
11-18 12:37:08.751 16172 16702 E k9 : at com.fsck.k9.activity.setup.AccountSetupCheckSettings$CheckAccountTask.doInBackground(AccountSetupCheckSettings.java:399)
11-18 12:37:08.751 16172 16702 E k9 : at android.os.AsyncTask$2.call(AsyncTask.java:304)
11-18 12:37:08.751 16172 16702 E k9 : at java.util.concurrent.FutureTask.run(FutureTask.java:237)
11-18 12:37:08.751 16172 16702 E k9 : at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:243)
11-18 12:37:08.751 16172 16702 E k9 : at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
11-18 12:37:08.751 16172 16702 E k9 : at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
11-18 12:37:08.751 16172 16702 E k9 : at java.lang.Thread.run(Thread.java:762)
11-18 12:37:08.751 16172 16702 E k9 : Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
11-18 12:37:08.751 16172 16702 E k9 : at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429)
11-18 12:37:08.751 16172 16702 E k9 : at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:682)
11-18 12:37:08.751 16172 16702 E k9 : at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:644)
11-18 12:37:08.751 16172 16702 E k9 : at com.fsck.k9.mail.store.imap.ImapConnection.setUpStreamsAndParserFromSocket(ImapConnection.java:228)
11-18 12:37:08.751 16172 16702 E k9 : at com.fsck.k9.mail.store.imap.ImapConnection.open(ImapConnection.java:114)
11-18 12:37:08.751 16172 16702 E k9 : at com.fsck.k9.mail.store.imap.ImapStore.checkSettings(ImapStore.java:302)
11-18 12:37:08.751 16172 16702 E k9 : ... 10 more
11-18 12:37:08.751 16172 16702 E k9 : Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7f908f8400: Failure in SSL library, usually a protocol error
11-18 12:37:08.751 16172 16702 E k9 : error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0x7f90947240:0x00000001)
11-18 12:37:08.751 16172 16702 E k9 : error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:800 0x7fa5826253:0x00000000)
11-18 12:37:08.751 16172 16702 E k9 : at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
11-18 12:37:08.751 16172 16702 E k9 : at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
11-18 12:37:08.751 16172 16702 E k9 : ... 15 more
11-18 12:37:08.802 1608 4365 V WindowManager: Relayout Window{6917a01d0 u0 com.fsck.k9/com.fsck.k9.activity.setup.AccountSetupIncoming}: viewVisibility=8 req=1080x1920 WM.LayoutParams{(0,0)(fillxfill) sim=#20 ty=1 fl=#1810100 wanim=0x10303ea needsMenuKey=2 naviIconColor=0}
11-18 12:37:08.803 1608 4365 I WindowManager: Destroying surface Surface(name=com.fsck.k9/com.fsck.k9.activity.setup.AccountSetupIncoming) called by com.android.server.wm.WindowStateAnimator.destroySurface:2849 com.android.server.wm.WindowStateAnimator.destroySurfaceLocked:1079 com.android.server.wm.WindowState.destroyOrSaveSurface:2561 com.android.server.wm.WindowManagerService.tryStartExitingAnimation:3511 com.android.server.wm.WindowManagerService.relayoutWindow:3367 com.android.server.wm.Session.relayoutEx:254 android.view.IWindowSession$Stub.onTransact:407 com.android.server.wm.Session.onTransact:161
11-18 12:37:08.817 1608 10953 V WindowManager: Relayout Window{a44f93bd0 u0 com.fsck.k9/com.fsck.k9.activity.setup.AccountSetupCheckSettings}: viewVisibility=0 req=1026x584 WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#1820002 fmt=-2 wanim=0x10303eb needsMenuKey=2 naviIconColor=0}
11-18 12:37:08.873 1608 10950 D WindowManager: finishDrawingWindow: Window{a44f93bd0 u0 com.fsck.k9/com.fsck.k9.activity.setup.AccountSetupCheckSettings} mDrawState=DRAW_PENDING
11-18 12:37:08.884 1608 3814 D WindowManager: finishDrawingWindow: Window{a44f93bd0 u0 com.fsck.k9/com.fsck.k9.activity.setup.AccountSetupCheckSettings} mDrawState=HAS_DRAWN
gerroon
on 18 Nov 2017
Both devices are using K-9 5.208 from Fdroid.
gerroon
on 18 Nov 2017
Yes, this is expected. SSL crypto in 7.0 is “broken” because it lacks some widely used elliptic curves. You have to upgrade to 7.1.1 or higher.
ArchangeGabriel
on 18 Nov 2017
@ArchangeGabriel
Thanks I will see if any updating resolves the issue.
gerroon
on 19 Nov 2017
Related issues
asbach2
·
3Comments
robsmith11
·
3Comments
j-ed
·
3Comments
BerndErnst
·
3Comments
maltfield
·
3Comments
Most helpful comment
Yes, this is expected. SSL crypto in 7.0 is “broken” because it lacks some widely used elliptic curves. You have to upgrade to 7.1.1 or higher.