Here’s why your Android phone can’t connect to SSL sites through WiFi

By | August 24, 2018

TL;DR Try turning off “Data Saver”.

Recently, the browser on my Android phone stopped being able to connect to any SSL web sites, i.e., to URLs starting with “https://”, when connected to one particular WiFi network, the main one at work. I did not have this problem when connecting to any other WiFi network, including the guest network work and my WiFi network at home. I did not have this problem with WiFi turned off.

Our corporate WiFi is made up of Meraki devices, including a Meraki security appliance which requires us to sign into the WiFi once a month. The appliance is supposed to prompt you automatically to sign in when needed when you try to use the WiFi in a browser, but sometimes that doesn’t work for SSL sites, so the trick for checking if you need to sign in and forcing it if you do is to browse to http://neverssl.com/ (or any other non-SSL web site, but that’s the one set up for this very purpose). So, of course, when I stopped being able to connect to SSL web sites, the very first thing I did was to visit neverssl.com. It worked just fine, so apparently re-authentication wasn’t the issue I was having.

After that I tried all sorts of other troubleshooting steps, none of which helped. I told my phone to forget the WiFi network and then reconnected to it. I tried resetting the networking stack on my phone. I even tried doing a packet capture from the Meraki dashboard to see the phone’s network traffic when I tried to visit an SSL web site.

The packet capture didn’t show any traffic at all on port 443 when I attempted to visit an SSL web site. This led me to believe that there was something wrong with the phone itself, but what could it be? I was stumped for quite a while.

Then it occurred to me to try another packet capture, this time when I attempted to visit a non-SSL web site. The web site loaded just fine in the browser, but once again there were no packets in the packet capture! At first I dismissed this result… “The page loaded just fine in the browser, so clearly packets were transferred, so if the packet capture isn’t showing any traffic, that must mean that the packet capture is broken and I can’t rely on it as a useful test.”

Bzzz! Wrong answer. The packet capture was working just fine. The problem, it turns out, was that I had Android’s “Data Saver” feature enabled. Somehow, Data Saver was allowing neverssl.com to keep loading successfully in the browser even though it was, in fact, time for me to sign in to the WiFi network. When I turned off Data Saver and tried visiting neverssl.com again, I got prompted to sign in.

Moral of the story? If you regularly use WiFi networks that periodically force you to sign in again, you may want to turn off Data Saver. You can turn it off from the main menu in Chrome or through the Android settings app.

I’ve posted this in case somebody else runs into this obscure issue and tries Googling, like I did unsuccessfully, for a solution. Comment below if it helped you. 😉

 

Print Friendly, PDF & Email
Share

Leave a Reply

Your email address will not be published.