Android Question SSL Not Supported

aaronk

Well-Known Member
Licensed User
Longtime User
Hi,

I am connecting to a TCP device in the field, and it uses an older version of SSL.

I used the following code:

B4X:
Dim so As Socket
so.InitializeSSLAcceptAll("so")
Dim r As Reflector
r.Target = so 'socket variable
r.Target = r.GetField("socket")
r.RunMethod4("setEnabledProtocols", Array(Array As String("TLSv1", "SSLv3")), _
Array As String("[Ljava.lang.String;"))
so.Connect(IP, port,5000)

wait for so_Connected (Successful As Boolean)
Log(Successful)

When I run this code it works fine (has worked fine for over 8 or so years).

Now all of a sudden it has stopped working.

The error I am getting is:
java.lang.IllegalArgumentException: protocol SSLv3 is not supported

I am testing this on a Pixel 8, running Android 14. (Security update 5 August 2024).

I am not sure if it's related to an Android OS update (or security patch) causing it to not work, or if I need to change something in my code to make it work?
 

JohnC

Expert
Licensed User
Longtime User
ChatGPT says:

In B4A code, the use of "SSLv3" in the setEnabledProtocols method is generally discouraged due to SSLv3 being considered insecure. SSLv3 has known vulnerabilities, such as the POODLE attack, which led to it being deprecated by most platforms in favor of more secure protocols like TLS 1.2 and TLS 1.3.

In modern applications, you should avoid using "SSLv3" and instead only enable TLS versions (preferably TLS 1.2 or above).

You can modify your code to:

B4X:
r.RunMethod4("setEnabledProtocols", Array(Array As String("TLSv1.2", "TLSv1.3")), Array As String("[Ljava.lang.String;"))
This enables only the more secure TLS protocols. Always check which versions are supported by the server you're connecting to, but SSLv3 is almost universally disabled in secure environments.
 
Upvote 0

aaronk

Well-Known Member
Licensed User
Longtime User
It looks like Android 14 no longer supports SSLv3
Strange it had been working fine with Android 14 and only in the past few days it stopped working.
My Pixel 8 had Android 14 installed since I got it (last year) and it worked fine with the app.

I seem to be getting quite a few people email me in the last few days starting to complain that it only recently stopped for them as well.

I think there must have been some type of minor OS update for Android 14 that removed SSLv3 in the past week.
 
Upvote 0

Alex_197

Well-Known Member
Licensed User
Longtime User
Maybe the SSL has been updated?
 
Upvote 0

aaronk

Well-Known Member
Licensed User
Longtime User
The SSL hasn't been updated in the device in the field, but it will now need to be updated to make it work.

I just wanted to make sure there wasn't something in the app I could fix rather than having to update many devices in the field.
 
Upvote 0

aaronk

Well-Known Member
Licensed User
Longtime User
Worth adding the clearText macro
I added the following to the manifest:
(I assume that is how to do what you are suggesting?)

B4X:
SetApplicationAttribute(android:usesCleartextTraffic, "true")

But it still reports an error: java.lang.IllegalArgumentException: protocol SSLv3 is not supported

I think the only way forward is to update the device in the field to the newer SSL. From what I can see there isn't really anything I can do in the app to make it work.
 
Upvote 0
Cookies are required to use this site. You must accept them to continue using the site. Learn more…