[GH-ISSUE #1452] SSL Handshake Failed at Users/nghiatran/Library/Developer/Xcode/DerivedData/ #1446

Closed
opened 2026-03-03 19:51:36 +03:00 by kerem · 7 comments
Owner

Originally created by @Yakow13 on GitHub (Dec 1, 2022).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1452

Description

Trying to intercept SSL connection on Android phone

Steps to Reproduce

  1. Install certificate on Mac according to manual
  2. Install certificate on Android according to manual
  3. Proxy connection. Enable SSL proxying
  4. Go to google.com

Current Behavior

SSL Handshake Failed handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268436502 error:10000416:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_UNKNOWN at /Users/nghiatran/Library/Developer/Xcode/DerivedData/NSProxy-dpnvjsvnoedgpgfkomhjjqznnjsa/SourcePackages/checkouts/swift-nio-ssl/Sources/CNIOBoringSSL/ssl/tls_record.cc:594]))

Expected Behavior

Successful SSL Handshake. Able to see SSL communication

Environment

  • App version: Proxyman 3.14.0
  • macOS version: Macbook Pro 14 M1 Venture 13.0.1
  • Android version: Pixel Android 13
Originally created by @Yakow13 on GitHub (Dec 1, 2022). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1452 ## Description Trying to intercept SSL connection on Android phone ## Steps to Reproduce 1. Install certificate on Mac according to manual 2. Install certificate on Android according to manual 3. Proxy connection. Enable SSL proxying 4. Go to google.com ## Current Behavior SSL Handshake Failed handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268436502 error:10000416:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_UNKNOWN at /Users/nghiatran/Library/Developer/Xcode/DerivedData/NSProxy-dpnvjsvnoedgpgfkomhjjqznnjsa/SourcePackages/checkouts/swift-nio-ssl/Sources/CNIOBoringSSL/ssl/tls_record.cc:594])) ## Expected Behavior Successful SSL Handshake. Able to see SSL communication ## Environment - App version: Proxyman 3.14.0 - macOS version: Macbook Pro 14 M1 Venture 13.0.1 - Android version: Pixel Android 13
kerem 2026-03-03 19:51:36 +03:00
  • closed this issue
  • added the
    bug
    label
Author
Owner

@NghiaTranUIT commented on GitHub (Dec 1, 2022):

Hi @Yakow13 To interpret HTTPS traffic from Android Devices, you have finish the step 5 in this Setup Guide: https://docs.proxyman.io/debug-devices/android-device

By adding the Security exception in network_security_config.xml.

Visit google.com from Android Web Browser doesn't work since you're not possible to modify the network_security_config

<!-- gh-comment-id:1333499356 --> @NghiaTranUIT commented on GitHub (Dec 1, 2022): Hi @Yakow13 To interpret HTTPS traffic from Android Devices, you have finish the step 5 in this Setup Guide: https://docs.proxyman.io/debug-devices/android-device By adding the Security exception in `network_security_config.xml`. Visit google.com from Android Web Browser doesn't work since you're not possible to modify the `network_security_config`
Author
Owner

@NghiaTranUIT commented on GitHub (Dec 1, 2022):

Security on Android devices is trickier, and the 5th step is crucial to successfully intercept its HTTPS traffic. Otherwise, you will get a bunch of SSL errors.

<!-- gh-comment-id:1333500524 --> @NghiaTranUIT commented on GitHub (Dec 1, 2022): Security on Android devices is trickier, and the 5th step is crucial to successfully intercept its HTTPS traffic. Otherwise, you will get a bunch of SSL errors.
Author
Owner

@Yakow13 commented on GitHub (Dec 1, 2022):

Hey. Thanks for the quick response.
Going to google.com using Chrome was one of the troubleshooting points I was trying to take. But even this was unsuccessful.

At first, I'm trying to intercept my app, where the network_security_config.xml is set up properly. Same SSL handshake error. Then I was following the troubleshooting manual, where going to google.com was mentioned. Now I see that's for iOS not for Android.

