04-23 17:17:38.434 21599-21956/ D/NativeCrypto: ssl=0x0 NativeCrypto_SSL_interrupt
04-23 17:17:38.435 21599-21956/ D/OkHttp: <-- HTTP FAILED: javax.net.ssl.SSLHandsha
I ran into this issue when upgrading to OkHttp 4.x. Rather than having to keep track of all known TLS versions and all known ciphers as Anker recommends, use OkHttp's allEnabledTlsVersions and allEnabledCipherSuites methods:
val builder = OkHttpClient.Builder()
…
// The default OkHttp configuration does not support older versions of TLS,
// or all cipher suites. Make our support as reasonably broad as possible.
builder.connectionSpecs(listOf(ConnectionSpec.CLEARTEXT,
ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
.allEnabledTlsVersions()
.allEnabledCipherSuites()
.build()))
…
val okHttpClient = builder.build()
These lists will stay current as long as you upgrade OkHttp regularly. From the ConnectionSpec API doc:
Use Builder.allEnabledTlsVersions and Builder.allEnabledCipherSuites to defer all feature selection to the underlying SSL socket.
The configuration of each spec changes with each OkHttp release. This is annoying: upgrading your OkHttp library can break connectivity to certain web servers! But it’s a necessary annoyance because the TLS ecosystem is dynamic and staying up to date is necessary to stay secure. See OkHttp’s TLS Configuration History to track these changes.