I'm developing an android application which communicates with a web server. We use HTTPS for this communication and we have also a client certificate inside the android application for authentication.
We created SSL certificates using ECC (ANSI x9.62) in order to have very small certificates so we can reduce the transmission cost during handshake.
The source code for the communication is more or less like this:
InputStream keystoreIs = getResources().openRawResource(R.raw.client_bks); KeyStore keystore = KeyStore.getInstance("BKS"); keystore.load(keystoreIs, KEYSTORE_PASSWORD); SSLSocketFactory socketFactory = new SSLSocketFactory(keystore, KEYSTORE_PASSWORD, keystore); Scheme serverScheme = new Scheme("https", socketFactory, SERVER_PORT); HttpClient httpclient = new DefaultHttpClient(); httpclient.getConnectionManager().getSchemeRegistry().register(iServerScheme); HttpPost httppost = new HttpPost(SERVER_URL); HttpResponse response = httpclient.execute(httppost);
The problem is that when we try to connect we have errors like:
E/NativeCrypto(4744): Unknown error 5 during connect W/System.err(4744): java.io.IOException: SSL handshake failure: I/O error during system call, Connection reset by peer W/System.err(4744): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method) W/System.err(4744): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:316) W/System.err(4744): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:520) W/System.err(4744): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:461) W/System.err(4744): at org.apache.http.impl.io.SocketInputBuffer.<init>(SocketInputBuffer.java:93) W/System.err(4744): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:83) W/System.err(4744): at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:170) W/System.err(4744): at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:106) W/System.err(4744): at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:129) (...)
I trid to find an example with ECC and SSL but I didn't found anything. I found several articles about encryption and key pair generation (for example http://nelenkov.blogspot.com/2011/12/using-ecdh-on-android.html#!/2011/12/using-ecdh-on-android.html) but nothing related to this SSL kind of errors.
We will appreciate any feedback. Thank you in advance!!