Dealing with TLS on gRPC

70 views
Skip to first unread message

bhavin...@mattel.com

unread,
Sep 6, 2018, 2:06:02 PM9/6/18
to grpc.io

Hello, I am connecting to a server which has TLS support with SSL certs. I am getting a SSL Handshake error on Android app client. I also use useTransportSecurity() to deal with TLS negotiation type. Is there any workaround to get away with this error without certificate pinning?

 

----
    Caused by: java.lang.RuntimeException: protocol negotiation failed

        at io.grpc.okhttp.OkHttpProtocolNegotiator.negotiate(OkHttpProtocolNegotiator.java:96)

        at io.grpc.okhttp.OkHttpProtocolNegotiator$AndroidNegotiator.negotiate(OkHttpProtocolNegotiator.java:147)

        at io.grpc.okhttp.OkHttpTlsUpgrader.upgrade(OkHttpTlsUpgrader.java:63)

        at io.grpc.okhttp.OkHttpClientTransport$2.run(OkHttpClientTransport.java:474)

        at io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:123)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162) 

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636) 

        at java.lang.Thread.run(Thread.java:764) 
----

 

And this is how I generate my channel :

ManagedChannel mChannel = OkHttpChannelBuilder.forAddress(host, port)
        .useTransportSecurity()
        .build();

 

 

Appreciate your time and help.

Carl Mastrangelo

unread,
Sep 6, 2018, 3:57:13 PM9/6/18
to grpc.io
This error comes from the ALPN TLS extension, which you need your SSL endpoint to support.  If you are using NPN, it is unlikely you will be able to connect.

Eric Anderson

unread,
Sep 6, 2018, 5:26:04 PM9/6/18
to bhavin...@mattel.com, grpc-io
It seems this was also posted to SO: https://stackoverflow.com/q/52210169/4690866. I provided an answer there.

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.
To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/b1fb55e3-0779-47ce-bf53-92a3617c65e8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

bhavin...@mattel.com

unread,
Sep 8, 2018, 2:30:30 AM9/8/18
to grpc.io
Thanks for the solution. Thats what was the problem eventually. The endpoint now has ALPN TLS extension and I am not facing that issue anymore. Also, I wonder why Android still might need Dynamic Security Provider.
Reply all
Reply to author
Forward
0 new messages