How to override the cipherlist sent to the server by Android when using HttpsURLConnection?

Question

During TLS negotiation, clients send a list of supported ciphers to the server, the server picks one, and encryption starts. I want to change this cipherlist sent to the ser

Answer 1

I bundled the technique in @ThinkChris's answer1 into a dead simple method call. You can use the NetCipher library to get a modern TLS config when using Android's HttpsURLConnection. NetCipher configures the HttpsURLConnection instance to use the best supported TLS version, removes SSLv3 support, and configures the best suite of ciphers for that TLS version. First, add it to your build.gradle:

compile 'info.guardianproject.netcipher:netcipher:1.2'

Or you can download the netcipher-1.2.jar and include it directly in your app. Then instead of calling:

HttpURLConnection connection = (HttpURLConnection) sourceUrl.openConnection();

Call this:

HttpsURLConnection connection = NetCipher.getHttpsURLConnection(sourceUrl);

If you want to specifically customize that cipher list, you can check the code there. But most people should not have to think about the cipher list, instead it should use the common best practices by default.