Android Enable TLSv1.2 in OKHttp
i am using OKHttp for my project. i want to enable TLSv1.2 for my service call. can any body tell me how to enable it.
-
Turns out my solution is very similar to Ken's (except in Java). I found it here although had to make a couple of small changes to get it to work. Hopefully this works 'out of the box' for others.
public class TLSSocketFactoryCompat extends SSLSocketFactory { private SSLSocketFactory internalSSLSocketFactory; public TLSSocketFactoryCompat() throws KeyManagementException, NoSuchAlgorithmException { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, null, null); internalSSLSocketFactory = context.getSocketFactory(); } public TLSSocketFactoryCompat(TrustManager[] tm) throws KeyManagementException, NoSuchAlgorithmException { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tm, new java.security.SecureRandom()); internalSSLSocketFactory = context.getSocketFactory(); } @Override public String[] getDefaultCipherSuites() { return internalSSLSocketFactory.getDefaultCipherSuites(); } @Override public String[] getSupportedCipherSuites() { return internalSSLSocketFactory.getSupportedCipherSuites(); } @Override public Socket createSocket() throws IOException { return enableTLSOnSocket(internalSSLSocketFactory.createSocket()); } @Override public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose)); } @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); } @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort)); } @Override public Socket createSocket(InetAddress host, int port) throws IOException { return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); } @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort)); } private Socket enableTLSOnSocket(Socket socket) { if(socket != null && (socket instanceof SSLSocket)) { //Create list of supported protocols ArrayListsupportedProtocols = new ArrayList<>(); for (String protocol : ((SSLSocket)socket).getEnabledProtocols()) { //Log.d("TLSSocketFactory", "Supported protocol:" + protocol); //Only add TLS protocols (don't want ot support older SSL versions) if (protocol.toUpperCase().contains("TLS")) { supportedProtocols.add(protocol); } } //Force add TLSv1.1 and 1.2 if not already added if (!supportedProtocols.contains("TLSv1.1")) { supportedProtocols.add("TLSv1.1"); } if (!supportedProtocols.contains("TLSv1.2")) { supportedProtocols.add("TLSv1.2"); } String[] protocolArray = supportedProtocols.toArray(new String[supportedProtocols.size()]); /*for (int i = 0; i < protocolArray.length; i++) { Log.d("TLSSocketFactory", "protocolArray[" + i + "]" + protocolArray[i]); }*/ //enable protocols in our list ((SSLSocket)socket).setEnabledProtocols(protocolArray); } return socket; } } Usage:
OkHttpClient httpClient = new OkHttpClient(); //Add Custom SSL Socket Factory which adds TLS 1.1 and 1.2 support for Android 4.1-4.4 try { httpClient.setSslSocketFactory(new TLSSocketFactoryCompat()); } catch (KeyManagementException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); }
加载中...
- 热议问题