SSLHandshakeException: Connection closed by peer

[davidmigloz]

I'm getting this exception from time to time after updating Lock.Android from 2.8.2 to 2.8.3:

Non-fatal Exception: com.auth0.android.authentication.AuthenticationException: Request failed
       at com.auth0.android.request.internal.AuthenticationErrorBuilder.from(AuthenticationErrorBuilder.java:3018)
       at com.auth0.android.request.internal.BaseRequest.onFailure$349ed88b(BaseRequest.java:151)
       at com.squareup.okhttp.Call$AsyncCall.execute(Call.java:185)
       at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
       at java.lang.Thread.run(Thread.java:764)
Caused by com.auth0.android.Auth0Exception: Failed to execute request to https://xxx.eu.auth0.com/delegation
       at com.auth0.android.request.internal.BaseRequest.onFailure$349ed88b(BaseRequest.java:150)
       at com.squareup.okhttp.Call$AsyncCall.execute(Call.java:185)
       at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
       at java.lang.Thread.run(Thread.java:764)
Caused by javax.net.ssl.SSLHandshakeException: Connection closed by peer
       at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(NativeCrypto.java)
       at com.android.org.conscrypt.SslWrapper.doHandshake(SslWrapper.java:374)
       at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:217)
       at com.squareup.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:7192)
       at com.squareup.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
       at com.squareup.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
       at com.squareup.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
       at com.squareup.okhttp.Call.com.squareup.okhttp.internal.http.HttpEngine.connect(Call.java:23281)
       at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:243)
       at com.squareup.okhttp.Call$AsyncCall.com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:3205)
       at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
       at java.lang.Thread.run(Thread.java:764)

• Lock version: com.auth0.android:lock:2.8.3
• Android version & Phone Model:

• Versions of Gradle: gradle-4.6-all
• Android Plugin: 3.1.1-3.1.2
• Build tools: 27.0.3
• Android SDK: 19-27

Any idea? Thanks for your help.

[lbalmaceda]

Thanks for the details. Looking at the changelog, the only change made in the last version is adding an option to enforce TLS 1.2 from this library. This shouldn't affect you client side since the default behavior for TLS hasn't been changed and still depends on the android version running the app. However, another change introduced on that auth0.android version is disabling HTTP2 protocol, which only means "stick to the good old known protocols" that remain enabled for the client, and that the servers still accept. We required to change this because of a protocol version negotiation error. The OkHttp library being used is 2.7.5 (no longer maintained) and it has the HTTP2 protocol wrongly implemented and fails to negotiate the protocol version with the other peer. Anyway, this shouldn't be affecting you since like I said, old TLS & HTTP versions are still accepted by the server. If you find any clue or know where we can start digging to debug this, feel free to add it.

[davidmigloz]

Thanks for your response. I'm also getting this trace instead of SSLHandshakeException: Connection closed by peer:

Caused by java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
       at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:721)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:499)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:422)
       at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:343)
       at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
       at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
       at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:203)
       at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:607)
       at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(NativeCrypto.java)
       at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
       at com.squareup.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:7192)
       at com.squareup.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
       at com.squareup.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
       at com.squareup.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
       at com.squareup.okhttp.Call.com.squareup.okhttp.internal.http.HttpEngine.connect(Call.java:23281)
       at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:243)
       at com.squareup.okhttp.Call$AsyncCall.com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:3205)
       at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
       at java.lang.Thread.run(Thread.java:764)

[lbalmaceda]

Is this still an issue?

[davidmigloz]

Hi @lbalmaceda ,

I cannot tell you if it's still happening because we're not using auth0 anymore, sorry.

Best regards,
David

[Rohan1joshi]

Exception : javax.net.ssl.SSLHandshakeException Connection closed by peer
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:566)
at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:875)
Caused by java.lang.reflect.InvocationTargetException:
at java.lang.reflect.Method.invoke
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:556)
Caused by javax.net.ssl.SSLHandshakeException: Connection closed by peer
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake
at com.android.org.conscrypt.SslWrapper.doHandshake (SslWrapper.java:374)
at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake (ConscryptFileDescriptorSocket.java:217)
at com.android.okhttp.internal.io.RealConnection.connectTls (RealConnection.java:192)
at com.android.okhttp.internal.io.RealConnection.connectSocket (RealConnection.java:149)
at com.android.okhttp.internal.io.RealConnection.connect (RealConnection.java:112)
at com.android.okhttp.internal.http.StreamAllocation.findConnection (StreamAllocation.java:184)
at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection (StreamAllocation.java:126)
at com.android.okhttp.internal.http.StreamAllocation.newStream (StreamAllocation.java:95)
at com.android.okhttp.internal.http.HttpEngine.connect (HttpEngine.java:299)
at com.android.okhttp.internal.http.HttpEngine.sendRequest (HttpEngine.java:237)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute (HttpURLConnectionImpl.java:461)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect (HttpURLConnectionImpl.java:127)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect (DelegatingHttpsURLConnection.java:89)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect