Okhttp: SSLHandshake failed with Android 7

I tested this with a test app on emulator and it fails on Android 7 as you say. With the suggested Spec from here it works https://github.com/square/okhttp/wiki/HTTPS

ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)  
    .tlsVersions(TlsVersion.TLS_1_2)
    .cipherSuites(
          CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
          CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
          CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
    .build();

OkHttpClient client = new OkHttpClient.Builder() 
    .connectionSpecs(Collections.singletonList(spec))
    .build();

However there should be plenty of intersection of supported ciphers between Android 7 and the site, so I'm not clear why only these 3 ciphers makes it work. This is not a satisfying answer.

@swankjesse For my own education, is there an easy way to diagnose these types of issues?

I don't think this is a bug for OkHttp to fix, so closing for now. To get a definite answer I suggest moving the question to stackoverflow. I'm interested in understanding what the right fix between client code and server configuration is.

@yschimke the problem was with the preferred order of the SSL ciphers.
The nginx configuration that didn't work was: #

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

And the working one is:]=

 ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";

I used https://www.ssllabs.com/ssltest to analyze the ssl config.
Regards, Deyan

Just adding, I had this issue with OkHttps, but found the issue wasn't present in 3.0.1 (didn't try other version yet). Did the cipher order change at any point?

Yep, in 3.7 we took away TLS fallback.
https://github.com/square/okhttp/blob/master/CHANGELOG.md

Hi! I have this error with Android 7 and Okhttp 3.14.9. The server has enabled TLSv1.2 and TLSv1.3.

SSLHandshakeException: Handshake failed

Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x837388c0: Failure in SSL library, usually a protocol error
error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0x83588d20:0x00000001)
error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0x9f3d3912:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
... 36 more

So far, I have seen 2 solutions:
1.- ProviderInstaller.installIfNeeded (TLS 1.2 on android 4, but device has Android 7)
2.- https://square.github.io/okhttp/https/
ConnectionSpec spec = new ConnectionSpec.Builder (ConnectionSpec.MODERN_TLS)
.tlsVersions (TlsVersion.TLS_1_2)
.cipherSuites (
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
.build ();

OkHttpClient client = new OkHttpClient.Builder ()
.connectionSpecs (Collections.singletonList (spec))
.build ();

I want to know if there is another way or which is better of the two that I present. Thank you.

@enriquebautista 3.14 is no longer supported. We support 3.12.x for older clients (mainly security fixes) and 4.x for modern clients. Could you verify it's still happening with one of these versions.

Also, this is a better question for stackoverflow, as is this isn't a reproducible bug report that we can take action on.

@yschimke Hi! thanks for the response, i update Okhttp 3.14.9 to 4.8.1 but i have same issue.
So, in the docs:

`OkHttp uses your platform’s built-in TLS implementation. On Java platforms OkHttp also supports Conscrypt, which integrates BoringSSL with Java. OkHttp will use Conscrypt if it is the first security provider:

Security.insertProviderAt(Conscrypt.newProvider(), 1);`

Library:
implementation 'org.conscrypt:conscrypt-android:2.5.0'

and in Application onCreate:
Security.insertProviderAt(Conscrypt.newProvider(), 1);

Works in Android 7 using TLSv1.3!

I want to know if it's the right thing to do, and if I only apply it to a specific api or to the entire app. My application supports at least api 21.

The lines with security provider are for the entire app. Glad it's fixes things.

Correct, but my question is more than anything if it is safe to use it in all versions of Android or only with the version that I have problems. And if this is better than using the ProviderInstaller.installIfNeeded or the ConnectionSpec.
Thanks.

Conscrypt is like bundling a specific version. Provider installer installs an android selected version updated dynamically via the play store. Both of these are good options.