**A fork** Custom SSLSocketFactory Implementation to enable tls 1.2 for android 4.1 (16+) - modified to get system default TrustManagers and for use with retrofit 2 and okHttp 3.1.2;

TLSSocketFactory.java

package co.paystack.android.api.utils;

/**
 * Created by ibrahimlawal on Mar/14/2016.
 *
 * @author fkrauthan
 * @see http://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/
 * @since 1.2.0
 *
 * Modified to work with okHttp3.1.2
 * And so it only uses TLSv1.2
 */

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

public class TLSSocketFactory extends SSLSocketFactory {

  // Field named delegate so okHttp 3.1.2 will be
  // able to get our trust manager as suggested here:
  // https://github.com/square/okhttp/issues/2323#issuecomment-185055040
  private SSLSocketFactory delegate;

  public TLSSocketFactory() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
    SSLContext context = SSLContext.getInstance("TLS");

    // Get, so we can use default Trust managers for our Factory
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init((KeyStore) null);
    TrustManager[] tm = trustManagerFactory.getTrustManagers();

    context.init(null, tm, null);

    delegate = context.getSocketFactory();
  }

  @Override
  public String[] getDefaultCipherSuites() {
    return delegate.getDefaultCipherSuites();
  }

  @Override
  public String[] getSupportedCipherSuites() {
    return delegate.getSupportedCipherSuites();
  }

  @Override
  public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
    return enableTLSOnSocket(delegate.createSocket(s, host, port, autoClose));
  }

  @Override
  public Socket createSocket(String host, int port) throws IOException {
    return enableTLSOnSocket(delegate.createSocket(host, port));
  }

  @Override
  public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
    return enableTLSOnSocket(delegate.createSocket(host, port, localHost, localPort));
  }

  @Override
  public Socket createSocket(InetAddress host, int port) throws IOException {
    return enableTLSOnSocket(delegate.createSocket(host, port));
  }

  @Override
  public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
    return enableTLSOnSocket(delegate.createSocket(address, port, localAddress, localPort));
  }

  private Socket enableTLSOnSocket(Socket socket) {
    if (socket != null && (socket instanceof SSLSocket)) {
      // Only use TLSv1.2
      ((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.2"});
    }
    return socket;
  }
}

Use with retrofit 2 and okHttp 3.1.2 .java

OkHttpClient okHttpClient = new OkHttpClient
        .Builder()
        .sslSocketFactory(new TLSSocketFactory())
        .build();

Retrofit retrofit = new Retrofit.Builder()
        .baseUrl(API_URL)
        .client(okHttpClient)
        .build();