Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Android SSL - SNI support

Tags:

I would like to know about the support for the SSL/TLS Server Name Indication (SNI) extension in the Android SDK.

like image 236
user736435 Avatar asked May 04 '11 07:05

user736435

People also ask

Which TLS version support SNI?

SNI (server name indication) works with TLS 1.2, but rejected by server on TLS 1.0.

Do all browsers support SNI?

Because SNI is relatively new, not all browsers support SNI. If the browser does not support SNI, it is presented with a default SSL certificate.

Does Google Chrome support SNI?

Server Name Indication (SNI) is not currently supported. However, there is an open request for this feature. Users can't use multiple sign-in access if TLS inspection is enabled.

2 Answers

As far as I know, there is a partial support in Android SDK. The current situation is the following:

  1. Since the Gingerbread release TLS connection with the HttpsURLConnection API supports SNI.
  2. Apache HTTP client library shipped with Android does not support SNI
  3. The Android web browser does not support SNI neither (since using the Apache HTTP client API)

There is an opened ticket regarding this issue in the Android bug tracker.

It is also possible to test the SNI support by making a connection to this URL: https://sni.velox.ch/

like image 52
Jcs Avatar answered Sep 29 '22 22:09

Jcs

Fortunately, HttpsURLConnection supports SNI since Android 2.3. One workaround if you need to support Android 2.2 (and older) is to set up an alternative virtual host on a unique port so that it's unambiguous which server certificate to return.

Please check this link for more information. Hope this will help future users.

Just for information

Newer versions of SSL, specifically TLSv.1.0 and later, support Server Name Indication (SNI), which allows the SSL client to specify the intended hostname to the server so the proper certificate can be returned.

like image 33
Pravin Divraniya Avatar answered Sep 29 '22 22:09

Pravin Divraniya
Sign in to Comment

Related questions

Python's profile module: <string>:1(?)
What is an lvalue? [duplicate]
Why is Ruby String.hash inconsistent across machines?
Correct Way to Define a Predicate Function in C++
Can multiple threads see writes on a direct mapped ByteBuffer in Java?
Make a local copy of a remote git repository
vim compiles with wrong python version (and not working with needed version)
MySQL configuration: when to use hyphen and when to use underscore
Android: How to read Magnetic Stripe(credit cards, etc) Data [closed]
Specifying exact percentage widths in relation to parent DIV in CSS
sizeof() structures not known. Why?
Converting from PDF to HTML [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!