Discussion in 'Android Help' started by Novak, Apr 20, 2016.
Is TLS 1.2 fully supported on Android 4.2.2?
Yes and No, so many variables:
I will not use the browser. I will have an app that will communicate using https.
Can I full turn in on in this case?
SSL/TLS isn't necessarily an Android operating system issue so it's not a general item to turn on or off, and https is only part of the overall security layer. Different browsers and different apps each approach things in different ways. The developer of whichever app you're referring to will be opting to use any number of certificates, keys, and versions.
At some points I agree, but this should be very related to the OS, actually to SDK. I mean I do not plan to implement all cipher suites that I need as requirement.
I will make simple example. If you go do Windows OS, supported TLS/SLL protocol and related supported cipher suites are related to the .net version that you are using (really implementation inside .net, so TLS/SSL handshare etc.). But handshake is far from enough, on the client side there need to be implementation of specific cipher suites.
Also, on the server side I can really chose what I want to support. For example, on Windows I can really specify at the most granular level which TLS/SSL protocol version I will allow, also which cipher suites and so on.
I just found out what is officially supported:
So, TLS 1.2 is not turned on by default, I will see deeper if available cipher suites are enough or there are security flaws with them. Even one strong cipher suite is good enought for me, since I probably can control both sides.
Anyway, what I want to say is that I want to use TLS 1.2 and available implementations of supported cipher suits.But official implementations, I do not plan to use some home lab impelemntations, also I do not want to implement it by my self.