Ever since I started using api 26 as my targetSDKVersion, it appears that older versions of Android (Generally 5 and down) can no longer make calls to my server. I don't have an older device to test on, but these are reports that are coming in from users. My minSDKVersion is set to 4. I use the okhttp libraries for the calls, but the switch from http to okhttp was possibly done haphazardly, so I'm not sure if something is clashing somewhere. Does anyone have any idea of what could be causing the problem?
-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
Android Question Server calls not working on Android 5 and lower since api 26
- Thread starter dieterp
- Start date
- Similar Threads Similar Threads
I managed to get the exact error message being thrown: javax.net.ssl.sslpeerunverifiedexception no peer certificate
Does this have to do with using the "HttpUtils2 source code instead of the library and replace hc.Initialize with hc.InitializeAcceptAll", as suggested by Erel?
Does this have to do with using the "HttpUtils2 source code instead of the library and replace hc.Initialize with hc.InitializeAcceptAll", as suggested by Erel?
Upvote
0
I suggest you use this website for testing proper SSL configurations:
https://www.ssllabs.com/ssltest/analyze.html?d=www.websports.co.za&latest
Running that test reveals alot of issues with your server configuration that you need to fix, Biggest being POODLE. So youre vulnerable!
https://www.ssllabs.com/ssltest/analyze.html?d=www.websports.co.za&latest
Running that test reveals alot of issues with your server configuration that you need to fix, Biggest being POODLE. So youre vulnerable!
Upvote
0
Server issues aside, is there a smoking gun amongst those configurations that would cause older versions of Android to have problems uploading to the server?
@DonManfred, I haven't made any changes to httputils2 yet. I first want to establish if this could be server issues
@DonManfred, I haven't made any changes to httputils2 yet. I first want to establish if this could be server issues
Upvote
0
First off, you have to verify that your Certificate Authority is trusted and not expired in older versions of android, Also, you need to check compatible Cipher suites that older versions of android works with.
For example, your Root CA is this:
https://www.xolphin.com/support/FAQ/Transition_from_Comodo_CA_to_Sectigo
That right there is a glaring issue becuase it used to be COMODO. its not anymore, and it changed in 2019. This means older versions of android that are not receiving updates, no longer have a valid Root CA for this company. So any new certificates issued under the new authority will have a broken chain of trust. This right here could very well be your problem.
Otherwise if this is not your issue,
Android 4.X has known SSL issues, and the fixes escape me.
New SDKs also have more strict SSL requirements. The fact that your server responds to SSL V3 in of itself could be a huge issue. Google is known to do crazy things like that.
Once you get your server configured properly, at least get it to a Grade B or better, then you can troubleshoot more easily.
For example, your Root CA is this:
https://www.xolphin.com/support/FAQ/Transition_from_Comodo_CA_to_Sectigo
That right there is a glaring issue becuase it used to be COMODO. its not anymore, and it changed in 2019. This means older versions of android that are not receiving updates, no longer have a valid Root CA for this company. So any new certificates issued under the new authority will have a broken chain of trust. This right here could very well be your problem.
Otherwise if this is not your issue,
Android 4.X has known SSL issues, and the fixes escape me.
New SDKs also have more strict SSL requirements. The fact that your server responds to SSL V3 in of itself could be a huge issue. Google is known to do crazy things like that.
Once you get your server configured properly, at least get it to a Grade B or better, then you can troubleshoot more easily.
Last edited:
Upvote
0
Update: I've resolved the problem by updating the httputils2 source code library in my app, and changing the hc.Initialize part to hc.InitializeAcceptAll. It looks like the SSL certificate was installed correctly on the server, but it's hard to say whether the renewed certificate caused any problems. Either way, everything is on track again. Thanks to all who assisted with this query!
Upvote
0
InitializeAcceptAll is a workaround, it basically approves any SSL clerical errors by forcing the system to bypass the certificate checks.
So it'll accept anything. This can be dangerous if your server for some reason gets taken over, it'll just accept any certificate thrown at it, including self-signed ones.
However, At least it works.
So it'll accept anything. This can be dangerous if your server for some reason gets taken over, it'll just accept any certificate thrown at it, including self-signed ones.
However, At least it works.
Upvote
0
Similar Threads
- Question
- Question
Android Question
Receiving or intercepting SMS Messages in Android 9 not working?
- Question