Your app uses a defective version of the OpenSSL library, which can cause your app to crash. Update to a fixed version of OpenSSL

[Syko1995]

Your app uses a defective version of the OpenSSL library, which can cause your app to crash. Update to a fixed version of OpenSSL

i used AIR SDK : 33.1.1.929 Will this package be used or not? AIR_SDK_33.1.1.856 Thx

[apofis1969]

@Syko1995 I got the same error now. with SDK 929 and 889. @ajwfrost how to fix this?

[Syko1995]

@apofis1969 Unfortunately, so far I have not found any solution to this problem and the new update has been suspended for 21 days

[apofis1969]

@Syko1995 hopefully @ajwfrost will send us a solution soon. We will not be the only once with this serious problem.

[FliplineStudios]

Does the error prevent you from releasing the build? We received the same error, but only in the "Pre-Launch Report" and not within the build upload/release warnings. Google's "Learn More" link even mentions that it's not mandatory and won't affect being able to release a build (though recommended to fix.) Wonder if it's a fluke that ours somehow made it through, or if they've now made it mandatory in the last couple days...

[apofis1969]

@FliplineStudios hi, as it is declared as an error and not as a warning, it is a risk to send an update to the production environment.

[FliplineStudios]

@apofis1969 I agree it should be fixed ASAP, and looks like Harman will be fixing it soon in an update.

One thing to consider is that this is the same OpenSSL version that the AIR SDK has used since at least .476, so we've all been releasing with this same defective library in all of our published apps for the past 16 months, and it's only in the past few weeks that Google has decided to start warning developers about it. If you haven't had any stability issues over the past 16 months, you could decide if you want to release to production anyway in the meantime while waiting for Harman to fix the issue.

We ended up releasing to production, though somewhat inadvertently since Google didn't even flag our upload with this error, and only found it hidden away in the Pre-Launch Report after it had already gone live... haven't seen any issues though so far.

[Syko1995]

ot be the only once wi

@apofis1969 I hope so, my friend. We wish them good luck

[Syko1995]

@FliplineStudios hi, as it is declared as an error and not as a warning, it is a risk to send an update to the production environment.

I sent a review request, will there be a problem now with this big mistake

[Nitish-Verma-1992]

Hi, is this issue solved? any solution found? Actually I also got the same error but unable to found which dependency is causing this issue. Also, can anyone please confirm that I can resubmit the app on google console with this issue being unresolve ? Thanks in advance!

[Ender22]

@Nitish-Verma-1992 This was solved in the most recent air versions (both 50, and 33)

[Gokulv617]

But recent version makes a app to crash what to do now

[ajwfrost]

The 50.0.1 has an instability caused by freetype, which we're working on; 33.1.1.935 should be a stable version though so if you're getting a crash on that, please raise it as a new bug.

thanks

[Gokulv617]

It is raised in #2260

[mon73]

Any updates?

[ajwfrost]

On which..?! The OpenSSL update was in 33.1.1.935 (stable) and in 50.0.1.1 which has an instability around freetype/libpng which we've now fixed and are releasing shortly as 50.0.1.2.

thanks

[mumeka]

We are using 33.1.1.935 and error became visible again after release. It is more detailed now:

OpenSSL 1.1.1d in lib/x86_64/libCore.so

Maybe x86 version forgotten?

[ajwfrost]

Hmm... seems to be okay from what we can see? If you extract your APK file and check that library, are you able to get any hints? We've checked the source code and submissions into the repository, and also checked the library files as well: e.g.

/SDKs/33.1.1.935/runtimes/air/android/device/x86_64 $ cat libCore.so | grep "1.1.1"
grep: (standard input): binary file matches

/SDKs/33.1.1.935/runtimes/air/android/device/x86_64 $ cat libCore.so | grep "1.1.1q"
grep: (standard input): binary file matches

/SDKs/33.1.1.935/runtimes/air/android/device/x86_64 $ cat libCore.so | grep "1.1.1d"

/SDKs/33.1.1.929/runtimes/air/android/device/x86_64 $ $ cat libCore.so | grep "1.1.1d"
grep: (standard input): binary file matches

/SDKs/33.1.1.929/runtimes/air/android/device/x86_64 $ cat libCore.so | grep "1.1.1q"

So it looks like this is set up properly. Are you able to find out more, how are they actually detecting it?

[mumeka]

Yes aab contains 1.1.1d with grep results. I have made another build with 33.1.1.935. This new one contains 1.1.1q. I'm not sure how old one had 1.1.1d. But it seems to be resolved now.

[ajwfrost]

Great, thanks. Weird, maybe a caching issue somewhere/somehow...

[farmketprocess]

solution

https://support.google.com/faqs/answer/12576638

[farmketprocess]

add

implementation 'com.android.ndk.thirdparty:openssl:1.1.1l-beta-1'

inside the android/app/build.gradle dependencies

[malakarrinku]

i have published a vpn app now in my console also showing this ssl warning . so should i paste this dependency in gradle? implementation 'com.android.ndk.thirdparty:openssl:1.1.1l-beta-1'