Last active
January 7, 2023 04:09
-
-
Save fkrauthan/ac8624466a4dee4fd02f to your computer and use it in GitHub Desktop.
Custom SSLSocketFactory Implementation to enable tls 1.1 and tls 1.2 for android 4.1 (16+)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package net.cogindo.ssl; | |
import java.io.IOException; | |
import java.net.InetAddress; | |
import java.net.Socket; | |
import java.net.UnknownHostException; | |
import java.security.KeyManagementException; | |
import java.security.NoSuchAlgorithmException; | |
import javax.net.ssl.SSLContext; | |
import javax.net.ssl.SSLSocket; | |
import javax.net.ssl.SSLSocketFactory; | |
/** | |
* @author fkrauthan | |
*/ | |
public class TLSSocketFactory extends SSLSocketFactory { | |
private SSLSocketFactory internalSSLSocketFactory; | |
public TLSSocketFactory() throws KeyManagementException, NoSuchAlgorithmException { | |
SSLContext context = SSLContext.getInstance("TLS"); | |
context.init(null, null, null); | |
internalSSLSocketFactory = context.getSocketFactory(); | |
} | |
@Override | |
public String[] getDefaultCipherSuites() { | |
return internalSSLSocketFactory.getDefaultCipherSuites(); | |
} | |
@Override | |
public String[] getSupportedCipherSuites() { | |
return internalSSLSocketFactory.getSupportedCipherSuites(); | |
} | |
@Override | |
public Socket createSocket() throws IOException { | |
return enableTLSOnSocket(internalSSLSocketFactory.createSocket()); | |
} | |
@Override | |
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { | |
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose)); | |
} | |
@Override | |
public Socket createSocket(String host, int port) throws IOException, UnknownHostException { | |
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); | |
} | |
@Override | |
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { | |
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort)); | |
} | |
@Override | |
public Socket createSocket(InetAddress host, int port) throws IOException { | |
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); | |
} | |
@Override | |
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { | |
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort)); | |
} | |
private Socket enableTLSOnSocket(Socket socket) { | |
if(socket != null && (socket instanceof SSLSocket)) { | |
((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"}); | |
} | |
return socket; | |
} | |
} |
for retrofit.. please check this https://gist.github.com/Kishanjvaghela/3eb249e6bd52ba6b2b858af674fc7c3d
i am using httpclient and using above TLSSocketFactory , and calling by getting httpclient and only display tlsv1.0, but i only need to use tlsv1.2, Could you please help where i am doing wrong.
TLSSocketFactoryNew .java
public class TLSSocketFactoryNew extends SSLSocketFactory {
private SSLSocketFactory internalSSLSocketFactory;
public TLSSocketFactoryNew(SSLSocketFactory socketFactory) {
internalSSLSocketFactory=socketFactory;
}
@Override
public String[] getDefaultCipherSuites() {
return internalSSLSocketFactory.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return internalSSLSocketFactory.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose));
}
@Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort));
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
}
/*
* Utility methods
*/
private static Socket enableTLSOnSocket(Socket socket) {
if (socket != null && (socket instanceof SSLSocket)
&& isTLSServerEnabled((SSLSocket) socket)) { // skip the fix if server doesn't provide there TLS version
((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.2"});
}
return socket;
}
private static boolean isTLSServerEnabled(SSLSocket sslSocket) {
System.out.println("isTLSServerEnabled :: " + sslSocket.getSupportedProtocols().toString());
for (String protocol : sslSocket.getSupportedProtocols()) {
if (protocol.equals("TLSv1.2")) {
return true;
}
}
return false;
}
}
Getting httpclient in httppost method to execute httpclient.
private CloseableHttpClient getNewClient() {
CloseableHttpClient httpclient=null;
SSLContext sslContext = null ;
try {
sslContext = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManagers = new TrustManager[] { new TrustManagerManipulator() };
sslContext.init(null, trustManagers, new SecureRandom());
SSLSocketFactory sslSocketFactory = new TLSSocketFactoryNew(sslContext.getSocketFactory());
httpclient = HttpClients.custom()
.setSSLSocketFactory((LayeredConnectionSocketFactory) sslSocketFactory)
.build();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
return httpclient;
}
Min Api : 19
compile files('libs/httpclient-4.5.5.jar')
compile files('libs/httpcore-4.4.11.jar'):
Thanks.
Thanks, Works on API 19!
alguien sabe como o donde se coloca el conscrypt
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Works on API 19! You are a genius!