android 4.x tls1.2,Making SSLEngine use TLSv1.2 on Android (4.4.2)?

最新推荐文章于 2024-04-09 03:24:39 发布

舟舟州

最新推荐文章于 2024-04-09 03:24:39 发布

阅读量133

点赞数

文章标签： android 4.x tls1.2

Folks, I'm hoping there's something obvious that I'm missing, and I hope someone will be able to shed some light. I'm trying to get TLSv1.2 running in an SSL + NIO context (using the AndroidAsync library), so I'm trying to enable it via an SSLEngine. I can run code like this:

SSLContext sslContext = SSLContext.getInstance("TLSv1.2");

sslContext.init(null, null, null);

String[] protocols = sslContext.getSupportedSSLParameters().getProtocols();

for (String protocol : protocols) {

Timber.d("Context supported protocol: " + protocol);

}

SSLEngine engine = sslContext.createSSLEngine();

String[] supportedProtocols = engine.getSupportedProtocols();

for (String protocol : supportedProtocols) {

Timber.d("Engine supported protocol: " + protocol);

}

And I end up seeing this on logcat:

06-22 21:56:27.715 1117-1117/? D/XXX﹕ Context supported protocol: SSLv3

06-22 21:56:27.715 1117-1117/? D/XXX﹕ Context supported protocol: TLSv1

06-22 21:56:27.725 1117-1117/? D/XXX﹕ Context supported protocol: TLSv1.1

06-22 21:56:27.725 1117-1117/? D/XXX﹕ Context supported protocol: TLSv1.2

06-22 21:56:27.735 1117-1117/? D/XXX﹕ Engine supported protocol: TLSv1

06-22 21:56:27.745 1117-1117/? D/XXX﹕ Engine supported protocol: SSLv3

Of course if I try to engine.setEnabledProtocols(new String[] { "TLSv1.2" }) I get an IllegalArgumentException "Protocol TLSv1.2 is not supported."

I can see the context claims to support TLSv1.2, but then the engine I make from that context doesn't? What's going on here? None of this changes if I use "TLS" instead of "TLSv1.2" in the first line above, btw.

I gather this might have something to do with this issue, and I've read this (as yet unanswered) question and articles like this, but they don't quite seem to be hitting the spot - solutions I've seen all seem to rely on SSLSocket rather than SSLEngine.

Thanks much for any knowledge you can drop.

UPDATE 6/23/14 10AMEDT

So I found SSLEngine.setSSLParameters, which I was hoping would let me pass in an SSLParameters that I got from SSLContext.getSupportedSSLParameters(), but when I call that I get an exception that claims the cipher suites aren't supported, so it looks like setSSLParameters() is just doing the same thing that setEnabledCipherSuites() does, and the engine is already in a state where it doesn't recognize the TLS 1.2 protocol/suites as supported.