question

amar avatar image
amar asked sam Deactivated answered

javax.net.ssl.SSLHandshakeException in Production API(https://api.eu.clover.com/v3/merchants) at clover min i

@Chanel I am getting error while accessing production API as:
Error:
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6b98b608: Failure in SSL library, usually a protocol error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x6849cd18:0x00000000)at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:448).

Java Code:(Using OkHttpClient v2.4.0,Retrofit 1.9.0)
RestAdapter.Builder builder = new RestAdapter.Builder();
OkHttpClient client = new OkHttpClient();
builder.setClient(new OkClient(client));
builder.setEndpoint(baseUrl).setLogLevel(RestAdapter.LogLevel.FULL);
RestAdapter adapter = builder.build();
ApiClient apiClient= adapter.create(serviceClass);
apiClient.getMerchantPlanInfo(merchantId, getHeaderAuth(mContext));

I have also tried this with OkHttpClient object:
1)
SSLContext sslContext = SSLContext.getInstance(TlsVersion.TLS_1_2.javaName());
sslContext.init(null, null, null);
setSslSocketFactory(sslContext.getSocketFactory()); // set with client object
2) Using steps given at
https://clover.cloud.answerhub.com/questions/3191/...

https://github.com/square/okhttp/issues/2372 and https://stackoverflow.com/questions/29916962/javax...
Still not working, getting same error.

When I debug to check enabled protocol before execute request I got there are only two protocol (TLSv1 and SSLv3).

So how to fix this? Or this is issue in clover Mini device?
Clover Mini
3 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

amar avatar image amar commented ·

@Sam any suggestion?

0 Likes 0 ·
chanel avatar image chanel commented ·

Hi @Amar, I'm having issues reproducing your error. For instance RestAdapter is for use in Retrofit 1, but you've stated you're using Retrofit 2. I'm having trouble putting the pieces together. Can you provide a more robust code example?

0 Likes 0 ·
amar avatar image amar chanel commented ·

Actually retrofit v1 used, and above code was used to get merchant plan details with merchant id and token. If other info required please mention.

0 Likes 0 ·

1 Answer

sam avatar image
sam Deactivated answered

We've seen in the past with OkHttp/Retrofit where TLS 1.2 on Android 4.1-4.4 is stepped down to SSLv3, which isn't supported on our devices (due to deprecated security).

If you follow these threads, you should be able to resolve this issue:

https://stackoverflow.com/questions/29916962/javax-net-ssl-sslhandshakeexception-javax-net-ssl-sslprotocolexception-ssl-han

https://community.clover.com/questions/3191/getting-sslhandshakeexception-on-production-clover.html

https://github.com/square/okhttp/issues/2372

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community