0

I'm running into a bug in Ion that koush (the lead dev) thinks may be related to CloudFlare's use of SNI. The bug was reported here: https://github.com/koush/ion/issues/559

I'm looking for a workaround that can deal with CloudFlare Free SSL (Android's HttpClient also fails; though I'm not sure if it is for the same reason).

Ideally, I'd like to just use a workaround working with Ion, but if you know of another library or method to send and receive data over a CloudFlare Free SSL connection I'll gladly use it instead!

So, do you know of any workarounds to this bug?

David Murdoch
  • 87,823
  • 39
  • 148
  • 191
  • It appears you do need SNI to connect to some of these addresses. Are you able to try and check the network connection with Wireshark to see if the `ClientHello` packet contains a `server_name` even when it fails? Have you considered [HttpClient for Android](https://hc.apache.org/httpcomponents-client-4.3.x/android-port.html) (not necessarily the one bundled with Android)? – Bruno Jun 25 '15 at 23:47
  • Ion works with these URLs on an Android 5.1.1 emulator, but not on my Nexus 7 w/ Android 5.1.1; so I don't know if Wireshark will help here. I tried HttpClient for Android, as you suggested, and it fails the handshake as well (but on both the emulator and hardware). – David Murdoch Jun 26 '15 at 20:00
  • It might take a bit more work and tweaking with an access point for example, but you should be able to inspect the traffic coming out of your phone with Wireshark or similar tools. Does the handshake fail with HttpClient for Android for the same reason, or is it a certificate issue, for example? – Bruno Jun 26 '15 at 21:22

1 Answers1

1

You can disable the middleware that causes the problem by putting the following in your Application.onCreate method.

 Ion.getDefault(getContext()).getConscryptMiddleware().enable(false);

The bug is only in Google Play Services conscrypt. Remove that line at a later time once GPS updates.

The downside of disabling conscrypt is that it also disables SPDY support on older platforms and that it is also a newer, more secure, updated SSL stack.

Source

David Murdoch
  • 87,823
  • 39
  • 148
  • 191