[GH-ISSUE #609] SSL Handshake Failed handshakeFailed (NIOSSL.BoringSSLError.sslError ([Error: 268436502 error: 10000416: SSL routines: OPENSSL_internal: SSLV3_ALERT_CERTIFICATE_UNKNOWN])) #607

New issue

Closed

opened 2026-03-03 19:20:17 +03:00 by kerem · 13 comments

kerem commented 2026-03-03 19:20:17 +03:00

Owner

Copy link

Originally created by @chornerman on GitHub (Aug 31, 2020).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/609

Proxyman version? (Ex. Proxyman 1.4.3)

2.5.3

macOS Version? (Ex. mac 10.14)

10.15.6

Steps to reproduce

1. Connect Android device with the same network as laptop (Android device and laptop both have certificate installed, and already set the Wifi proxy, also I already added network_security_config.xml in the manifest file of the application, and it has exact same code as the tutorial)
2. Open the app that enabled HTTPS response

Expected behavior

Show response correctly with no error

Screenshots (optional)

Originally created by @chornerman on GitHub (Aug 31, 2020). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/609 ### Proxyman version? (Ex. Proxyman 1.4.3) 2.5.3 ### macOS Version? (Ex. mac 10.14) 10.15.6 ### Steps to reproduce 1. Connect Android device with the same network as laptop (Android device and laptop both have certificate installed, and already set the Wifi proxy, also I already added network_security_config.xml in the manifest file of the application, and it has exact same code as the tutorial) 2. Open the app that enabled HTTPS response ### Expected behavior Show response correctly with no error ### Screenshots (optional) <img width="630" alt="Screen Shot 2563-08-31 at 16 14 00" src="https://user-images.githubusercontent.com/13492460/91703842-0557e900-eba5-11ea-87b1-7a5da05f6db4.png">

kerem 2026-03-03 19:20:17 +03:00

• closed this issue
• added the
  ✅ Done
  Discussion
  labels

kerem commented 2026-03-03 19:20:18 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Aug 31, 2020):

Hi @chornerman, can you help me to verify that you've config in res/xml/network_security_config.xml and manifest.xml? Step 3-4 in Android Doc https://docs.proxyman.io/debug-devices/android-device 🤔

and make sure that it's your Android app, since it's impossible to intercept the HTTPS Traffic from apps that you don't control

<!-- gh-comment-id:683665987 --> @NghiaTranUIT commented on GitHub (Aug 31, 2020): Hi @chornerman, can you help me to verify that you've config in res/xml/network_security_config.xml and manifest.xml? Step 3-4 in Android Doc https://docs.proxyman.io/debug-devices/android-device 🤔 and make sure that it's your Android app, since it's impossible to intercept the HTTPS Traffic from apps that you don't control

kerem commented 2026-03-03 19:20:18 +03:00

Author

Owner

Copy link

@chornerman commented on GitHub (Aug 31, 2020):

Thanks, @NghiaTranUIT for a really fast reply 🙏
Here is my network_security_config.xml code

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>

    <domain-config>
        <domain includeSubdomains="true">some_url
        </domain>
        <trust-anchors>
            <certificates src="user" />
            <certificates src="system" />
        </trust-anchors>
    </domain-config>
</network-security-config>

and I added this line to the manifest inside the application tag

android:networkSecurityConfig="@xml/network_security_config"

<!-- gh-comment-id:683667798 --> @chornerman commented on GitHub (Aug 31, 2020): Thanks, @NghiaTranUIT for a really fast reply 🙏 Here is my `network_security_config.xml `code ``` <?xml version="1.0" encoding="utf-8"?> <network-security-config> <base-config cleartextTrafficPermitted="true"> <trust-anchors> <certificates src="system" /> </trust-anchors> </base-config> <domain-config> <domain includeSubdomains="true">some_url </domain> <trust-anchors> <certificates src="user" /> <certificates src="system" /> </trust-anchors> </domain-config> </network-security-config> ``` and I added this line to the manifest inside the application tag `android:networkSecurityConfig="@xml/network_security_config"`

kerem commented 2026-03-03 19:20:18 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Aug 31, 2020):

Hi, there are many reasons why you might not intercept from your Android:

1. Look like you're missing network-security-config tag. From your code, it only has base-config and domain-config. You can checkout the Android Doc

<network-security-config>
    <debug-overrides>
        <trust-anchors>
            <!-- Trust user added CAs while debuggable only -->
            <certificates src="user" />
            <certificates src="system" />
        </trust-anchors>
    </debug-overrides>
</network-security-config>

