Skip to content

Instantly share code, notes, and snippets.

@slightfoot

slightfoot/Snippet.java

Last active May 30, 2017 00:09
Show Gist options
  • Save slightfoot/95033e8d98760857262206fbb4229014 to your computer and use it in GitHub Desktop.
Save slightfoot/95033e8d98760857262206fbb4229014 to your computer and use it in GitHub Desktop.
Download ZIP
Fix for UnknownHostException's caused by TLS support. Enable TLS v1.1 and TLS v1.2 on older platforms <APIv20. NOTE: Internally supported just not enabled.
Raw
Snippet.java
// Enable TLS v1.1 and TLS v1.2 on older platforms <APIv20.
// NOTE: Internally supported just not enabled.
if(Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP){
try{
X509TrustManager trustManager = systemDefaultTrustManager();
okHttpBuilder.sslSocketFactory(new TLSSocketFactory(), trustManager);
}
catch(GeneralSecurityException e){
Log.e(TAG, "API security", e);
}
}
private X509TrustManager systemDefaultTrustManager()
throws GeneralSecurityException
{
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if(trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)){
throw new IllegalStateException(
"Unexpected default trust managers:" + Arrays.toString(trustManagers));
}
return (X509TrustManager) trustManagers[0];
}
Raw
TLSSocketFactory.java
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
/**
* ref: https://github.com/square/okhttp/issues/1934
* credit: https://gist.github.com/fkrauthan/ac8624466a4dee4fd02f
*/
public class TLSSocketFactory extends SSLSocketFactory
{
private SSLSocketFactory internalSSLSocketFactory;
public TLSSocketFactory()
throws KeyManagementException, NoSuchAlgorithmException
{
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, null, null);
internalSSLSocketFactory = context.getSocketFactory();
}
@Override
public String[] getDefaultCipherSuites()
{
return internalSSLSocketFactory.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites()
{
return internalSSLSocketFactory.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose)
throws IOException
{
return enableTLSOnSocket(
internalSSLSocketFactory.createSocket(s, host, port, autoClose));
}
@Override
public Socket createSocket(String host, int port)
throws IOException
{
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort)
throws IOException
{
return enableTLSOnSocket(
internalSSLSocketFactory.createSocket(host, port, localHost, localPort));
}
@Override
public Socket createSocket(InetAddress host, int port)
throws IOException
{
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
throws IOException
{
return enableTLSOnSocket(
internalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
}
private Socket enableTLSOnSocket(Socket socket)
{
if(socket != null && (socket instanceof SSLSocket)){
((SSLSocket) socket).setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2" });
}
return socket;
}
}
@slightfoot
Copy link
Author

Original Issue okhttp/issues/1934
Related Gist fkrauthan/ac8624466a4dee4fd02f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment