Two things - the implementation of JavaTrustManager was attempting to instantiate a TrustManagerFactory with a hard-coded name of "PKIX", which doesn't work on Android. So instead of that, we ask for the TrustManagerFactory's default algorithm - which for the standard JRE still appears to be "PKIX", but which for Android may be something else. - the "hack" which had been in place to force the SSLEngine to perform a TLS handshake has been removed. Calling "SSLEngine.beginHandshake()" is not guaranteed to make the SSLEngine perform the TLS handshake, which it typically only does when it is told to wrap some data from the client. The earlier version of JSSEContext provoked this by asking it to send a "<" character, and then removing the leading "<" from whatever Stroke happened to send next. It turns out that you can force the handshake to start by telling the SSLEngine to wrap 0 bytes of data from the client, and so this change removes the hack, and instead calls "wrapAndSendData()" with an empty buffer as soon as the SSLEngine has been created. Test-information: Ran XMPP client that uses TLS and verified that everything still works as expected. Change-Id: Ie08d76bd2f5a743320a59bad62a09c1f215c48d6 Signed-off-by: Nick Hudson <nick.hudson@isode.com>