Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for TLS 1.1 and 1.2 on Android 4.x #7192

Closed
fkoester opened this issue Apr 24, 2016 · 14 comments
Closed

Support for TLS 1.1 and 1.2 on Android 4.x #7192

fkoester opened this issue Apr 24, 2016 · 14 comments
Labels
Help Wanted :octocat: Issues ideal for external contributors. Resolution: Locked This issue was locked by the bot. Type: Enhancement A new feature or enhancement of an existing feature.

Comments

@fkoester
Copy link
Contributor

I just recognized that react-native 0.24.1 on Android 4.x devices fails to connect to HTTPS servers which allow only TLS 1.2, e.g. following Mozilla's recommended "modern compatibility" configuration [1].

According to the Android documentation TLS 1.2 is also supported on Android API level 16+ (Android 4.1+), but enabled by default only for API level 20+ (Android 5.0+) [2]

If using Android's native SSLSocketFactory implementation, it is quite simple to enable the TLS 1.2 support [3]. I am not sure though, if and how this is also possible for react-native applications. I also do not know why the Android developers did not enable it by default, so there might be any downsides on doing so. Therefore a config option to turn the support on/off would probably be a good idea.

I would like to create a pull request for this but before digging into the react-native code I wanted to create this issue in case someone else is able to push me in the right direction (or even say it's impossible).

[1] https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
[2] https://developer.android.com/reference/javax/net/ssl/SSLSocket.html
[3] http://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/
@HenryStevens
Copy link

Right direction

@satya164 satya164 added the Help Wanted :octocat: Issues ideal for external contributors. label Apr 24, 2016
@fkoester
Copy link
Contributor Author

Thanks to @HenryStevens I quickly managed to create a proof of concept. It is fairly straight forward as it just creates a custom SSLSocketFactory as described in article [3] referenced above and sets this as the SSLSocketFactory used by the OkHttpClient:

master...bringnow:master

@kompot
Copy link

kompot commented May 31, 2016

@fkoester maybe you could create a PR so it's reviewed? Probably it's the only way for this to be merged into master?

@finalquest
Copy link

Sorry to bump this up.
Does anyone have a PR to apply, or a patch to share.

@alvaromb
Copy link
Contributor

alvaromb commented Aug 5, 2016
edited
Loading

I've used @fkoester patch successfully, however I have no experience in Android and I don't know if the linked code provided can be sent as is in a PR.

Edit
I've applied the patch described in the third link.

@alvaromb
Copy link
Contributor

alvaromb commented Sep 6, 2016

Hi @fkoester!

Have you managed to run TLS 1.2 with the latest RN versions?

@fkoester
Copy link
Contributor Author

fkoester commented Sep 6, 2016

@kompot @finalquest
Sorry for not responding. I will create a PR for this patch (probably today)!

@alvaromb
Did not test on Android 4.x lately, so no. Will check when creating a PR.

@alvaromb
Copy link
Contributor

alvaromb commented Sep 6, 2016

I have a PR ready with the following code square/okhttp#2372 (comment)

It is working perfectly under Android 4.x

fkoester added a commit to bringnow/react-native that referenced this issue Sep 7, 2016
@fkoester
Enable TLS 1.2 (See Issue facebook#7192)
0c87170
fkoester added a commit to bringnow/react-native that referenced this issue Sep 7, 2016
@fkoester
Enable TLS 1.2 (See Issue facebook#7192)
1ef96c0
fkoester added a commit to bringnow/react-native that referenced this issue Sep 7, 2016
@fkoester
Enable TLS 1.2 (See Issue facebook#7192)
6b46446 
Credits to Alex Gotev (@gotev) for the nice implementation.
fkoester added a commit to bringnow/react-native that referenced this issue Sep 7, 2016
@fkoester
Enable TLS 1.2 on Android 4.1-4.4 (See Issue facebook#7192)
c809222 
Credits to Alex Gotev (@gotev) for the nice implementation.
@fkoester
Copy link
Contributor Author

fkoester commented Sep 7, 2016

So, I rebased to the latest react-native master and and created a branch for a PR: https://github.com/bringnow/react-native/tree/enable-tls-1.2

@alvaromb Thanks for the hint! I incorporated some of the implementation details of @gotev 's code.

