Using http might fix the test, for sure - but I think we should move on to testing https only, as the new normal.
Although this is through one major browser vendor (which dwarfs all others at 60% market share) -- the coming https-pocalypse later this year (see https://techcrunch.com/2018/02/08/chrome-will-soon-mark-all-unencrypted-pages-as-not-secure/) is the hammer coming for most sites. These sites will not want to lose any Google juice and it will be the new reality (sites might not want to change, but customers leaving will make that choice for them). Even if we keep testing for http, most sites will eventually redirect to https, and we would be back to square one with the failing tests. We should consider KitKat 'abandoned' since Google definitely won't be updating it with the latest security standard. Filed and resolved: https://issues.apache.org/jira/browse/CB-14146 On Tue, Jun 19, 2018 at 5:43 PM julio cesar sanchez <jcesarmob...@gmail.com> wrote: > Why don't we just use http instead of https? shouldn't that fix the > problems too? or https is required in other platforms? > > 2018-06-19 11:32 GMT+02:00 Ken Naito <k...@monaca.io>: > >> Hi Shazron, >> >> Thanks for the advice! >> I sent a new commit of PR, which removes some tests for Android 4.4. >> >> Ken Naito. >> >> On 2018/06/19 13:35, Shazron wrote: >> >>> Thanks Ken! >>> I think we should go for the simpler option, and log this as a new issue >>> that is known and out of our control. Android 4.4 (even though 10% of the >>> market) should not be a priority for us. >>> >>> On Tue, Jun 19, 2018 at 12:30 PM Ken Naito <k...@monaca.io <mailto: >>> k...@monaca.io>> wrote: >>> >>> >>> I have investigated the test failure for Android 4.4. For >>> cordova-plugin-media, the cause of the failure may be the SSL >>> handshake. >>> >>> The MediaPlayer in Android 4.4 can not connect to a modern SSL >>> server. >>> For example: >>> https://cordova.apache.org/downloads/BlueZedEx.mp3 >>> >>> https://cordova-develop.github.io/cordova-plugin-media/res/BlueZedEx.mp3 >>> >>> On the other hand, the MediaPlayer can connect to a standard SSL >>> server >>> like: >>> https://www.asial.co.jp/data_knaito/BlueZedEx.mp3 >>> >>> I have checked the packet, and the available cipher suites of Android >>> 4.4 are as follows: >>> >>> ECDHE-RSA-AES256-CBC-SHA >>> ECDHE-ECDSA-AES256-CBC-SHA >>> SRP-SHA-DSS-AES256-CBC-SHA >>> SRP-SHA-RSA-AES256-CBC-SHA >>> DHE-RSA-AES256-CBC-SHA >>> DHE-DSS-AES256-CBC-SHA >>> ECDH-RSA-AES256-CBC-SHA >>> ECDH-ECDSA-AES256-CBC-SHA >>> RSA-AES256-CBC-SHA >>> ECDHE-RSA-3DES-EDE-CBC-SHA >>> ECDHE-ECDSA-3DES-EDE-CBC-SHA >>> SRP-SHA-DSS-3DES-EDE-CBC-SHA >>> SRP-SHA-RSA-3DES-EDE-CBC-SHA >>> DHE-RSA-3DES-EDE-CBC-SHA >>> DHE-DSS-3DES-EDE-CBC-SHA >>> ECDH-RSA-3DES-EDE-CBC-SHA >>> ECDH-ECDSA-3DES-EDE-CBC-SHA >>> RSA-3DES-EDE-CBC-SHA >>> ECDHE-RSA-AES128-CBC-SHA >>> ECDHE-ECDSA-AES128-CBC-SHA >>> SRP-SHA-DSS-AES128-CBC-SHA >>> SRP-SHA-RSA-AES128-CBC-SHA >>> DHE-RSA-AES128-CBC-SHA >>> DHE-DSS-AES128-CBC-SHA >>> ECDH-RSA-AES128-CBC-SHA >>> ECDH-ECDSA-AES128-CBC-SHA >>> RSA-AES128-CBC-SHA >>> ECDHE-RSA-RC4-SHA >>> ECDHE-ECDSA-RC4-SHA >>> ECDH-RSA-RC4-SHA >>> ECDH-ECDSA-RC4-SHA >>> RSA-RC4-SHA >>> RSA-RC4-MD5 >>> >>> Modern SSL servers may refuse these cipher suites. >>> >>> In order to resolve this issue, the mp3 file should be downloaded in >>> another way and then be played by MediaPlayer. >>> One way of downloading is using the okhttp library with a custom ssl >>> socket factory. >>> >>> However, the okhttp library is not included in the latest >>> cordova-android, and cordova-plugin-okhttp >>> (https://github.com/MobileChromeApps/cordova-plugin-okhttp) is too >>> old >>> and not maintained. >>> >>> I think that a new okhttp plugin should be created, and >>> cordova-plugin-media should depend on the new okhttp plugin in >>> order to >>> connect to a modern SSL server. >>> >>> Or, a more simple option is to specify that the MediaPlayer can not >>> connect modern SSL servers for Android 4.4, and remove the test of >>> playing streams for Android 4.4. >>> >>> >>> On 2018/06/18 13:02, Shazron wrote: >>> > We keep seeing this failed Media test on Android 4.4: >>> > https://github.com/apache/cordova-plugin-media/pull/166 >>> > >>> > I'm not sure of the state of our Android support, especially >>> 4.4. Does >>> > anyone have any pointers? Thanks >>> > >>> >>> >> >
