java - Android connection fails if I disable SSLv2/SSLv3 on the HTTPS server -

java - Android connection fails if I disable SSLv2/SSLv3 on the HTTPS server -

in android app (kitkat 4.4.4 on nexus 7) utilize retrofit rest library access https server configured allow tls, no ssl (to prepare poodle vulnerability).

my retrofit setup code simple

retrofitinterface retrofitinterface = new restadapter.builder() .setendpoint(api.api_url).build().create(retrofitinterface.class);

and no farther ssl-specific configuration.

if disallow sslv2/sslv3 in server configuration, rest resource request fails error message:

failure retrofit.retrofiterror: javax.net.ssl.sslprotocolexception: ssl handshake terminated: ssl=0x69978800: failure in ssl library, protocol error error:14094410:ssl routines:ssl3_read_bytes:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1256 0x683cddf8:0x00000003)

when configure https server allow sslv2/sslv3, problem disappears.

do need additional configuration forcefulness android http library utilize tls instead of ssl?

i found solution utilize okhttp client provided retrofit developers.

so guess default http client used in retrofit has problem ssl/tls handshakes.

java android ssl https retrofit