Brian, I may try this later out of curiosity and post back. However, since
it's working with the SSLSocketEngineEx solution, I'm going to go with that
for now.
On Monday, July 7, 2014 8:08:35 PM UTC-7, Brian Carlstrom wrote:
>
> You might try a wrapper SSLSocketFactory that delegates to the
> SSLContext.getSocketFactory() result, but calls
> socket.setEnabledProtocols(new String[]{"TLSv1.2"}) on the result
> before returning it.
>
> It sounds like we might have some bugs were we aren't honoring the
> SSLContext argument when creating SSLSocket's from the context.
> Looking at the Provider registration and implementation of
> OpenSSLContextImpl, it doesn't seem like we vary the code based on the
> algorithm name:
>
> /* === SSL Contexts === */
> final String classOpenSSLContextImpl = prefix +
> "OpenSSLContextImpl";
> put("SSLContext.SSL", classOpenSSLContextImpl);
> put("SSLContext.SSLv3", classOpenSSLContextImpl);
> put("SSLContext.TLS", classOpenSSLContextImpl);
> put("SSLContext.TLSv1", classOpenSSLContextImpl);
> put("SSLContext.TLSv1.1", classOpenSSLContextImpl);
> put("SSLContext.TLSv1.2", classOpenSSLContextImpl);
> put("SSLContext.Default", prefix + "DefaultSSLContextImpl");
>
> -bri
>
> On Mon, Jul 7, 2014 at 7:34 PM, Nikolay Elenkov
> <[email protected] <javascript:>> wrote:
> > On Tue, Jul 8, 2014 at 11:21 AM, Eamon Doyle <[email protected]
> <javascript:>> wrote:
> >
> >>
> >> However, I don't know of way to do HTTP requests or use an HTTP client
> with
> >> a socket that's already created. So, I tried using an
> HttpsUrlConnection as
> >> follows (error handling omitted for brevity):
> >>
> >> KeyManager[] keyManagers = getMyKeyManagers();
> >> TrustManager[] trustManagers = getMyTrustManagers();
> >> SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
> >> sslContext.init(keyManagers, trustManagers, null);
> >>
> >
> > Try adding this before the code below:
> >
> >
> HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
>
> >
> >> URL url = new URL("https://foo.com/bar";);
> >> HttpsURLConnection urlConnection = null;
> >> urlConnection = (HttpsURLConnection)url.openConnection();
> >> urlConnection.connect();
> >>
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Android Security Discussions" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected]
> <javascript:>.
> > To post to this group, send email to [email protected]
> <javascript:>.
> > Visit this group at
> http://groups.google.com/group/android-security-discuss.
> > For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
