Android Enable TLSv1.2 in OKHttp

Question

i am using OKHttp for my project. i want to enable TLSv1.2 for my service call. can any body tell me how to enable it.

Answer 1

This is basically the same as the answer above but I feel like a code sample would be useful for anyone else who lands here and isn't up to speed on navigating the java ssl landscape.

What ultimately ended up working for me was based on the issue reported here: https://github.com/mattleibow/square-bindings/issues/1
from this gist https://gist.github.com/mattleibow/c8abfa323db094b820cc

Note these code samples are in C# / Xamarin but can be translated to java fairly easily.

internal class CompleteSSLSocketFactory : SSLSocketFactory
{
    private readonly SSLSocketFactory innerFactory;

    public CompleteSSLSocketFactory (SSLSocketFactory innerFactory)
    {
        this.innerFactory = innerFactory;
    }

    public override string[] GetDefaultCipherSuites ()
    {
        return innerFactory.GetDefaultCipherSuites ();
    }

    public override string[] GetSupportedCipherSuites ()
    {
        return innerFactory.GetSupportedCipherSuites ();
    }

    public override Socket CreateSocket ()
    {
        return MakeSocketSafe (innerFactory.CreateSocket ());
    }

    public override Socket CreateSocket (Socket s, string host, int port, bool autoClose)
    {
        return MakeSocketSafe (innerFactory.CreateSocket (s, host, port, autoClose));
    }

    public override Socket CreateSocket (string host, int port)
    {
        return MakeSocketSafe (innerFactory.CreateSocket (host, port));
    }

    public override Socket CreateSocket (string host, int port, InetAddress localHost, int localPort)
    {
        return MakeSocketSafe (innerFactory.CreateSocket (host, port, localHost, localPort));
    }

    public override Socket CreateSocket (InetAddress host, int port)
    {
        return MakeSocketSafe (innerFactory.CreateSocket (host, port));
    }

    public override Socket CreateSocket (InetAddress address, int port, InetAddress localAddress, int localPort)
    {
        return MakeSocketSafe (innerFactory.CreateSocket (address, port, localAddress, localPort));
    }

    private Socket MakeSocketSafe (Socket socket)
    {
        var sslSocket = socket as SSLSocket;
        if (sslSocket != null) {
            // enable all supported protocols for this socket
            sslSocket.SetEnabledProtocols (sslSocket.GetSupportedProtocols ());
            sslSocket.SetEnabledCipherSuites (sslSocket.GetSupportedCipherSuites ());
        }
        return socket;
    }
}

And then calling it like:

// this.client is an OkHttpClient
if (Android.OS.Build.VERSION.SdkInt < BuildVersionCodes.Lollipop) {
    this.client.SetSslSocketFactory(new CompleteSSLSocketFactory(HttpsURLConnection.DefaultSSLSocketFactory));
}

This worked for me, tested on API 19.