You might try a wrapper SSLSocketFactory that delegates to the
SSLContext.getSocketFactory() result, but calls
socket.setEnabledProtocols(new String[]{"TLSv1.2"}) on the result
before returning it.
It sounds like we might have some bugs were we aren't honoring the
SSLContext argument when creating SSLSocket's from the context.
Looking at the Provider registration and implementation of
OpenSSLContextImpl, it doesn't seem like we vary the code based on the
algorithm name:
/* === SSL Contexts === */
final String classOpenSSLContextImpl = prefix + "OpenSSLContextImpl";
put("SSLContext.SSL", classOpenSSLContextImpl);
put("SSLContext.SSLv3", classOpenSSLContextImpl);
put("SSLContext.TLS", classOpenSSLContextImpl);
put("SSLContext.TLSv1", classOpenSSLContextImpl);
put("SSLContext.TLSv1.1", classOpenSSLContextImpl);
put("SSLContext.TLSv1.2", classOpenSSLContextImpl);
put("SSLContext.Default", prefix + "DefaultSSLContextImpl");
-bri
On Mon, Jul 7, 2014 at 7:34 PM, Nikolay Elenkov
<[email protected]> wrote:
> On Tue, Jul 8, 2014 at 11:21 AM, Eamon Doyle <[email protected]> wrote:
>
>>
>> However, I don't know of way to do HTTP requests or use an HTTP client with
>> a socket that's already created. So, I tried using an HttpsUrlConnection as
>> follows (error handling omitted for brevity):
>>
>> KeyManager[] keyManagers = getMyKeyManagers();
>> TrustManager[] trustManagers = getMyTrustManagers();
>> SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
>> sslContext.init(keyManagers, trustManagers, null);
>>
>
> Try adding this before the code below:
>
> HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
>
>> URL url = new URL("https://foo.com/bar";);
>> HttpsURLConnection urlConnection = null;
>> urlConnection = (HttpsURLConnection)url.openConnection();
>> urlConnection.connect();
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Android Security Discussions" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to
> [email protected].
> Visit this group at http://groups.google.com/group/android-security-discuss.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
