1. Download our Official Android App: Forums for Android!

Support TLS 1.2 Support on Android 4.2.2

Discussion in 'Android Help' started by Novak, Apr 20, 2016.

  1. Novak

    Novak Lurker
    Thread Starter
    Rank:
    None
    Points:
    5
    Posts:
    4
    Joined:
    Apr 20, 2016

    Apr 20, 2016
    4
    1
    5
    Hello.

    Is TLS 1.2 fully supported on Android 4.2.2?

    Thanks
     

    Advertisement

  2. svim

    svim Android Expert
    Rank:
     #45
    Points:
    608
    Posts:
    3,746
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    3,746
    2,789
    608
    Illinois
  3. Novak

    Novak Lurker
    Thread Starter
    Rank:
    None
    Points:
    5
    Posts:
    4
    Joined:
    Apr 20, 2016

    Apr 20, 2016
    4
    1
    5
    I will not use the browser. I will have an app that will communicate using https.
    Can I full turn in on in this case?
     
  4. svim

    svim Android Expert
    Rank:
     #45
    Points:
    608
    Posts:
    3,746
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    3,746
    2,789
    608
    Illinois
    SSL/TLS isn't necessarily an Android operating system issue so it's not a general item to turn on or off, and https is only part of the overall security layer. Different browsers and different apps each approach things in different ways. The developer of whichever app you're referring to will be opting to use any number of certificates, keys, and versions.
     
  5. Novak

    Novak Lurker
    Thread Starter
    Rank:
    None
    Points:
    5
    Posts:
    4
    Joined:
    Apr 20, 2016

    Apr 20, 2016
    4
    1
    5
    Well,

    At some points I agree, but this should be very related to the OS, actually to SDK. I mean I do not plan to implement all cipher suites that I need as requirement.

    I will make simple example. If you go do Windows OS, supported TLS/SLL protocol and related supported cipher suites are related to the .net version that you are using (really implementation inside .net, so TLS/SSL handshare etc.). But handshake is far from enough, on the client side there need to be implementation of specific cipher suites.

    Also, on the server side I can really chose what I want to support. For example, on Windows I can really specify at the most granular level which TLS/SSL protocol version I will allow, also which cipher suites and so on.

    I just found out what is officially supported:
    http://developer.android.com/reference/javax/net/ssl/SSLSocket.html

    So, TLS 1.2 is not turned on by default, I will see deeper if available cipher suites are enough or there are security flaws with them. Even one strong cipher suite is good enought for me, since I probably can control both sides.

    Anyway, what I want to say is that I want to use TLS 1.2 and available implementations of supported cipher suits.But official implementations, I do not plan to use some home lab impelemntations, also I do not want to implement it by my self.

    Thanks Svim
     

Share This Page

Loading...