2. Is your app using SSL-Pining? If yes, please disable it.

<!-- gh-comment-id:683673823 --> @NghiaTranUIT commented on GitHub (Aug 31, 2020): Hi, there are many reasons why you might not intercept from your Android: 1. Look like you're missing `network-security-config` tag. From your code, it only has `base-config` and `domain-config`. You can checkout the Android Doc ```xml <network-security-config> <debug-overrides> <trust-anchors> <!-- Trust user added CAs while debuggable only --> <certificates src="user" /> <certificates src="system" /> </trust-anchors> </debug-overrides> </network-security-config> ``` 2. Is your app using SSL-Pining? If yes, please disable it.

kerem commented 2026-03-03 19:20:18 +03:00

Author

Owner

Copy link

@chornerman commented on GitHub (Aug 31, 2020):

Now my network-security-config code looks like this

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <debug-overrides>
        <trust-anchors>
            <!-- Trust user added CAs while debuggable only -->
            <certificates src="user" />
            <certificates src="system" />
        </trust-anchors>
    </debug-overrides>

    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>

    <domain-config>
        <domain includeSubdomains="true">some_url
        </domain>
        <trust-anchors>
            <certificates src="user" />
            <certificates src="system" />
        </trust-anchors>
    </domain-config>
</network-security-config>

and it's still doesn't work 😢

<!-- gh-comment-id:683677818 --> @chornerman commented on GitHub (Aug 31, 2020): Now my `network-security-config` code looks like this ``` <?xml version="1.0" encoding="utf-8"?> <network-security-config> <debug-overrides> <trust-anchors> <!-- Trust user added CAs while debuggable only --> <certificates src="user" /> <certificates src="system" /> </trust-anchors> </debug-overrides> <base-config cleartextTrafficPermitted="true"> <trust-anchors> <certificates src="system" /> </trust-anchors> </base-config> <domain-config> <domain includeSubdomains="true">some_url </domain> <trust-anchors> <certificates src="user" /> <certificates src="system" /> </trust-anchors> </domain-config> </network-security-config> ``` and it's still doesn't work 😢

kerem commented 2026-03-03 19:20:18 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Aug 31, 2020):

Can you share with me what the Android emulator is? and the Android Version. I would like to download and try to reproduce in my machine 😄

I will send you a sample Android project that works, then you can reapplying in your project 👍

<!-- gh-comment-id:683678520 --> @NghiaTranUIT commented on GitHub (Aug 31, 2020): Can you share with me what the Android emulator is? and the Android Version. I would like to download and try to reproduce in my machine 😄 I will send you a sample Android project that works, then you can reapplying in your project 👍

kerem commented 2026-03-03 19:20:18 +03:00

Author

Owner

Copy link

@chornerman commented on GitHub (Aug 31, 2020):

I use a physical device, Samsung Galaxy S10e with Android 10
I also try with Xioami Redmi Note 7 Android 10 as well and got the same problem

<!-- gh-comment-id:683679484 --> @chornerman commented on GitHub (Aug 31, 2020): I use a physical device, Samsung Galaxy S10e with Android 10 I also try with Xioami Redmi Note 7 Android 10 as well and got the same problem

kerem commented 2026-03-03 19:20:19 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Aug 31, 2020):

I checked Pixel XL Emulator (Android Studio) with Android 29, and it worked fine. I'm able to see the traffic from https://www.google.com

---

Config

• Set Proxy in Wifi Setting
• open proxy.man/ssl in Google Chrome and install the certifciate
• res/xml/network_security_config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <!--Set application-wide security config using base-config tag.-->
    <!--Set domain-specific security config using domain-config tags. -->
    <!--See https://developer.android.com/training/articles/security-config.html for more information.-->
    <debug-overrides>
        <trust-anchors>
            <!-- Trust user added CAs while debuggable only -->
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </debug-overrides>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>

    <domain-config>
        <domain includeSubdomains="true">www.google.com</domain>
        <trust-anchors>
            <certificates src="user"/>
            <certificates src="system"/>
        </trust-anchors>
    </domain-config>
</network-security-config>

• manifest.xml

<manifest
    xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.example.android.networkconnect"
    android:versionCode="1"
    android:versionName="1.0">

    <!-- Min/target SDK versions (<uses-sdk>) managed by build.gradle -->
    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

    <application
        android:label="@string/app_name"
        android:icon="@drawable/ic_launcher"
        android:theme="@style/Theme.Sample"
        android:allowBackup="true"
        android:networkSecurityConfig="@xml/network_security_config">
        <activity
            android:name="com.example.android.networkconnect.MainActivity"
            android:label="@string/app_name"
            android:uiOptions="splitActionBarWhenNarrow">

            <intent-filter>
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>
    </application>
</manifest>

• Download Project:
  NetworkConnect.zip

---

Can you try to run this project on your physical device?