Will test my code and then create a PR.

fkoester added a commit to bringnow/react-native that referenced this issue Sep 7, 2016
@fkoester
Enable TLS 1.2 on Android 4.1-4.4 (See Issue facebook#7192)
c94072a 
Credits to Alex Gotev (@gotev) for the nice implementation.
fkoester added a commit to bringnow/react-native that referenced this issue Sep 7, 2016
@fkoester
Enable TLS 1.2 on Android 4.1-4.4 (See Issue facebook#7192)
fab8816 
Credits to Alex Gotev (@gotev) for the nice implementation.
fkoester added a commit to bringnow/react-native that referenced this issue Sep 7, 2016
@fkoester
Enable TLS 1.2 on Android 4.1-4.4 (See Issue facebook#7192)
8585872 
Credits to Alex Gotev (@gotev) for the nice implementation.
fkoester added a commit to bringnow/react-native that referenced this issue Sep 7, 2016
@fkoester
Enable TLS 1.2 on Android 4.1-4.4 (See Issue facebook#7192)
0ec5100 
Credits to Alex Gotev (@gotev) for the nice implementation.
fkoester added a commit to bringnow/react-native that referenced this issue Sep 10, 2016
@fkoester
Enable TLS 1.2 on Android 4.1-4.4 (See Issue facebook#7192)
5f267f1 
Credits to Alex Gotev (@gotev) for the nice implementation.
fkoester added a commit to bringnow/react-native that referenced this issue Sep 10, 2016
@fkoester
Enable TLS 1.2 on Android 4.1-4.4 (See Issue facebook#7192)
5d11394 
Credits to Alex Gotev (@gotev) for the nice implementation.
fkoester added a commit to bringnow/react-native that referenced this issue Sep 10, 2016
@fkoester
Enable TLS 1.2 on Android 4.1-4.4 (See Issue facebook#7192)
2b5b494 
Credits to Alex Gotev (@gotev) for the nice implementation.
@fkoester fkoester mentioned this issue Sep 10, 2016
Closed
fkoester added a commit to bringnow/react-native that referenced this issue Oct 22, 2016
@fkoester
Enable TLS 1.2 on Android 4.1-4.4 (See Issue facebook#7192)
386026f 
Credits to Alex Gotev (@gotev) for the nice implementation.
fkoester added a commit to bringnow/react-native that referenced this issue Oct 22, 2016
@fkoester
Enable TLS 1.2 on Android 4.1-4.4 (See Issue facebook#7192)
fc7d451 
Credits to Alex Gotev (@gotev) for the nice implementation.
@lacker
Copy link
Contributor

lacker commented Oct 28, 2016

PR is shipit'd

@lacker lacker closed this as completed Oct 28, 2016
facebook-github-bot pushed a commit that referenced this issue Oct 29, 2016
@fkoester
Enable TLS 1.1 and TLS 1.2 on Android 4.1-4.4
55ebb89 
Summary:
This is a proposed patch for issue #7192.

Android 4.1-4.4 has support for TLS 1.1 and 1.2 but it is disabled by default. Because of the known security issues and more and more servers switching to TLS 1.2 only, it would be nice for react-native to enable this support.

I demonstrated a demo application which showcases the problem and can be used to test this patch. All sources and documentation for it can be found here:

https://github.com/bringnow/react-native-tls-test

Credits to Alex Gotev (gotev) for the nice implementation.
Closes #9840

Differential Revision: D4099446

Pulled By: lacker

fbshipit-source-id: 94db320dce6d27f98169e63f834562360c00eef7
DanielMSchmidt pushed a commit to DanielMSchmidt/react-native that referenced this issue Jan 4, 2017
@fkoester @DanielMSchmidt
Enable TLS 1.1 and TLS 1.2 on Android 4.1-4.4
33b3cbb 
Summary:
This is a proposed patch for issue facebook#7192.

Android 4.1-4.4 has support for TLS 1.1 and 1.2 but it is disabled by default. Because of the known security issues and more and more servers switching to TLS 1.2 only, it would be nice for react-native to enable this support.

I demonstrated a demo application which showcases the problem and can be used to test this patch. All sources and documentation for it can be found here:

https://github.com/bringnow/react-native-tls-test

Credits to Alex Gotev (gotev) for the nice implementation.
Closes facebook#9840

Differential Revision: D4099446

Pulled By: lacker

fbshipit-source-id: 94db320dce6d27f98169e63f834562360c00eef7
@jhellman jhellman mentioned this issue Jun 22, 2017
Open
@jhellman jhellman mentioned this issue Jul 13, 2017
Merged
@josomers
Copy link

josomers commented Nov 7, 2017
edited
Loading

It seems that enabling TLS 1.2 on Android < 5.0 yet with the default RN implementation, right? Besides forking RN, what can be a solution please?

@perrosnk
Copy link

Any updates on this?

@svlada
Copy link

svlada commented Mar 5, 2018

I'm shocked that this is still not resolved.

@perrosnk
Copy link

perrosnk commented Mar 6, 2018

I fixed it based on this comment and this gist.

@facebook facebook locked as resolved and limited conversation to collaborators Jul 19, 2018
@react-native-bot react-native-bot added the Resolution: Locked This issue was locked by the bot. label Jul 19, 2018
@hramos hramos added the Type: Enhancement A new feature or enhancement of an existing feature. label Mar 14, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Help Wanted :octocat: Issues ideal for external contributors. Resolution: Locked This issue was locked by the bot. Type: Enhancement A new feature or enhancement of an existing feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests