HttpsURLConnection and TLSv1.2

Question

I'm using HttpsURLConnection to perform http calls on my android app, some of them to AWS. As AWS removes support of SSLv3 soon, I need to make sure my calls supports TLSv1.2 instead.

Does HttpsURLConnection supports TLSv1.2 by default or should I configure it explicitly to work with it instead of SSLv3?

Answer 1

If you're using an older device and need to use TLS1.2, Conscrypt is the advanced library you should use. It allows you to enable the necessary protocols and provides the required TLS. Give it a try, I'm sure it will be very helpful.

Answer 2

You can use the NetCipher library to get a modern TLS config when using Android's HttpsURLConnection. NetCipher configures the HttpsURLConnection instance to use the best supported TLS version, as well as the best suite of ciphers for that TLS version. First, add it to your build.gradle:

compile 'info.guardianproject.netcipher:netcipher:1.2'

Or you can download the netcipher-1.2.jar and include it directly in your app. Then instead of calling:

HttpURLConnection connection = (HttpURLConnection) sourceUrl.openConnection();

Call this:

HttpsURLConnection connection = NetCipher.getHttpsURLConnection(sourceUrl);

Answer 3

Android supports SSLv3 and TLSv1 in all versions. From API level 16, Android starts to support TLSv1.1 and TLSv1.2. If your target is on or above API level 16, you should be fine. For target lower than 16, Android will use TLSv1 when server supports. You can test your app against an endpoint that supports TLSv1 or above, for example https://www.banner.iup.edu/. See SSLEngine and SSLContext for more details.