You’re initialising your SSLContext with a null KeyManager array. The key manager is what handles the server certificate (on the server side), and this is what you’re probably aiming to set when using javax.net.ssl.keyStore. However, as described in the JSSE Reference Guide, using null for the first parameter doesn’t do what you seem to think … Read more
This is a known regression in Android 7.0, acknowledged by Google and fixed sometime before the release of Android 7.1.1. Here is the bug report: https://code.google.com/p/android/issues/detail?id=224438. To be clear, the bug here is that 7.0 only supports ONE elliptic curve: prime256v1 aka secp256r1 aka NIST P-256, as Cornelis points out in the question. So if … Read more
In my case it was wrong date on phone. Fixing date resolved an issue
First, you need to obtain the public certificate from the server you’re trying to connect to. That can be done in a variety of ways, such as contacting the server admin and asking for it, using OpenSSL to download it, or, since this appears to be an HTTP server, connecting to it with any browser, … Read more
Finally solved it ;). Got a strong hint here (Gandalfs answer touched a bit on it as well). The missing links was (mostly) the first of the parameters below, and to some extent that I overlooked the difference between keystores and truststores. The self-signed server certificate must be imported into a truststore: keytool -import -alias … Read more
I found the solution for it by analyzing the data packets using wireshark. What I found is that while making a secure connection, android was falling back to SSLv3 from TLSv1 . It is a bug in android versions < 4.4 , and it can be solved by removing the SSLv3 protocol from Enabled Protocols … Read more
The handshake failure could have occurred due to various reasons: Incompatible cipher suites in use by the client and the server. This would require the client to use (or enable) a cipher suite that is supported by the server. Incompatible versions of SSL in use (the server might accept only TLS v1, while the client … Read more