* Please provide the contents of ClientHello or the TLS record containing it. * Are you sure Volley (or the underlying HTTP stack it's configured to use) does not modify settings on SSLSocket instances returned by SSLSocketFactory provided to it? * What HTTP stack did you configure Volley to use?
Alex On Thu, Sep 24, 2015 at 9:44 AM Kunal Shah <[email protected]> wrote: > I am using volley framework for making network requests. I am trying to > enable TLS1.2 support for phone running on API version 19 (4.4.2). > as per SSL socket documentation TLS 1.2 is supported but not enabled by > default. As per recommendation on various android blogs I tried using > custom sslsocket factory to enable TLSv1.2. My code looks like following > > > public class TLSSocketFactory extends SSLSocketFactory { > > private SSLSocketFactory internalSSLSocketFactory; > > public TLSSocketFactory() throws KeyManagementException, > NoSuchAlgorithmException { > SSLContext context = SSLContext.getInstance("TLS"); > context.init(null, null, null); > internalSSLSocketFactory = context.getSocketFactory(); > } > > @Override > public String[] getDefaultCipherSuites() { > return internalSSLSocketFactory.getDefaultCipherSuites(); > } > > @Override > public String[] getSupportedCipherSuites() { > return internalSSLSocketFactory.getSupportedCipherSuites(); > } > > @Override > public Socket createSocket(Socket s, String host, int port, boolean > autoClose) throws IOException { > return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, > port, autoClose)); > } > > @Override > public Socket createSocket(String host, int port) throws IOException, > UnknownHostException { > return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); > } > > @Override > public Socket createSocket(String host, int port, InetAddress localHost, int > localPort) throws IOException, UnknownHostException { > return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, > localHost, localPort)); > } > > @Override > public Socket createSocket(InetAddress host, int port) throws IOException { > return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); > } > > @Override > public Socket createSocket(InetAddress address, int port, InetAddress > localAddress, int localPort) throws IOException { > return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, > port, localAddress, localPort)); > } > > private Socket enableTLSOnSocket(Socket socket) { > if(socket != null && (socket instanceof SSLSocket)) { > ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"}); > } > return socket; > } > } > > I use this TLS socket factory to get volley request Que as following > > > HttpStack stack = null; > > if (Build.VERSION.SDK_INT >= 9) { > try { > if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.KITKAT) { > // Use a socket factory that removes sslv3 and add TLS1.2 > stack = new HurlStack(null, new TLSSocketFactory()); > } else { > stack = new HurlStack(); > } > } catch (Exception e) { > stack = new HurlStack(); > Log.i("NetworkClient", "can no create custom socket factory"); > } > } > > mContext = applicationContext; > if (mRequestQueue == null) { > mRequestQueue = Volley.newRequestQueue(applicationContext, stack); > } > > > ..... > > VolleyRequest volleyRequest = new VolleyRequest(request, future, > getRequestMethod(request)); > mRequestQueue.add(volleyRequest); > > > > when i see socket returned by enableTLSOnSocket() in debugger it appears as > screen shot attached. It shows enabled protocol for socket are TLSv1.1 and > TLSv1.2. Although setEnabledProtocols() does not affect protocols listed > undress parameter and it still stays at TlsV1 and sslv3. > > > when i see Client hello message packet on server side.I see client announces > TlsV1 protol instead of TLS1.2. So i an bit confused why server does not see > TLS1.2 but client sees it? > > > more over i observed if i run same test on device running android 5.0 (API > 20) or above the structure of socket variable is totally different. > > > > <https://lh3.googleusercontent.com/-obmfkybzIX0/VgQnzeb2lUI/AAAAAAAAAH4/UZAB8ikEwr8/s1600/Screen%2BShot%2B2015-09-23%2Bat%2B4.02.59%2BPM.png> > > can some one help me finding out what i am missing and why sever sees TLSV1 > even though client side socket on debug shows TLSv1.2. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
