Android Enable TLSv1.2 in OKHttp

Question

i am using OKHttp for my project. i want to enable TLSv1.2 for my service call. can any body tell me how to enable it.

Answer 1

See OkHttp’s HTTPS documentation.

ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) 
  .tlsVersions(TlsVersion.TLS_1_2)
  .cipherSuites( 
     CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
  .build();
OkHttpClient client = ... 
client.setConnectionSpecs(Collections.singletonList(spec));

Answer 2

As far as I know OKHttp does not include own SSL/TLS libraries, therefore it just uses the standard SSLSocket provided by Android.

What TLS versions are supported (and enabled) depends on the used Android version. On some phones TLS 1.2 is supported but not enabled by default (as far as I remember this affects phones with Android 4.1/4.2/4.4). In such cases you could enable it by implementing a custom wrapper SSLSocketFactory that uses internally the default SSLSocketFactory and calls setEnabledProtocols(new String[]{"TLS1.2"}) on every Socket that is created.

On device with Google Services installed the preferred way to enable TLS 1.2 on old Android 4.x device is using ProviderInstaller.