Android 4.1+ enable TLS 1.1 and TLS 1.2

I recently had to work on an Android application that consumed an API which removed support for TLS 1.0 connections for security reasons.

The Android documentation for SSLSocket says that TLS 1.1 and TLS 1.2 is supported within android starting API level 16+ (Android 4.1, Jelly Bean). But it is by default disabled but starting with API level 20+ (Android 4.4 for watch, Kitkat Watch and Android 5.0 for phone, Lollipop) they are enabled. But it is very hard to find any documentation about how to enable it for phones running 4.1 for example.

The first thing you need to do is to make sure that your minimum required API level is 16 to have the following code working in your project.

To enable TLS 1.1 and 1.2 you need to create a custom SSLSocketFactory that is going to proxy all calls to a default  SSLSocketFactory implementation. In addition to that do we have to override all createSocket methods and callsetEnabledProtocols on the returned SSLSocket to enable TLS 1.1 and TLS 1.2. For an example implementation just follow the link below.


Now when ever you create a network connection just pass in an instance of TLSSocketFactory as your SSLSocketFactory and it magical enables TLS 1.1 and TLS 1.2 for you. (Please not that I haven’t specified TLSv1 as enabled protocol but if you need it just add it to the String array.

 

If you are using the Google Play Services (e.g. Push notifications) then you can also follow my tutorial about Protecting Your Android App Against SSL Exploits that explains you how to use the google play services security provider so that your app is always using a up to date openssl library for all SSL operations without much hassle.

Florian Krauthan

Technology nerd, security advocate, writer and professional software developer