<!-- gh-comment-id:683685837 --> @NghiaTranUIT commented on GitHub (Aug 31, 2020): I checked Pixel XL Emulator (Android Studio) with Android 29, and it worked fine. I'm able to see the traffic from `https://www.google.com` <img width="1678" alt="Screen Shot 2020-08-31 at 16 56 26" src="https://user-images.githubusercontent.com/5878421/91708117-0db32280-ebab-11ea-9e3d-f5dd1c0dce3d.png"> ------------------ ### Config - Set Proxy in Wifi Setting - open `proxy.man/ssl` in Google Chrome and install the certifciate - res/xml/network_security_config.xml ```xml <?xml version="1.0" encoding="utf-8"?> <network-security-config> <!--Set application-wide security config using base-config tag.--> <!--Set domain-specific security config using domain-config tags. --> <!--See https://developer.android.com/training/articles/security-config.html for more information.--> <debug-overrides> <trust-anchors> <!-- Trust user added CAs while debuggable only --> <certificates src="system" /> <certificates src="user" /> </trust-anchors> </debug-overrides> <base-config cleartextTrafficPermitted="true"> <trust-anchors> <certificates src="system" /> </trust-anchors> </base-config> <domain-config> <domain includeSubdomains="true">www.google.com</domain> <trust-anchors> <certificates src="user"/> <certificates src="system"/> </trust-anchors> </domain-config> </network-security-config> ``` - manifest.xml ```xml <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.example.android.networkconnect" android:versionCode="1" android:versionName="1.0"> <!-- Min/target SDK versions (<uses-sdk>) managed by build.gradle --> <uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> <application android:label="@string/app_name" android:icon="@drawable/ic_launcher" android:theme="@style/Theme.Sample" android:allowBackup="true" android:networkSecurityConfig="@xml/network_security_config"> <activity android:name="com.example.android.networkconnect.MainActivity" android:label="@string/app_name" android:uiOptions="splitActionBarWhenNarrow"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> </application> </manifest> ``` - Download Project: [NetworkConnect.zip](https://github.com/ProxymanApp/Proxyman/files/5149670/NetworkConnect.zip) ---------- Can you try to run this project on your physical device?

kerem commented 2026-03-03 19:20:19 +03:00

Author

Owner

Copy link

@chornerman commented on GitHub (Aug 31, 2020):

Sorry for a late response, it's not work either

<!-- gh-comment-id:683709819 --> @chornerman commented on GitHub (Aug 31, 2020): Sorry for a late response, it's not work either <img width="1279" alt="Screen Shot 2563-08-31 at 18 00 21" src="https://user-images.githubusercontent.com/13492460/91713379-de54e380-ebb3-11ea-8260-57ecc16b2a43.png">

kerem commented 2026-03-03 19:20:19 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Sep 1, 2020):

That's strange. I'm not sure what causes the bug on your Samsung machine 🤔

Can you try to run your project on Android Studio? and Do you app have SSL-Pining?

<!-- gh-comment-id:684482613 --> @NghiaTranUIT commented on GitHub (Sep 1, 2020): That's strange. I'm not sure what causes the bug on your Samsung machine 🤔 Can you try to run your project on Android Studio? and Do you app have SSL-Pining?

kerem commented 2026-03-03 19:20:19 +03:00

Author

Owner

Copy link

@chornerman commented on GitHub (Sep 1, 2020):

Yes, I can run it on Android Studio and the app doesn't have SSL-Pinning

<!-- gh-comment-id:684557950 --> @chornerman commented on GitHub (Sep 1, 2020): Yes, I can run it on Android Studio and the app doesn't have SSL-Pinning

kerem commented 2026-03-03 19:20:19 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Sep 1, 2020):

so I'm not sure how to fix it since it works fine in your Android Emulator. Maybe Samsung devices need extra steps in order to trust Proxyman Certificate 🤔

The error means that your device doesn't trust the Proxyman Certificate.

