Android: determine TLS support of device programmatically
So the host I use has recently disabled TLS 1.0, so for any device that doesn't support TLS 1.0 I need to use http rather than https (nothing sensitive is sent anyway... I just prefer to use SSL for everything where possible).
It appears that TLS 1.1/1.2 has been supported since API 16, but not enabled by default since around API 20 or 21. There are conflicting reports about exactly when the default was switched. See e.g. here (suggests from API 20) and here (suggests from API 21). And it seems that some devices even pre API 20 have TLS 1.1/1.2 support enabled, probably because the manufacturer tweaked things to make this happen.
I know that it's possible to enable TLS 1.1/1.2 on those devices that support it (see e.g. here), and maybe it's even possible to do it via Play Services as described here.
But I'd rather not have the hassle of implementing these sorts of hacks (and dealing with any issues from users), and just accept that any device running my app that does not already support TLS 1.1/1.2 should use http rather than https. As I said, nothing that would be classed as "sensitive" is communicated anyway. Over time, the number of devices that don't support TLS 1.1/1.2 will diminish.
So, with that said, is there a way of programmatically determining what TLS versions are supported by the device?
At the moment I just use the API version for this check ("use https from API 21 onwards"), but it would be better to check for TLS support more explicitly because some older devices will also support TLS 1.1/1.2.
android ssl https asked Mar 17 '17 at 10:40
drmrbrewerdrmrbrewer
2,11372988
add a comment |
So the host I use has recently disabled TLS 1.0, so for any device that doesn't support TLS 1.0 I need to use http rather than https (nothing sensitive is sent anyway... I just prefer to use SSL for everything where possible).
It appears that TLS 1.1/1.2 has been supported since API 16, but not enabled by default since around API 20 or 21. There are conflicting reports about exactly when the default was switched. See e.g. here (suggests from API 20) and here (suggests from API 21). And it seems that some devices even pre API 20 have TLS 1.1/1.2 support enabled, probably because the manufacturer tweaked things to make this happen.
I know that it's possible to enable TLS 1.1/1.2 on those devices that support it (see e.g. here), and maybe it's even possible to do it via Play Services as described here.
But I'd rather not have the hassle of implementing these sorts of hacks (and dealing with any issues from users), and just accept that any device running my app that does not already support TLS 1.1/1.2 should use http rather than https. As I said, nothing that would be classed as "sensitive" is communicated anyway. Over time, the number of devices that don't support TLS 1.1/1.2 will diminish.
So, with that said, is there a way of programmatically determining what TLS versions are supported by the device?
At the moment I just use the API version for this check ("use https from API 21 onwards"), but it would be better to check for TLS support more explicitly because some older devices will also support TLS 1.1/1.2.
android ssl https asked Mar 17 '17 at 10:40
drmrbrewerdrmrbrewer
2,11372988
add a comment |
So the host I use has recently disabled TLS 1.0, so for any device that doesn't support TLS 1.0 I need to use http rather than https (nothing sensitive is sent anyway... I just prefer to use SSL for everything where possible).
It appears that TLS 1.1/1.2 has been supported since API 16, but not enabled by default since around API 20 or 21. There are conflicting reports about exactly when the default was switched. See e.g. here (suggests from API 20) and here (suggests from API 21). And it seems that some devices even pre API 20 have TLS 1.1/1.2 support enabled, probably because the manufacturer tweaked things to make this happen.
I know that it's possible to enable TLS 1.1/1.2 on those devices that support it (see e.g. here), and maybe it's even possible to do it via Play Services as described here.
But I'd rather not have the hassle of implementing these sorts of hacks (and dealing with any issues from users), and just accept that any device running my app that does not already support TLS 1.1/1.2 should use http rather than https. As I said, nothing that would be classed as "sensitive" is communicated anyway. Over time, the number of devices that don't support TLS 1.1/1.2 will diminish.
So, with that said, is there a way of programmatically determining what TLS versions are supported by the device?
At the moment I just use the API version for this check ("use https from API 21 onwards"), but it would be better to check for TLS support more explicitly because some older devices will also support TLS 1.1/1.2.
android ssl https asked Mar 17 '17 at 10:40
drmrbrewerdrmrbrewer
2,11372988
So the host I use has recently disabled TLS 1.0, so for any device that doesn't support TLS 1.0 I need to use http rather than https (nothing sensitive is sent anyway... I just prefer to use SSL for everything where possible).
It appears that TLS 1.1/1.2 has been supported since API 16, but not enabled by default since around API 20 or 21. There are conflicting reports about exactly when the default was switched. See e.g. here (suggests from API 20) and here (suggests from API 21). And it seems that some devices even pre API 20 have TLS 1.1/1.2 support enabled, probably because the manufacturer tweaked things to make this happen.
I know that it's possible to enable TLS 1.1/1.2 on those devices that support it (see e.g. here), and maybe it's even possible to do it via Play Services as described here.
But I'd rather not have the hassle of implementing these sorts of hacks (and dealing with any issues from users), and just accept that any device running my app that does not already support TLS 1.1/1.2 should use http rather than https. As I said, nothing that would be classed as "sensitive" is communicated anyway. Over time, the number of devices that don't support TLS 1.1/1.2 will diminish.
So, with that said, is there a way of programmatically determining what TLS versions are supported by the device?
