Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

TLS 1.1, 1.2 in WebView for android <= 4.3

In my android application I need to display 3rd-party registration form inside WebView. Unfortunately, I need to also support android versions < 4.3, where you get SSL handshake error when you connect to the website. I was, however, able to create direct requests on android 4.1+ with a custom SSL context which has TLS 1.1 explicitly enabled, but I can't pass this SSL context into my WebView. I tried to make custom WebViewClient

    private WebViewClient webViewClient = new WebViewClient() {
    @Override
    public void onPageFinished(WebView webView, String url) {
        if (presenter != null) {
            presenter.onLoadFinished();
        }
    }

    @Override
    public void onReceivedError(WebView webView,
                                WebResourceRequest request,
                                WebResourceError error) {
        if (presenter != null) {
            presenter.onLoadError();
        }
    }

    @Override
    public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error){
        handler.proceed();
    }

    @Override
    public boolean shouldOverrideUrlLoading(WebView webView, String url) {
                Request request = new Request.Builder().url(url).build();
    final Handler handler = new Handler(mContext.getMainLooper());
    //mOkHttpClient is an OkHttpClient with my custom SSLContext which has TLS 1.1 and TLS 1.2 enabled
    mOkHttpClient.newCall(request).enqueue(new Callback() {
            @Override
            public void onFailure(Call call, IOException e) {

            }

            @Override
            public void onResponse(Call call, final okhttp3.Response response) throws IOException {
                handler.post(new Runnable() {
                    @Override
                    public void run() {
                        try {
                            webView.loadDataWithBaseURL(
                                    null, response.body().string(), "text/html", "utf-8", null);
                        } catch (IOException e) {
                            e.printStackTrace();
                        }
                    }
                });
            }
        });
    }

};

But that didn't work since shouldOverrideUrlLoading is not called on POST requests.

Is there a way to make this work(probably some alternative to WebView)? Any help is appreciated.

like image 338
satorikomeiji Avatar asked Apr 30 '16 06:04

satorikomeiji


People also ask

Does Android support TLS 1. 2?

TLS 1.2 is supported on devices running Android 4.1. x or greater (API level 16).

What TLS version does Android use?

In Android 10 and higher, TLS 1.3 is enabled by default for all TLS connections.

Is TLS 1.1 deprecated?

As part of ongoing efforts to modernize platforms, and to improve security and reliability, TLS 1.0 and 1.1 have been deprecated by the Internet Engineering Task Force (IETF) as of March 25, 2021.


1 Answers

I'm not sure if you can make it work with the current WebView but I would recommend you to have a look at: https://crosswalk-project.org/documentation/android.html to replace the WebView.

This is built upon latest version of Chrome and you won't have problems with that version of Android the user is running on.

I'm sure there are other alternatives too, but this is the one I'm using for work and I know work.

Best of luck to you.

like image 181
Henrik Gyllensvärd Avatar answered Sep 27 '22 17:09

Henrik Gyllensvärd