React-native: Support for TLS 1.1 and 1.2 on Android 4.x
I just recognized that react-native 0.24.1 on Android 4.x devices fails to connect to HTTPS servers which allow only TLS 1.2, e.g. following Mozilla's recommended "modern compatibility" configuration [1].
According to the Android documentation TLS 1.2 is also supported on Android API level 16+ (Android 4.1+), but enabled by default only for API level 20+ (Android 5.0+) [2]
If using Android's native SSLSocketFactory implementation, it is quite simple to enable the TLS 1.2 support [3]. I am not sure though, if and how this is also possible for react-native applications. I also do not know why the Android developers did not enable it by default, so there might be any downsides on doing so. Therefore a config option to turn the support on/off would probably be a good idea.
I would like to create a pull request for this but before digging into the react-native code I wanted to create this issue in case someone else is able to push me in the right direction (or even say it's impossible).
[1] https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
[2] https://developer.android.com/reference/javax/net/ssl/SSLSocket.html
[3] http://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/
fkoester
All 14 comments
HenryStevens
on 24 Apr 2016
Thanks to @HenryStevens I quickly managed to create a proof of concept. It is fairly straight forward as it just creates a custom SSLSocketFactory as described in article [3] referenced above and sets this as the SSLSocketFactory used by the OkHttpClient:
https://github.com/facebook/react-native/compare/master...bringnow:master
fkoester
on 25 Apr 2016
@fkoester maybe you could create a PR so it's reviewed? Probably it's the only way for this to be merged into master?
kompot
on 31 May 2016
Sorry to bump this up.
Does anyone have a PR to apply, or a patch to share.
finalquest
on 5 Aug 2016
I've used @fkoester patch successfully, however I have no experience in Android and I don't know if the linked code provided can be sent as is in a PR.
Edit
I've applied the patch described in the third link.
alvaromb
on 5 Aug 2016
Hi @fkoester!
Have you managed to run TLS 1.2 with the latest RN versions?
alvaromb
on 6 Sep 2016
@kompot @finalquest
Sorry for not responding. I will create a PR for this patch (probably today)!
@alvaromb
Did not test on Android 4.x lately, so no. Will check when creating a PR.
fkoester
on 6 Sep 2016
I have a PR ready with the following code https://github.com/square/okhttp/issues/2372#issuecomment-244807676
It is working perfectly under Android 4.x
alvaromb
on 6 Sep 2016
So, I rebased to the latest react-native master and and created a branch for a PR: https://github.com/bringnow/react-native/tree/enable-tls-1.2
@alvaromb Thanks for the hint! I incorporated some of the implementation details of @gotev 's code.
Will test my code and then create a PR.
fkoester
on 7 Sep 2016
PR is shipit'd
lacker
on 29 Oct 2016
It seems that enabling TLS 1.2 on Android < 5.0 yet with the default RN implementation, right? Besides forking RN, what can be a solution please?
josomers
on 7 Nov 2017
Any updates on this?
perrosnk
on 20 Feb 2018
I'm shocked that this is still not resolved.
svlada
on 5 Mar 2018
Related issues
rkostrab
路
139Comments
satya164
路
498Comments
samhunta
路
162Comments
astreet
路
173Comments
dishantwalia
路
190Comments
Most helpful comment
So, I rebased to the latest react-native master and and created a branch for a PR: https://github.com/bringnow/react-native/tree/enable-tls-1.2
@alvaromb Thanks for the hint! I incorporated some of the implementation details of @gotev 's code.
Will test my code and then create a PR.