Disable SSL as a protocol in HttpsURLConnection

Question

Due to the POODLE vulnerability, my server, hosted in Amazon AWS does no longer support SSLv3.

As a result, the first HTTPS connection my Android app does against th

Answer 1

The above solution(s) didn't work for me, therefore this is what I learned and did to overcome this issue.

For older devices than Android 5.0, the default security provider had those properties:

1. TSLv1 and TSLv2 protocols were not enable by default
2. SSLv3 protocol is not disable by default.

A solution that worked for me here is to patch the "Provider" if needed when starting the app, so it will no longer have SSLv3 on it's list of protocols. A straightforward way to patch Android from your app is this: (considering you have access to Google Play Store services.)

private void updateAndroidSecurityProvider(Activity callingActivity) {
    try {
        ProviderInstaller.installIfNeeded(this);
    } catch (GooglePlayServicesRepairableException e) {
        // Thrown when Google Play Services is not installed, up-to-date, or enabled
        // Show dialog to allow users to install, update, or otherwise enable Google Play services.
        GooglePlayServicesUtil.getErrorDialog(e.getConnectionStatusCode(), callingActivity, 0);
    } catch (GooglePlayServicesNotAvailableException e) {
        Log.e("SecurityException", "Google Play Services not available.");
    }
}

Take a look at: https://developer.android.com/training/articles/security-gms-provider.html?#patching for more info.