Android API 19 (4.4.4) TLSv1.1

java

#1

I am using the Couchbase-Lite-PhoneGap-Plugin 1.4.1 as part of a Cordova application. A customer reported an issue on Anroid 4.4.4 (API 19) where the sync does not work. I was able to reproduce the issue on the emulator (Genymotion) using a 4.4.4 image. We are connecting to Sync Gateway 1.5.1. CBL is connecting to a load balancer which terminates the SSL connection and connects to Sync gateway using HTTP. We are disabling TLS v1 at the load balancer.

The issue appears to be related to TLS 1.1 support. Due to a security audit we had to disable TLS v1 and API 19 has support for TLS v1.1 but it is not the default. The error logged is below. If I enable TLS v1 the sync process works on the emulator and on the devices running 4.4.4. Based on some research, I tried updating the Google Play services to the latest version but this did not fix the issue. We need to disable TLS v1 to pass the security audit so leaving it enable long-term is not an option.

W/Router ( 1630): Replicator error: javax.net.ssl.SSLException: SSL handshake aborted: ssl=0xb815dfa0: I/O error during system call, Connection reset by peer. Repl: Replication{https://sync.mysite.com:4984/sync_gateway/, pull}. Source: https://sync.mysite.com:4984/sync_gateway/, Target: sync_gateway

Thanks for your help.


#2

I added a GitHub issue for this - https://github.com/couchbase/couchbase-lite-android/issues/1635


#3

I put in a fix for this in the tls12fix branch of my fork at https://github.com/zebra1024/couchbase-lite-java-core. The fix is from the okhttp post square/okhttp#2372. I also updated the OKHttp library to 3.10.0 and Jackson to 2.9.4. I also put a build of the Cordova plugin with the updated build at https://github.com/zebra1024/Couchbase-Lite-PhoneGap-Plugin.


#4

Closing the topic. Follow up is in https://github.com/couchbase/couchbase-lite-android/issues/16358


#5