Android Question TLS v1.2 or higher

iCAB

Well-Known Member
Licensed User
Longtime User
Hi All

How do we ensure that the device is using TLS V1.2 or higher when calling web services using https?

Thanks
iCAB
 

OliverA

Expert
Licensed User
Longtime User
Upvote 0

iCAB

Well-Known Member
Licensed User
Longtime User
Hi Oliver,

Thanks for info, it is definitely a good start, but I am not sure how to use this code with B4A. The first article is mainly referencing Java code, and I guess the code is needed for android 4.1 and lower. Also the first article provides a link to a second way of doing it, provided that the app is using google play service. According to the second link
https://blog.dev-area.net/2015/08/17/protect-your-android-app-against-ssl-exploits/, the only code needed in this case is:

B4X:
ProviderInstaller.installIfNeeded(getContext());

is this right?

Thanks
iCAB
 
Upvote 0

iCAB

Well-Known Member
Licensed User
Longtime User
hey Oliver,

Thanks again for your feedback. I looked at @Erel code and I was trying to understand if this guarantees TLS V1.2 and above on older android versions or not.
I was unable to find a reference yet. Do you know anything about it?

Another interesting thing that I saw:
While @Erel's code is using the starter service to call the ProviderInstaller. Would this work?
 
Last edited:
Upvote 0

OliverA

Expert
Licensed User
Longtime User
The way to test this would be to connect to a server that only provides tls 1.2. As to a guarantee, that may be difficult. As posted in a link above, the server should pick the strongest security that a client can handle. If the server does not do it’s job right, connections may happen at a lower security protocol.
 
Upvote 0

OliverA

Expert
Licensed User
Longtime User
If you have control of your own server, you could have it only advertise tls 1.2. Devices that are do not support tls 1.2 would then not connect
 
Upvote 0

iCAB

Well-Known Member
Licensed User
Longtime User
Thanks Oliver!

What about this part: "While @Erel's code is using the starter service to call the ProviderInstaller. Would this work?"
Do you know anything about it?
 
Upvote 0

OliverA

Expert
Licensed User
Longtime User
Since @Erel posted it, I’ll wager it will work. In the end, just try it. You can then try this https://www.howsmyssl.com site from the device that implements this code and see what it says.
 
Upvote 0
Top