Our application has tabs and one of the fragments can contain a webviewclient. Users are now reporting an issue where the webviewclient is unable to load the page. We've confirmed that the server is up and running, we've also identified that the issue happens in v4.3 and all earlier versions. We have also confirmed that it works fine in v5.0; right now we've not been able to test whether it works in 4.4 or not (I guess that information only helps if someone knows of a change that occurred in 4.4 and newer that would cause something to fail in all earlier versions).
So the actual problem is we create the webviewclient and load it into the fragment, the web page (Connected to via HTTPS) loads perfectly everytime in this scenario for all versions. For v5.0 we can then click a different tab and come back to the tab with the webviewclient; we can see the fragment being created and everything works as expected, the web page loads as expected. But for v4.3 and earlier we see the fragment being created, but the webviewclient fires onReceivedError with an -11 error code (couldn't establish a secure connection). Looking further in the debug log we get a handshake error, here is the log for the call. Interestingly the website we are connecting to can accept TLS1.2; we can see that when we go to the URL using Firefox and use dev tools, etc. so that error is pretty interesting too.
04-24 14:38:52.415: W/chromium(15434): external/chromium/net/http/http_stream_factory_impl_job.cc:865: [0424/143852:WARNING:http_stream_factory_impl_job.cc(865)] Falling back to SSLv3 because host is TLS intolerant:
04-24 14:38:52.446: V/chromium(15434): external/chromium/net/socket/ssl_client_socket_openssl.cc:310: [0424/143852:INFO:ssl_client_socket_openssl.cc(310)] ssl_ctx_ is used
04-24 14:38:52.469: E/chromium(15434): external/chromium/net/socket/ssl_client_socket_openssl.cc:899: [0424/143852:ERROR:ssl_client_socket_openssl.cc(899)] handshake failed; returned 0, SSL error code 5, net_error -107
04-24 14:38:52.469: V/chromium(15434): external/chromium/net/socket/ssl_client_socket_openssl.cc:508: [0424/143852:INFO:ssl_client_socket_openssl.cc(508)] ~SSLClientSocketOpenSSL()
04-24 14:38:52.469: I/GATE(15434): <GATE-M>DEV_ACTION_ERROR</GATE-M>
04-24 14:38:52.477: V/webkit(15434): reportError errorCode(-11) desc(Couldn't establish a secure connection.)
04-24 14:38:52.532: I/GATE(15434): <GATE-M>DEV_ACTION_COMPLETED</GATE-M>
Digging around it looks like we might need to override the SSLProtocolFactory; but that seemed to be for self signed certificates, etc. We are connecting to a well know 3rd party and there doesn't appear to be anything wrong with their certificate. As always with these things, it probably feels like something we're missing for earlier versions of Android; or a work around for something that has been fixed in newer versions but not really sure where to look next.