At the moment I just use the API version for this check ("use https from API 21 onwards"), but it would be better to check for TLS support more explicitly because some older devices will also support TLS 1.1/1.2.
android ssl https android ssl https asked Mar 17 '17 at 10:40
drmrbrewerdrmrbrewer
2,11372988
asked Mar 17 '17 at 10:40
drmrbrewerdrmrbrewer
2,11372988
asked Mar 17 '17 at 10:40
drmrbrewerdrmrbrewer
2,11372988
asked Mar 17 '17 at 10:40
drmrbrewerdrmrbrewer
2,11372988
asked Mar 17 '17 at 10:40
drmrbrewerdrmrbrewer
2,11372988
2,11372988
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
So, with that said, is there a way of programmatically determining what TLS versions are supported by the device?
Try this:
SSLParameters sslParameters;
try
sslParameters = SSLContext.getDefault()
.getDefaultSSLParameters();
catch (NoSuchAlgorithmException e)
// ...
// SSLv3, TLSv1, TLSv1.1, TLSv1.2 etc.
sslParameters.getProtocols();
answered Mar 17 '17 at 11:33
nandsitonandsito
3,22921021
add a comment |
Using the security Provider as mentioned is the best approach, and using the snippet from @nandsito is great for debugging (especially on older devices such as Samsung Galaxy S3 which by default has SSLv3 and TLSv1, but not TLSv1.1 and TLSv1.2).
answered Nov 14 '18 at 16:46
lorenzolorenzo
118213
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f42855333%2fandroid-determine-tls-support-of-device-programmatically%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
So, with that said, is there a way of programmatically determining what TLS versions are supported by the device?
Try this:
SSLParameters sslParameters;
try
sslParameters = SSLContext.getDefault()
.getDefaultSSLParameters();
catch (NoSuchAlgorithmException e)
// ...
// SSLv3, TLSv1, TLSv1.1, TLSv1.2 etc.
sslParameters.getProtocols();
answered Mar 17 '17 at 11:33
nandsitonandsito
3,22921021
add a comment |
So, with that said, is there a way of programmatically determining what TLS versions are supported by the device?
Try this:
SSLParameters sslParameters;
try
sslParameters = SSLContext.getDefault()
.getDefaultSSLParameters();
catch (NoSuchAlgorithmException e)
// ...
// SSLv3, TLSv1, TLSv1.1, TLSv1.2 etc.
sslParameters.getProtocols();
answered Mar 17 '17 at 11:33
nandsitonandsito
3,22921021
add a comment |
So, with that said, is there a way of programmatically determining what TLS versions are supported by the device?
Try this:
SSLParameters sslParameters;
try
sslParameters = SSLContext.getDefault()
.getDefaultSSLParameters();
catch (NoSuchAlgorithmException e)
// ...
// SSLv3, TLSv1, TLSv1.1, TLSv1.2 etc.
sslParameters.getProtocols();
answered Mar 17 '17 at 11:33
nandsitonandsito
3,22921021
So, with that said, is there a way of programmatically determining what TLS versions are supported by the device?
Try this:
SSLParameters sslParameters;
try
sslParameters = SSLContext.getDefault()
.getDefaultSSLParameters();
catch (NoSuchAlgorithmException e)
// ...
// SSLv3, TLSv1, TLSv1.1, TLSv1.2 etc.
sslParameters.getProtocols();
answered Mar 17 '17 at 11:33
nandsitonandsito
3,22921021
answered Mar 17 '17 at 11:33
nandsitonandsito
3,22921021
answered Mar 17 '17 at 11:33
nandsitonandsito
3,22921021
answered Mar 17 '17 at 11:33
nandsitonandsito
3,22921021
3,22921021
add a comment |
add a comment |
Using the security Provider as mentioned is the best approach, and using the snippet from @nandsito is great for debugging (especially on older devices such as Samsung Galaxy S3 which by default has SSLv3 and TLSv1, but not TLSv1.1 and TLSv1.2).
answered Nov 14 '18 at 16:46
lorenzolorenzo
118213
add a comment |
Using the security Provider as mentioned is the best approach, and using the snippet from @nandsito is great for debugging (especially on older devices such as Samsung Galaxy S3 which by default has SSLv3 and TLSv1, but not TLSv1.1 and TLSv1.2).
answered Nov 14 '18 at 16:46
lorenzolorenzo
118213
add a comment |
Using the security Provider as mentioned is the best approach, and using the snippet from @nandsito is great for debugging (especially on older devices such as Samsung Galaxy S3 which by default has SSLv3 and TLSv1, but not TLSv1.1 and TLSv1.2).
answered Nov 14 '18 at 16:46
lorenzolorenzo
118213
Using the security Provider as mentioned is the best approach, and using the snippet from @nandsito is great for debugging (especially on older devices such as Samsung Galaxy S3 which by default has SSLv3 and TLSv1, but not TLSv1.1 and TLSv1.2).
answered Nov 14 '18 at 16:46
lorenzolorenzo
118213
answered Nov 14 '18 at 16:46
lorenzolorenzo
118213
answered Nov 14 '18 at 16:46
lorenzolorenzo
118213
answered Nov 14 '18 at 16:46
lorenzolorenzo
118213
118213
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f42855333%2fandroid-determine-tls-support-of-device-programmatically%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
