Hi all. I'm trying to write an app that uses TLSv1.2 but I am having a
bear of a time getting it to work. I was able to get an SSLSocket to use
TLSv1.2 by doing as follows:
SSLCertificateSocketFactory sslSocketFactory =
(SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0);
sslSocketFactory.setKeyManagers((KeyManager[])getMyKeyManagers());
sslSocketFactory.setTrustManagers((TrustManager[])getMyTrustManagers());
SSLSocket s =
(SSLSocket)sslSocketFactory.createSocket(InetAddress.getByName(host), 443);
s.setEnabledProtocols(new String[] {"TLSv1.2"} );
sslSocketFactory.setHostname(s,"foo.com");
SSLSession session = s.getSession();
However, I don't know of way to do HTTP requests or use an HTTP client with
a socket that's already created. So, I tried using an HttpsUrlConnection
as follows (error handling omitted for brevity):
KeyManager[] keyManagers = getMyKeyManagers();
TrustManager[] trustManagers = getMyTrustManagers();
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagers, trustManagers, null);
URL url = new URL("https://foo.com/bar";);
HttpsURLConnection urlConnection = null;
urlConnection = (HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
urlConnection.connect();
The server is set to reject any connection that doesn't attempt TLSv1.2. I
sniffed the server port with Wireshark and it shows that in the SSLSocket
case, my app tries and succeeds with TLSv1.2 but the HttpsUrlConnection
fails because it only tries TLSv1. So, I either need to figure out how to
do HTTP requests over an existing socket or figure out how to get TLSv1.2
working with the existing HttpsUrlRequest. Any suggestions would be much
appreciated.
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
