-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
Android Question TLS v1.2 or higher
- Thread starter iCAB
- Start date
-
- Tags
- tls
- Similar Threads Similar Threads
1) Since API 20, Android supports TLS V1.2 (see https://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/)
2) It's up to the server to choose the best method (see https://security.stackexchange.com/a/55010)
2) It's up to the server to choose the best method (see https://security.stackexchange.com/a/55010)
Upvote
0
Hi Oliver,
Thanks for info, it is definitely a good start, but I am not sure how to use this code with B4A. The first article is mainly referencing Java code, and I guess the code is needed for android 4.1 and lower. Also the first article provides a link to a second way of doing it, provided that the app is using google play service. According to the second link
https://blog.dev-area.net/2015/08/17/protect-your-android-app-against-ssl-exploits/, the only code needed in this case is:
is this right?
Thanks
iCAB
Thanks for info, it is definitely a good start, but I am not sure how to use this code with B4A. The first article is mainly referencing Java code, and I guess the code is needed for android 4.1 and lower. Also the first article provides a link to a second way of doing it, provided that the app is using google play service. According to the second link
https://blog.dev-area.net/2015/08/17/protect-your-android-app-against-ssl-exploits/, the only code needed in this case is:
B4X:
ProviderInstaller.installIfNeeded(getContext());is this right?
Thanks
iCAB
Upvote
0
@Erel attached an example program here (https://www.b4x.com/android/forum/threads/ssl-websocket-client.88472/page-2#post-560044) that shows how to update the security provider.
Upvote
0
hey Oliver,
Thanks again for your feedback. I looked at @Erel code and I was trying to understand if this guarantees TLS V1.2 and above on older android versions or not.
I was unable to find a reference yet. Do you know anything about it?
Another interesting thing that I saw:
Thanks again for your feedback. I looked at @Erel code and I was trying to understand if this guarantees TLS V1.2 and above on older android versions or not.
I was unable to find a reference yet. Do you know anything about it?
Another interesting thing that I saw:
- based on the original links that you provided, the author mentioned to call the code in the first activity
- Also based on this https://developers.google.com/android/reference/com/google/android/gms/security/ProviderInstaller, it says "This method must be called on the UI thread."
Last edited:
Upvote
0
The way to test this would be to connect to a server that only provides tls 1.2. As to a guarantee, that may be difficult. As posted in a link above, the server should pick the strongest security that a client can handle. If the server does not do it’s job right, connections may happen at a lower security protocol.
Upvote
0
Since @Erel posted it, I’ll wager it will work. In the end, just try it. You can then try this https://www.howsmyssl.com site from the device that implements this code and see what it says.
Upvote
0
Similar Threads
- Question
Android Question
How to select TLS 1.2 or higher (Required by Dropbox)
