Flutter SSL Handshake Failure on Android 13 and below

1 day ago 2
ARTICLE AD BOX

We are experiencing an SSL handshake issue in a Flutter-based Android application when connecting to a backend API hosted on SAP Cloud Platform Integration (SAP CPI).

Recently, the API certificate chain was upgraded to DigiCert TLS RSA4096 Root G5. After this change, Android devices running Android 13 and below fail to establish an HTTPS connection.

The error observed is:

HandshakeException: Handshake error in client(OS Error: CERTIFICATE_VERIFY_FAILED: self signed certificate in certificate chain)

However, the same API works correctly on:

Android 14 and above

iOS devices

Backend Configuration

The backend server is configured to send the full certificate chain, including:

Server certificate

Intermediate certificate(s)

Root certificate (DigiCert TLS RSA4096 Root G5) ( self signed )

Attempted Solution

Initially, we attempted to resolve the issue using Android Network Security Configuration (NSC) to trust the backend certificate. However, the issue persisted.

Since the application is built using Flutter, networking is handled by the Dart HttpClient rather than Android’s native networking libraries (such as HttpURLConnection or OkHttp). Because of this, Android Network Security Configuration may not always apply to Flutter HTTP requests.

As a workaround, we implemented a custom SecurityContext in Flutter and added the DigiCert root certificate to the TLS trust store while keeping the system trusted certificates enabled.

This resolved the SSL handshake issue on Android 13 and below devices.

Implementation used in the application:

final certData = await rootBundle.load('assets/certs/DigiCert_TLS_RSA4096_Root_G5.pem'); final context = SecurityContext(withTrustedRoots: true); context.setTrustedCertificatesBytes(certData.buffer.asUint8List()); final client = HttpClient(context: context);

This resolved the handshake issue on Android 13 and below devices.

Question

Is this approach considered secure and recommended for production apps distributed through Google Play?

Or is there a better way to handle certificate trust issues in Flutter on older Android versions?

Reference

Similar workaround discussed here:
https://medium.com/@amanueldemelash12/fixing-ssl-handshake-failure-on-older-android-devices-in-flutter-75b2a3ff1568

Read Entire Article
  3. Flutter SSL Handshake Failure on Android 13 and below

Related

React Native 0.84 Android build fails with std::__ndk1 C++ linker errors using NDK 27

React Native 0.84 Android build fails with std::__ndk1 C++ linker errors using NDK 27

What to use for encrypting Room Database in Android now that EncryptedSharedPreferences and MasterKeys are deprecated?

What to use for encrypting Room Database in Android now that EncryptedSharedPreferences and MasterKeys are deprecated?

Playwright (C#) cannot detect elements when connected to Android Chrome via ADB port forwarding using ConnectOverCDP

Playwright (C#) cannot detect elements when connected to Android Chrome via ADB port forwarding using ConnectOverCDP

LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.