Any troubleshooting for Android? I'm stuck on this SSL handshake error for a week

<!-- gh-comment-id:1333506817 --> @Yakow13 commented on GitHub (Dec 1, 2022): Hey. Thanks for the quick response. Going to google.com using Chrome was one of the troubleshooting points I was trying to take. But even this was unsuccessful. At first, I'm trying to intercept my app, where the `network_security_config.xml` is set up properly. Same SSL handshake error. Then I was following the troubleshooting manual, where going to google.com was mentioned. Now I see that's for iOS not for Android. Any troubleshooting for Android? I'm stuck on this SSL handshake error for a week
Author
Owner

@NghiaTranUIT commented on GitHub (Dec 1, 2022):

Is your Android app a Native app, or React Native?

To verify the certificate is installed & trusted, if you don't mind, please open the Setting app -> Security -> Trusted Credentials -> User Tab -> And see if Proxyman CA is here.

Screenshot 2022-12-01 at 17 02 12
<!-- gh-comment-id:1333513320 --> @NghiaTranUIT commented on GitHub (Dec 1, 2022): Is your Android app a Native app, or React Native? To verify the certificate is installed & trusted, if you don't mind, please open the Setting app -> Security -> Trusted Credentials -> User Tab -> And see if Proxyman CA is here. <img width="848" alt="Screenshot 2022-12-01 at 17 02 12" src="https://user-images.githubusercontent.com/5878421/205024229-84ac55bc-81e3-4dd6-aa4e-03759265c2a9.png">
Author
Owner

@NghiaTranUIT commented on GitHub (Dec 1, 2022):

The easier to intercept native Android app is using Android Emulator.

You can run the Emulator Script in Certificate Menu -> Install for Android -> Emulator. Document at https://docs.proxyman.io/debug-devices/android-device/automatic-script-for-android-emulator

It will automatically override the proxy, install & trust the certificate.

Make sure Android Emulator is the Google APIs version, not Google Play Store version.

<!-- gh-comment-id:1333515698 --> @NghiaTranUIT commented on GitHub (Dec 1, 2022): The easier to intercept native Android app is using Android Emulator. You can run the Emulator Script in Certificate Menu -> Install for Android -> Emulator. Document at https://docs.proxyman.io/debug-devices/android-device/automatic-script-for-android-emulator It will automatically override the proxy, install & trust the certificate. Make sure Android Emulator is the Google APIs version, not Google Play Store version.
Author
Owner

@Yakow13 commented on GitHub (Dec 1, 2022):

The emulator one started work (I was sure that the certificate is correct, so I could try to modify different things).
Then with trial and error, I figured out that the missing piece was this:
<domain includeSubdomains="true">your_domain</domain>

Didn't have this specified. When I added my domain, the emulator as well as the physical device started to work.

Thanks for troubleshooting :).
Closing the ticket

<!-- gh-comment-id:1333593415 --> @Yakow13 commented on GitHub (Dec 1, 2022): The emulator one started work (I was sure that the certificate is correct, so I could try to modify different things). Then with trial and error, I figured out that the missing piece was this: `<domain includeSubdomains="true">your_domain</domain>` Didn't have this specified. When I added my domain, the emulator as well as the physical device started to work. Thanks for troubleshooting :). Closing the ticket
Author
Owner

@NghiaTranUIT commented on GitHub (Dec 1, 2022):

Awesome. Glad to hear that it works.

You can use the Manage Domain to automatically generate the domain + Persist for the next launch. Save a little time for you ❤️

Screenshot 2022-12-01 at 19 57 06
<!-- gh-comment-id:1333726119 --> @NghiaTranUIT commented on GitHub (Dec 1, 2022): Awesome. Glad to hear that it works. You can use the Manage Domain to automatically generate the domain + Persist for the next launch. Save a little time for you ❤️ <img width="720" alt="Screenshot 2022-12-01 at 19 57 06" src="https://user-images.githubusercontent.com/5878421/205058649-cd1c2d08-d29b-4ed6-ae26-634d5815cf82.png">
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Proxyman#1446
No description provided.