SSLContext.getInstance(protocol) returns an SSLContext which *supports" the specified protocol (and may support other ones), but it doesn't mean the protocol is enabled by default -- see https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLContext.html#getInstance(java.lang.String) and https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext .
As mentioned earlier in this thread, you need to use a custom SSLSocketFactory. This factory will (1) obtain SSLSocket instances from the SSLSocketFactory returned by your SSLContext, and (2) enable TLSv1.2 on these sockets before returning them to the caller. Alex On Mon, Dec 22, 2014 at 6:25 PM, NJ Lee <[email protected]> wrote: > Eamon Doyle > > I am stuck in enabling TSL with HttpsUrlConnection as you before. > I have been tried to solve this issue based on Jerrey's comment, but it's > not working for me. > Could you give me some guide how to resolve this issue on android. > Thank you in advance. > > > 2014년 7월 8일 화요일 오후 12시 36분 16초 UTC+9, Eamon Doyle 님의 말: > >> Brian, I may try this later out of curiosity and post back. However, >> since it's working with the SSLSocketEngineEx solution, I'm going to go >> with that for now. >> >> On Monday, July 7, 2014 8:08:35 PM UTC-7, Brian Carlstrom wrote: >>> >>> You might try a wrapper SSLSocketFactory that delegates to the >>> SSLContext.getSocketFactory() result, but calls >>> socket.setEnabledProtocols(new String[]{"TLSv1.2"}) on the result >>> before returning it. >>> >>> It sounds like we might have some bugs were we aren't honoring the >>> SSLContext argument when creating SSLSocket's from the context. >>> Looking at the Provider registration and implementation of >>> OpenSSLContextImpl, it doesn't seem like we vary the code based on the >>> algorithm name: >>> >>> /* === SSL Contexts === */ >>> final String classOpenSSLContextImpl = prefix + >>> "OpenSSLContextImpl"; >>> put("SSLContext.SSL", classOpenSSLContextImpl); >>> put("SSLContext.SSLv3", classOpenSSLContextImpl); >>> put("SSLContext.TLS", classOpenSSLContextImpl); >>> put("SSLContext.TLSv1", classOpenSSLContextImpl); >>> put("SSLContext.TLSv1.1", classOpenSSLContextImpl); >>> put("SSLContext.TLSv1.2", classOpenSSLContextImpl); >>> put("SSLContext.Default", prefix + "DefaultSSLContextImpl"); >>> >>> -bri >>> >>> On Mon, Jul 7, 2014 at 7:34 PM, Nikolay Elenkov >>> <[email protected]> wrote: >>> > On Tue, Jul 8, 2014 at 11:21 AM, Eamon Doyle <[email protected]> >>> wrote: >>> > >>> >> >>> >> However, I don't know of way to do HTTP requests or use an HTTP >>> client with >>> >> a socket that's already created. So, I tried using an >>> HttpsUrlConnection as >>> >> follows (error handling omitted for brevity): >>> >> >>> >> KeyManager[] keyManagers = getMyKeyManagers(); >>> >> TrustManager[] trustManagers = getMyTrustManagers(); >>> >> SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); >>> >> sslContext.init(keyManagers, trustManagers, null); >>> >> >>> > >>> > Try adding this before the code below: >>> > >>> > HttpsURLConnection.setDefaultSSLSocketFactory( >>> sslContext.getSocketFactory()); >>> > >>> >> URL url = new URL("https://foo.com/bar";); >>> >> HttpsURLConnection urlConnection = null; >>> >> urlConnection = (HttpsURLConnection)url.openConnection(); >>> >> urlConnection.connect(); >>> >> >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups "Android Security Discussions" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> > To post to this group, send email to [email protected]. >>> >>> > Visit this group at http://groups.google.com/ >>> group/android-security-discuss. >>> > For more options, visit https://groups.google.com/d/optout. >>> >> -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
