sing lam sing lam -3 years ago 149
Android Question

Can Android 4.4 support cipher with SHA256?

I am working on a device running Android 4.4 (API level 19). But I need to develop an application connecting to a server only support TLSv1.2 and cipher of SHA256. I tried creating the SSL context with the legacy apache library and the updated apache 4.4.1.2 (cz.msebera.android). After creating the context and I get the supported cipher, nothing of them contains SHA256. The program is running fine on other Android 5.0+ devices.

My question is that any way I can support TLSv1.2 and cipher SHA256 on an Android 4.4 device?

Thanks.

Answer Source

Finally, I resolved the problem by creating my own SSL factory like this:

package com.bbpos.www.payment_gp.webservice; 

public class NoSSLv3SocketFactory extends SSLSocketFactory {
private final SSLSocketFactory delegate;

public NoSSLv3SocketFactory() {
    this.delegate = HttpsURLConnection.getDefaultSSLSocketFactory();
}

public NoSSLv3SocketFactory(SSLSocketFactory delegate) {
    this.delegate = delegate;
}

@Override
public String[] getDefaultCipherSuites() {
    return delegate.getDefaultCipherSuites();
}

@Override
public String[] getSupportedCipherSuites() {
    return delegate.getSupportedCipherSuites();
}

private Socket makeSocketSafe(Socket socket) {
    if (socket instanceof SSLSocket) {
        String[] protocols = {
                "TLSv1.1",
                "TLSv1.2"
        };
        ((SSLSocket) socket).setEnabledProtocols(protocols);
    }
    return socket;
}

@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
    return makeSocketSafe(delegate.createSocket(s, host, port, autoClose));
}

@Override
public Socket createSocket(String host, int port) throws IOException {
    return makeSocketSafe(delegate.createSocket(host, port));
}

@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
    return makeSocketSafe(delegate.createSocket(host, port, localHost, localPort));
}

@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
    return makeSocketSafe(delegate.createSocket(host, port));
}

@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
    return makeSocketSafe(delegate.createSocket(address, port, localAddress, localPort));
}

}

And then initialize the factory at beginning of program:

TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {

        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return new java.security.cert.X509Certificate[0];
        }

        public void checkClientTrusted(java.security.cert.X509Certificate[] certs,
                                       String authType) {
        }

        public void checkServerTrusted(java.security.cert.X509Certificate[] certs,
                                       String authType) {
        }
    }};
    try {
        SSLContext sc;
        sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        SSLSocketFactory NoSSLv3Factory = new NoSSLv3SocketFactory(sc.getSocketFactory());
        HttpsURLConnection
                .setDefaultSSLSocketFactory(NoSSLv3Factory);
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });

    } catch (Exception e)
    {

    }
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download