Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Using TLS(TLSv1.1, TLSv1.2) correctly in Android development
public class TLSSocketFactory extends SSLSocketFactory {
private static final String PROTOCOL_ARRAY[];
static {
// https://developer.android.com/about/versions/android-5.0-changes.html#ssl
// https://developer.android.com/reference/javax/net/ssl/SSLSocket
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
PROTOCOL_ARRAY = new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"};
} else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
PROTOCOL_ARRAY = new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
} else {
PROTOCOL_ARRAY = new String[]{"SSLv3", "TLSv1"};
}
}
private static final X509TrustManager DEFAULT_TRUST_MANAGERS = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) {
// Trust.
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) {
// Trust.
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};
private static void setSupportProtocolAndCipherSuites(Socket socket) {
if (socket instanceof SSLSocket) {
((SSLSocket) socket).setEnabledProtocols(PROTOCOL_ARRAY);
}
}
private SSLSocketFactory delegate;
public TLSSocketFactory() {
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{DEFAULT_TRUST_MANAGERS}, new SecureRandom());
delegate = sslContext.getSocketFactory();
} catch (GeneralSecurityException e) {
throw new AssertionError(); // The system has no TLS. Just give up.
}
}
public TLSSocketFactory(SSLSocketFactory factory) {
this.delegate = factory;
}
@Override
public String[] getDefaultCipherSuites() {
return delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return delegate.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
Socket ssl = delegate.createSocket(s, host, port, autoClose);
setSupportProtocolAndCipherSuites(ssl);
return ssl;
}
@Override
public Socket createSocket(String host, int port) throws IOException {
Socket ssl = delegate.createSocket(host, port);
setSupportProtocolAndCipherSuites(ssl);
return ssl;
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
Socket ssl = delegate.createSocket(host, port, localHost, localPort);
setSupportProtocolAndCipherSuites(ssl);
return ssl;
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
Socket ssl = delegate.createSocket(host, port);
setSupportProtocolAndCipherSuites(ssl);
return ssl;
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
Socket ssl = delegate.createSocket(address, port, localAddress, localPort);
setSupportProtocolAndCipherSuites(ssl);
return ssl;
}
@Override
public Socket createSocket() throws IOException {
Socket ssl = delegate.createSocket();
setSupportProtocolAndCipherSuites(ssl);
return ssl;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.