Enable TLS on api < lvl 20

[jrejaud]

SSLEngine only supports TLS 1.1 and 1.2 on android API lvl 20 or greater.

enableTLSProtocolOnOlderVersionsOfAndroid(Context context, String protocol) lets the user set a protocol (ex: "TLSv1.2") and update the SSLEngine that AndroidAsync is using to permit older versions of Android to use TLS.

I tested it on API lvl 16 at the lowest, I am unsure if it works for versions below that.

[nguyenhuutinh]

hello, can we apply your idea on normal SSLContext? I don't know how to set SSLEngine to setSslSocketFactory().

[jrejaud]

Possibly, http://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/ might be relevant to you.

Trying to get the code I wrote to work with AndroidAsynch, I've realized that this works on Kitkat, but it causes an SSLExceptionon Jelly Bean when I try to connect to our backend. I believe you need to remove the

 //Create new SSL Engine and insert it as middlewear
 SSLEngine engine = sslContext.createSSLEngine();
 insertMiddleware((AsyncHttpClientMiddleware) engine);

to make it work. I'll update this branch when I have a version that works across multiple versions of Android.

[SandroMachado]

@jrejaud do you have any updates on this?

[Saren-Arterius]

How could engine instanceof AsyncHttpClientMiddleware?

[mkonecny]

Please do not merge. This requires Google Play Services to become a dependency - there are better ways to add TLS 1.2 support to Android 4.1 -> 4.4 .

[koush]

You know, this is actually possible by using the "provided" declaration. So it is only conditionally used at compile time. See this ion change:

https://github.com/koush/ion/commit/7ec16d64c99539e06018a1855d9a7bffd340e084

Footprint of AndroidAsync would remain the same, and silently fail+continue with lack of play services.

[koush]

If you want TLS in AndroidAsync, you can use ProviderInstaller yourself, and change the SSLContext. Or use ion, which will handle that all transparently.