Posted on

HttpURLConnection TLS TLSv1.1 TLSv1.2 SSL SSLv3

What is TLS?

TLS version depends on android API level

Java Cryptography Architecture Standard Algorithm Name Documentation for JDK 8

square/okhttp and tls 1.2

javax.net.ssl

Security with HTTPS and SSL

OpenSSL

Default configuration for different Android versions:

SSLContext

Algorithm Supported API Levels
Default 10+
SSL 10+
SSLv3 10-25
TLS 1+
TLSv1 10+
TLSv1.1 16+
TLSv1.2 16+

SSLEngine.

Protocol Supported (API Levels) Enabled by default (API Levels)
SSLv3 1–TBD 1–22
TLSv1 1+ 1+
TLSv1.1 20+ 20+
TLSv1.2 20+ 20+

SSLSocket

SSLSocket instances obtained from default SSLSocketFactory, SSLServerSocketFactory, and SSLContext are configured as follows:

Client socket:

Protocol Supported (API Levels) Enabled by default (API Levels)
SSLv3 1–TBD 1–22
TLSv1 1+ 1+
TLSv1.1 16+ 20+
TLSv1.2 16+ 20+

Server socket:

Protocol Supported (API Levels) Enabled by default (API Levels)
SSLv3 1–TBD 1–22
TLSv1 1+ 1+
TLSv1.1 16+ 16+
TLSv1.2 16+ 16+

Android 4.1+ enable TLS 1.1 and TLS 1.2

package com.arvifox.ssltlstest;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;

import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

public class ArviFoxSSLSocketFactory extends SSLSocketFactory {

    private static final String[] ENABLED_PROTOCOLS = new String[] { "TLSv1.2" };

    private SSLSocketFactory mSslSocketFactory;

    public WalletSSLSocketFactory(SSLSocketFactory sslSocketFactory) {
        super();
        mSslSocketFactory = sslSocketFactory;
    }

    @Override
    public String[] getDefaultCipherSuites() {
        return mSslSocketFactory.getDefaultCipherSuites();
    }

    @Override
    public String[] getSupportedCipherSuites() {
        return mSslSocketFactory.getSupportedCipherSuites();
    }

    @Override
    public SSLSocket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
        SSLSocket socket = (SSLSocket) mSslSocketFactory.createSocket(s, host, port, autoClose);
        socket.setEnabledProtocols(ENABLED_PROTOCOLS);
        return socket;
    }

    @Override
    public Socket createSocket(String host, int port) throws IOException {
        SSLSocket socket = (SSLSocket) mSslSocketFactory.createSocket(host, port);
        socket.setEnabledProtocols(ENABLED_PROTOCOLS);
        return socket;
    }

    @Override
    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
        SSLSocket socket = (SSLSocket) mSslSocketFactory.createSocket(host, port, localHost, localPort);
        socket.setEnabledProtocols(ENABLED_PROTOCOLS);
        return socket;
    }

    @Override
    public Socket createSocket(InetAddress host, int port) throws IOException {
        SSLSocket socket = (SSLSocket) mSslSocketFactory.createSocket(host, port);
        socket.setEnabledProtocols(ENABLED_PROTOCOLS);
        return socket;
    }

    @Override
    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        SSLSocket socket = (SSLSocket) mSslSocketFactory.createSocket(address, port, localAddress, localPort);
        socket.setEnabledProtocols(ENABLED_PROTOCOLS);
        return socket;
    }
}

//***********

public class ConnectionFactory {

    private final SSLSocketFactory mSSLSocketFactory;

    public ConnectionFactory(Context context) {
        mSSLSocketFactory = buildSSLSocketFactory(context);
    }

    public HttpURLConnection getUrlConnection(String surl) throws IOException,
            ConnectorException {
        final URL url = new URL(surl);
        final HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
        urlConnection.setSSLSocketFactory(mSSLSocketFactory);
        urlConnection.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });
        return urlConnection;
    }

    private SSLSocketFactory buildSSLSocketFactory(Context context) {
        try {
            final KeyStore clientStore = KeyStore.getInstance("PKCS12");

            clientStore.load(context.getResources().openRawResource(R.raw.cert_file), "password".toCharArray());
            final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            kmf.init(clientStore, "password".toCharArray());
            final KeyManager[] kms = kmf.getKeyManagers();

            final TrustManager[] trustAllCerts = new TrustManager[]{};

            final SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(kms, trustAllCerts, new SecureRandom());

            return sslContext.getSocketFactory();
        } catch (KeyStoreException | IOException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | KeyManagementException e) {
            throw new RuntimeException("Build SSLSocketFactory error", e);
        }
    }
}
Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.