问题
I have been trying to implement TLS 1.2 on Android. I create an SSLSocket s but when I run s.getSupportedProtocols(), TLS 1.2 is not one of the options. TLSv1 and SSLv3 are supported but TLSv1.2 is not.
In relation to that question, the ciphersuite I need is also not on there (TLS_ECDHE_ECDSA_WITH_AES_256_...)
Any idea on what I could import or do to enable TLSv1.2 and that cipher on android? Is there something I am missing? Any ideas would be helpful! Thanks!
回答1:
Just for documentation purpose (this question is 3.5 years old) - Android API documentation has a list of supported SSL/TLS per API level, including specific cipher suites: https://developer.android.com/reference/javax/net/ssl/SSLSocket.html
回答2:
You can't really enable it if it is not there. To add support for TLSv1.2 you need to either add a new JSSE provider (not trivial), or if you only need a socket, probably implement it in native code using OpenSSL. Or simply use JB if you can.
回答3:
If you are still stuck with 2.3 your best option would be to create (or use) an OpenSSL port for Android using NDK. OpenSSL has a configure options for Android. Using the NDK you can build either statically linked libraries or dynamically linked ones. Then use JNI and setup your TLS 1.2 session there. Even if you use JB you would have to first enable TLS 1.2. Your entire cipher suite is not listed so it is a possibility that it is still not available in JB, e.g, _GCM.
This table shows which cipher suites are supported by which API level.
This stackoverflow link also contains info on building openssl for use on Android.
来源:https://stackoverflow.com/questions/5950178/implementing-tls-1-2-on-android-2-3-3