<!-- gh-comment-id:684584894 --> @NghiaTranUIT commented on GitHub (Sep 1, 2020): so I'm not sure how to fix it since it works fine in your Android Emulator. Maybe Samsung devices need extra steps in order to trust Proxyman Certificate 🤔 The error means that your device doesn't trust the Proxyman Certificate.

kerem commented 2026-03-03 19:20:19 +03:00

Author

Owner

Copy link

@chornerman commented on GitHub (Sep 1, 2020):

I try reinstalling the certification on my Samsung device and it's work as expected this time.
Thank you @NghiaTranUIT 😄

<!-- gh-comment-id:684615072 --> @chornerman commented on GitHub (Sep 1, 2020): I try reinstalling the certification on my Samsung device and it's work as expected this time. Thank you @NghiaTranUIT 😄

kerem commented 2026-03-03 19:20:19 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Sep 1, 2020):

Happy coding 🙌

<!-- gh-comment-id:684616782 --> @NghiaTranUIT commented on GitHub (Sep 1, 2020): Happy coding 🙌

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

6.9.0

6.8.0

6.7.0

6.6.0

6.5.0

6.4.0

6.3.0

6.2.0

6.1.0

6.0.2

6.0.0

6.0.1

5.25.0

5.24.0

5.23.0

5.23.1

5.22.0

5.20.0

5.21.0

5.19.0

5.18.0

5.17.0

5.16.0

5.15.0

5.14.0

5.12.2

5.12.1

5.12.0

5.11.0

5.10.0

5.8.0

5.9.0

5.7.0

5.6.1

5.6.0

5.5.0

5.4.0

5.2.0

5.3.0

5.1.1

5.0.0

4.16.0

4.15.0

4.14.0

4.13.0

4.12.0

4.11.0

4.10.0

4.9.1

4.9.0

4.8.2

4.8.1

4.8.0

4.7.1

4.7.0

4.6.1

4.6.0

4.5.0

4.4.0

4.3.1

4.3.0

4.2.1

4.2.0

4.1.0

4.0.0

3.15.0

3.14.0

3.13.0

3.12.0

3.11.0

3.10.0

3.9.0

3.8.0

3.7.0

3.6.2

3.6.1

3.6.0

3.5.2

3.5.1

3.5.0

3.4.0

3.3.0

3.2.0

3.1.0

3.0.0

2.35.4

2.35.3

2.35.2

2.35.1

2.35.0

2.34.1

2.34.0

2.33.0

2.32.1

2.32.0

2.31.0

2.30.0

2.29.0

2.28.0

2.27.0

2.26.0

2.25.0

2.24.0

2.23.0

2.22.0

2.21.1

2.21.0

2.20.0

2.19.0

2.18.0

2.17.0

2.16.1

2.16.0

2.15.2

2.15.1

2.15.0

2.14.2

2.14.1

2.14.0

2.13.0

2.12.0

2.11.1

2.11.0

2.10.0

2.9.1

2.9.0

2.8.0

2.7.0

2.6.0

2.5.3

2.5.2

2.5.1

2.5.0

2.4.2

2.4.1

2.4.0

2.3.0

2.2.0

2.1.1

2.1.0

2.0.1

2.0.0

1.24.0

1.23.0

1.22.0

1.21.0

1.20.0

1.19.0

1.18.1

1.18.0

1.17.1

1.17.0

1.16.0

1.15.0

1.14.1

1.14.0

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.7

1.4.6

1.4.5.1

1.4.5

1.4.4.1

1.4.4

1.4.3

1.4.2

1.4.1.1

1.4.1

1.4

1.3.9

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4.3

1.3.4.2

1.3.4.1

1.3.4

1.3.3

1.3.2

1.3.1

1.3

1.2

1.1.2

1.1.1

1.1

1.0.3

1.0.2

1.0

0.8.1

0.8

0.7

0.6

0.5.1

0.5

v0.4.1

Labels

Clear labels   

Discussion

  

Feature request

  

In Progress...

  

Plugins

  

Waiting response

  

Windows

  

Windows

  

bug

  

duplicate

  

enhancement

  

feature

  

good first issue

  

iOS

  

macOS 10.11

  

question

  

wontfix

  

✅ Done

No labels

Discussion

Feature request

In Progress...

Plugins

Waiting response

Windows

Windows

bug

duplicate

enhancement

feature

good first issue

iOS

macOS 10.11

question

wontfix

✅ Done

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Proxyman#607

No description provided.