3 Replies Latest reply on Jul 22, 2016 5:48 AM by TAU TECHNOLOGIES

    Android 6.0.1 Marshmallow SNI hostname

    Joerg Koch

      Hi all,


      since updating to Android 6.0.1 I get the following error when my app connects to my external API via HTTPS and Rho::Network.get:


      Error log:

      [Fri Jul 01 01:44:12 2016] [error] Hostname <IP-ADDRESS>/<IP-ADDRESS> provided via SNI and hostname <DOMAIN-NAME> provided via HTTP are different


      SSL access log:

      [01/Jul/2016:01:42:19 +0200] "GET <PATH> HTTP/1.1" 400 1768 "-" "Mozilla-5.0 (ANDROID; samsung klte; 6.0.1)"


      where IP-ADDRESS is the IP address of the VPS server and DOMAIN-NAME is the domain name of the API application.


      So SNI seems to get no hostname at all just the IP. HTTP status code 400 ist returned. On Andoird < Marshmallow, everything works as expected.


      Tested on: Samsung Galaxy S5, Google Nexus 7 2013

      RhoMobile version of the app: 5.0.38

      Android version: 5.1.1


      Thanks for any hints on how to solve this problem!

        • Re: Android 6.0.1 Marshmallow SNI hostname

          Hi Joerg,


          It's already fixed and will be available in Rho 5.5 which will be released by Tau Technologies in August. Public beta will be available next week.




            • Re: Android 6.0.1 Marshmallow SNI hostname
              Joerg Koch

              Hi Konstantin,


              That sounds good, looking forward to the public beta.


              Could you give specifics on the problem and is there I way I might hot fix this with Ruby?


              Thanks in advance,


                • Re: Android 6.0.1 Marshmallow SNI hostname
                  TAU TECHNOLOGIES

                  Hi Jörg,


                  No you can not fix it in Ruby, you need native changes in Rho platform.


                  This specific issue was caused by combination of factors - different behavior of Android network stack in 5 vs 6.


                  1) Usage of SSL SNI extension for handshake procedure in Android 6 ( Android 5 does not use it ).

                  2) Android API does not provide direct means to specify SNI value, instead it uses value specified in socket constructor for remote peer address.

                  3) Rhodes network layer Initializes SSL socket with IP address ( not with full domain name matching HTTP request ).

                  4) As described in Apache server manual, SNI/Request hostname mismatch will be concidered as request error and responded with code 400.