Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Android add TLS 1.2 for pre-lollipop #1501

Merged
merged 1 commit into from
May 15, 2017
Merged

Android add TLS 1.2 for pre-lollipop #1501

merged 1 commit into from
May 15, 2017

Conversation

hjanetzek
Copy link
Member

Same is needed for Pelias and Valhalla android clients. Also there seem to be Android 7.0 devices which lack to enable TLS 1.2 ..

http://stackoverflow.com/questions/39133437/sslhandshakeexception-handshake-failed-on-android-n-7-0
https://issuetracker.google.com/issues/37122132

@hjanetzek hjanetzek requested a review from matteblair May 15, 2017 14:04
@tallytalwar
Copy link
Member

cc. @sarahlensing, @msmollin for pelias and valhalla work.

@msmollin
Copy link
Collaborator

I am not following the correlation between this code change, enabling TLS 1.2 on 4.x devices, and the links which talk about Android 7.0 missing valid cipher suites for TLS 1.2. Does this change somehow alleviate that problem?

@hjanetzek
Copy link
Member Author

hjanetzek commented May 15, 2017
edited
Loading

@msmollin the pre-lollipop related links was
square/okhttp#2372 (comment)
mapzen/android#360 (comment)

The solution for some Android 7.0 devices adds also the cipher suite to the snippet above. Not sure how to handle this case - I've just added the comment for further investigation :)

ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
            .tlsVersions(TlsVersion.TLS_1_2)
            .cipherSuites(CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
            .build();

from http://stackoverflow.com/a/41874704

@hjanetzek hjanetzek force-pushed the android-tls1.2-workaround branch from e6ab0f3 to f020713 Compare May 15, 2017 20:41
matteblair
matteblair approved these changes May 15, 2017
View reviewed changes
Copy link
Member

@matteblair matteblair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed on a tablet running 4.2.2 that SSL is broken before this fix and works after this fix.

@matteblair matteblair merged commit 4406088 into master May 15, 2017
@matteblair matteblair deleted the android-tls1.2-workaround branch May 15, 2017 21:01
matteblair pushed a commit that referenced this pull request May 15, 2017
@hjanetzek @matteblair
Android add TLS 1.2 for pre-lollipop (#1501)
106cf46
matteblair pushed a commit that referenced this pull request May 15, 2017
@hjanetzek @matteblair
Android add TLS 1.2 for pre-lollipop (#1501)
9ec575a
This was referenced May 18, 2017
Closed
Closed
@sarahsnow1
Copy link
Collaborator

@tallytalwar thanks for the heads up, relevant pelias and valhalla tickets created here:
pelias/pelias-android-sdk#75
mapzen/on-the-road_android#115

@tallytalwar tallytalwar mentioned this pull request May 25, 2017
Merged
This was referenced May 30, 2017
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matteblair matteblair matteblair approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hjanetzek @tallytalwar @msmollin @sarahsnow1 @matteblair