Are two way SSL handshakes supported on Android?

Has anyone had any success getting an android device to participate in a two-way SSL hanshake? ie with a client cert involved on the device? After installing the client cert from the sd card - i cannot connect to the URL that requires a two way ssl handshake in either the browser or the mail app. (we secure our mail server behind a hardware appliance that establishes the SSL connection).

The Device just throws an SSL handshake error. Our setup works on all desktop browsers, iphones and WinMo devices with the client cert installed.

This is the error log from the device (HTC Desire with 2.1):

D/EAS_AppSvc(  422): 06021143 > testServer()
D/EAS_AppSvc(  422): 06021143 > initEASService()
V/EAS DeviceInfo(  422):  GetDeviceID: 4020b869
D/EAS_AppSvc(  422): 06021143   (1)connect to > https://serverxxx.com.au/Microsoft-Server-ActiveSync?User=u415434&DeviceId=HTCAnd4020b869&DeviceType=htcbravo
I/AlertDialog(  422): [onCreate] auto launch SIP.
D/EASProgressDialog(  422): 06021143 onStart()
D/EAS_AppSvc(  422): 06021143 onServiceStateChanged :serviceState = 0 home Telstra Mobile (N/A) 50501  HSDPA CSS not supported -1 -1RoamInd: -1DefRoamInd: -1EriInd: -1EriMode: -1RadioPowerSv: false
I/LockUtil(  422): 06021143 - acquire PowerLock - PARTIAL_WAKE_LOCK: EAS_NETWORK_CHANGE
D/EAS_AppSvc(  422): 06021143 isWifiNetwork: false
D/EAS_AppSvc(  422): 06021143 isWifiNetwork: false
D/EAS_AppSvc(  422): 06021143 isMobileNetwork: true
D/EAS_AppSvc(  422): 06021143 NETWORK_STATE_CHANGED: isWifi开发者_开发问答:false, isMobile:true
D/EAS_AppSvc(  422): 06021143 SvcHandler - Account not configured
I/LockUtil(  422): 06021143 - release PowerLock: EAS_NETWORK_CHANGE
D/TelephonyRegistry(   81): notifyDataConnection() state=2isDataConnectivityPossible()true, reason=null
D/TelephonyRegistry(   81): broadcastDataConnectionStateChanged()  state=CONNECTEDtypes=default,supl, interfaceName=rmnet0
D/NetworkLocationProvider(   81): onDataConnectionStateChanged 8
D/MobileDataStateTracker(   81): replacing old mInterfaceName (rmnet0) with rmnet0 for supl
D/PhoneApp(  145): mReceiver: ACTION_ANY_DATA_CONNECTION_STATE_CHANGED
D/PhoneApp(  145): - state: CONNECTED
D/PhoneApp(  145): - reason: null
D/PendingMsgSendReceiverRegister(  372): onReceive, start to send QueuedMessage
D/PendingMsgSendReceiverRegister(  372): SmsReceiverService_handleServiceStateChanged() sendFirstQueuedMessage >>
D/PendingMsgSendReceiverRegister(  372): SmsReceiverService_handleServiceStateChanged() sendFirstQueuedMessage <<
V/MmsSystemEventReceiver(  372): Intent received: Intent { act=android.intent.action.ANY_DATA_STATE cmp=com.android.mms/.transaction.MmsSystemEventReceiver (has extras) }
E/OpenSSLSocketImpl(  422): Unknown error 1 during connect
W/System.err(  422): java.io.IOException: SSL handshake failure: Failure in SSL library, usually a protocol error
W/System.err(  422): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1053 0x4b1778:0x00000003)
W/System.err(  422):  at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method)
W/System.err(  422):  at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:305)
W/System.err(  422):  at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
W/System.err(  422):  at com.htc.android.mail.eassvc.common.EASHostnameVerifier.verify(EASHostnameVerifier.java:34)
W/System.err(  422):  at com.htc.android.mail.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:242)
W/System.err(  422):  at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:129)
W/System.err(  422):  at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
W/System.err(  422):  at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
W/System.err(  422):  at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
W/System.err(  422):  at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
W/System.err(  422):  at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
W/System.err(  422):  at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
W/System.err(  422):  at android.net.http.AndroidHttpClient.execute(AndroidHttpClient.java:283)
W/System.err(  422):  at com.htc.android.mail.eassvc.EASAppSvc.testServer(EASAppSvc.java:3999)
W/System.err(  422):  at com.htc.android.mail.eassvc.EASAppSvc$2.testServer(EASAppSvc.java:600)
W/System.err(  422):  at com.htc.android.mail.easclient.ExchangeSvrSetting$TestServerThread.run(ExchangeSvrSetting.java:1188)
I/EAS_AppSvc(  422): 06021143 testServer(), IOException(1): SSL handshake failure: Failure in SSL library, usually a protocol error
I/EAS_AppSvc(  422): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1053 0x4b1778:0x00000003)
V/EAS DeviceInfo(  422):  GetDeviceID: 4020b869
D/EAS_AppSvc(  422): 06021143   (2)connect to > https://serverxxx.com.au/Microsoft-Server-ActiveSync?User=u415434&DeviceId=HTCAnd4020b869&DeviceType=htcbravo
E/OpenSSLSocketImpl(  422): Unknown error 1 during connect
W/System.err(  422): java.io.IOException: SSL handshake failure: Failure in SSL library, usually a protocol error
W/System.err(  422): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1053 0x3f9e10:0x00000003)
W/System.err(  422):  at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method)
W/System.err(  422):  at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:305)
W/System.err(  422):  at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
W/System.err(  422):  at com.htc.android.mail.eassvc.common.EASHostnameVerifier.verify(EASHostnameVerifier.java:34)
W/System.err(  422):  at com.htc.android.mail.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:242)
W/System.err(  422):  at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:129)
W/System.err(  422):  at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
W/System.err(  422):  at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
W/System.err(  422):  at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
W/System.err(  422):  at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
W/System.err(  422):  at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
W/System.err(  422):  at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
W/System.err(  422):  at android.net.http.AndroidHttpClient.execute(AndroidHttpClient.java:283)
W/System.err(  422):  at com.htc.android.mail.eassvc.EASAppSvc.testServer(EASAppSvc.java:3999)
W/System.err(  422):  at com.htc.android.mail.eassvc.EASAppSvc$2.testServer(EASAppSvc.java:600)
W/System.err(  422):  at com.htc.android.mail.easclient.ExchangeSvrSetting$TestServerThread.run(ExchangeSvrSetting.java:1188)
I/EAS_AppSvc(  422): 06021143 testServer(), IOException(2): SSL handshake failure: Failure in SSL library, usually a protocol error
I/EAS_AppSvc(  422): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1053 0x3f9e10:0x00000003)
D/EASProgressDialog(  422): 06021143 onStop()
V/HtcAlertDialog(  422): onStop
I/HtcAlertDialog(  422): deinitSensor

Installing the cert really is making it available for VPN and WiFi, not generally to all applications.

An application can use client certificates by creating their own SSLContext and initializing it with a KeyManager as shown in this Java example: SSLContext and KeyManager example The SSLSocketFactory returned by SSLContext.getSocketFactory will provide the client certificate from the keystore during handshake.

From your stack trace, it seems like you are using an email app from HTC, I'm not sure if they support client certificates, if so, they probably need to be configured within the application. I do know that the third party app Nitrodesk Touchdown available on the Android Market supports client certificates but that the Android builtin Exchange support in Froyo does not.