Nativescript application running on Android 7.0 throws SSLHandShakeException

The application I am creating has a back-end web API hosted with Node and Nginx. I used Let's Encrypt to create an SSL certificate. The application has a web and mobile front-end. The web side of things all worked fine on the desktop and on the mobile browser. The mobile native application is created with NativeScript.

While testing against an Android 7.0 device I kept getting errors and could not connect to the back-end web API. After discovering NativeScript Playground in particular this sample which I modified to make a call to my web API, I was able to see that the application was throwing a SSLHandShakeException.

javax.net.ssl.SSLHandShakeException: Handshake failed 
at ZoneAwareError at onRequestComplete 
at Object.onComplete 

Initially I thought the issue was due to using Let's Encrypt however after further digging and hunting I came across this StackOverFlow post which suggests "changing the nginx configuration by removing secp384r1 or replacing it with the default (prime256v1)". It turns out that this is a "known regression in Android 7.0, acknowledged by Google and fixed sometime before the release of Android 7.1.1".

To over come the problem I had to change my Nginx config to use:

ssl_ecdh_curve prime256v1;

instead of

ssl_ecdh_curve secp384r1;




Also to support previous version of Android you will need

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;