[Android] SSL Handshake Failed When Making External API Requests in Capacitor App

Capacitor
1

Issue Description

I’m working on a Capacitor-based mobile app using React and React Router. The app works fine on iOS/Xcode, but on Android/Android Studio, external API requests fail with this error:

2025-03-13 06:44:00.628 22016-22116 chromium xxx.xxxx.app E [ERROR:ssl_client_socket_impl.cc(879)] handshake failed; returned -1, SSL error code 1, net_error -100
  • The app loads fine and navigation works.
  • However, any external HTTP request to my Vercel-hosted API fails.
  • I tried removing and recreating the android folder and capacitor.config.ts, but the issue persists.
  • Research suggests that I may need to ignore SSL errors (related thread).

Setup Details

Package.json

{
  "name": "mobile-app",
  "version": "1.0.0",
  "private": true,
  "scripts": {
    "build": "cd ../mobile-web && pnpm build",
    "sync": "cap sync",
    "open:ios": "cap open ios",
    "open:android": "cap open android",
    "add:ios": "cap add ios",
    "add:android": "cap add android"
  },
  "packageManager": "pnpm@10.6.2",
  "dependencies": {
    "@capacitor/core": "^7.1.0",
    "@capacitor/ios": "^7.1.0",
    "@capacitor/android": "^7.1.0"
  },
  "devDependencies": {
    "@capacitor/cli": "^7.1.0"
  }
}

Capacitor Config (capacitor.config.ts)

import type { CapacitorConfig } from '@capacitor/cli';

const config: CapacitorConfig = {
  appId: 'xxx.xxxxxx.app',
  appName: 'xxxx',
  webDir: '../mobile-web/dist',
  server: {
    cleartext: true,
    allowNavigation: ['xxxx.xxx', 'localhost', 'https://xxxx.xxx', 'https://*.xxxx.xxx'],
  },
  ios: {
    contentInset: 'automatic',
    preferredContentMode: 'mobile',
    backgroundColor: '#000000',
  },
  android: {},
  plugins: {
    CapacitorHttp: {
      enabled: true,
    },
  },
};

export default config;

Troubleshooting Steps Tried

  1. Removed and re-added the Android folder
rm -rf android
pnpm cap sync android
  1. Checked SSL Certificate
  • The API is hosted on Vercel and works fine in the browser.
  • Works on iOS, so the issue seems to be Android-specific.
  1. Checked Network Security Config (potential fix?)
  • Should I add a network security config in res/xml/network_security_config.xml?
  • Do I need to allow cleartext traffic?

Questions

  1. How can I bypass or fix SSL handshake failure in Capacitor for Android?
  2. Do I need to modify the android folder manually to accept self-signed or Let’s Encrypt certificates?
  3. Should I disable SSL checks (even temporarily) for debugging?

Any guidance would be greatly appreciated!

2

Check out GitHub - jcesarmobile/ssl-skip. I believe @jcesarmobile is on the Ionic/Capacitor team. They posted this package on Discord when someone else was asking about something similar.

3

I installed it, followed all the instructions, but I still get the same error. Maybe exist another way to fix it? Basically the app loads, but when I try to make request to my API can’t connect, because not pass the ssl checks