Problem shooting: Why sometimes connecting to HTTPS sites via a proxy gateway on the Android platform can fail __android

Source: Internet
Author: User
Tags ssl connection

Environment

Access to some HTTPS sites, such as Gmail, via a proxy gateway (such as mobile Cmwap) on an Android phone sometimes has the following error: "Unable to establish secure connection"-A secure connecction could not to be established.

Reason

This is a deep hidden problem, because the system protocol stack in the establishment of SSL sockets, the lack of provincial capital calls SecurityManager to resolve the host domain name to the end of the site to do some additional validation (it seems that the validation results do not affect the follow-up operation, this need further study), The DNS service to the system is invoked. However, when accessing the Internet through the Cmwap gateway, all requests are completed through a proxy server 10.0.0.172, and the client does not have a corresponding DNS list. If your mobile phone happens to have access to the Internet via WiFi or other means (such as a cmnet gateway that does not require an agent), the Linux stack will leave a list of their corresponding DNS servers, and the system will be silly to initiate requests to these DNS, and the result is a timeout failure. In particular, DNS has a retry mechanism, so it will take several 10 seconds before returning DNS to the HTTP layer fails.

At this time the HTTP layer has already completed the SSL protocol layer of the Client hello/server Hello handshake, can continue to carry out HTTP data interaction, but for the above reasons, the DNS timeout is too long, many servers for security purposes, The SSL connection is disconnected if it is found that the client does not have data interaction within 10 seconds or even less after the SSL handshake.

Solutions

The simple solution is that if you access the Internet through a proxy gateway, you do not perform DNS resolution validation-This step is not necessary.

The problem is very partial to the door, but the process of settling the profit is shallow, hurriedly jot down to prevent forget. Related documents:

Httpsconnection.java

Opensslsocketimpl.java

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.