Branchitos Branchitos -4 years ago 172
Android Question

HttpsURLConnection: SSL resumption not working

I'm trying to set up SSL (with SSL resumption) using

HttpsURLConnection
with my own trust manager.

I am only able to perform ssl handshakes and connections. No SSL resumption - The previous sessions are never reused!

I searched all over, but no luck.
All answers refer to HttpClient (which is not an option).

My setup is as follows:


  • I create an SSL Context which I store for later use.

  • I then create an SSL Factory using this SSL context which I also store for it to be used with all connections.

  • I start a connection where everything goes well:
    I receive a
    sessionID
    , a complete handshake is done and the connection is sent to the server.

  • One minute later, I start another connection. For some weird reason, this connection does not send the
    sessionID
    I had earlier.
    I print the
    SSLContext
    's session - The last session is still there and is valid.
    For some reason this new connection does not use it, thus another session is created and is added to the sessions' cache.



I tried both android version 2.3 and 4.1 as well on 2 different devices.

Following many google results I even tried to add Keep-Alive as some users proposed, as well as other voodoo that led to no different results.

Did anyone run into this? Is there something I'm missing?

What could cause my connections not to use the last session?

Thanks in advance!

Answer Source

What you'd like to do is use reflection to override members in class android.net.SSLCertificateSocketFactory, the members are:

  1. HOSTNAME_VERIFIER
  2. mTrustManagers
  3. mKeyManagers

Do it by getting the class:

Class<?> sslClass = Class.forName("android.net.SSLCertificateSocketFactory");
Field classField = sslClass.getDeclaredField("defaultTrustManager");
classField.setAccessible(true);
classField.set(null /*If Feild is static*/, youObjectHere /*Needs casting*/);
classField.set(objectInstance /*If Feild is not static*/, youObjectHere /*Needs casting*/);

and then:

Override these with you own variables. This will allow for SSL resumption for Android API 14 and above (I tested on 14).

BEWARE

You'd need to maintain this code and keep up with any changes Google might do.

Hope it helped! Good luck!

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download