Skip to content

remove TLS 1.1 support for kitkat #2905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mqus wants to merge 3 commits into from
Closed

remove TLS 1.1 support for kitkat #2905

mqus wants to merge 3 commits into from

Conversation

@mqus
Copy link
Contributor

@mqus mqus commented Dec 28, 2019

partly fixes #2898

I wasn't able to test this yet because I'm not at my usual workstation, the soonest I'll be able to is in ~1 week.

@TobiGr TobiGr added this to the 0.18.1 milestone Dec 28, 2019
@Redirion
Copy link
Member

Redirion commented Dec 29, 2019

I don't think that this PR is necessary yet. As you pointed out in your comment #2898 (comment) the browsers will actually drop TLS 1.1 support in March 2020.
See here and here

We should then come back and remove TLS below 1.2 for all devices alltogether.

@TobiGr
Copy link
Contributor

TobiGr commented Jan 8, 2020

Thanks @mqus.
I agree with @Redirion. We'll postpone this until March and then drop TLS 1.1 completely.

@TobiGr TobiGr removed this from the 0.18.1 milestone Jan 8, 2020
@Stypox Stypox mentioned this pull request Jan 28, 2020
Closed
2 tasks
TobiGr
TobiGr previously approved these changes Mar 3, 2020
View reviewed changes
Copy link
Contributor

@TobiGr TobiGr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is March. We should be good to go. I plan to merge this at the weekend and leave this open until then for potential comments from other contributors.

@TobiGr TobiGr added the device/software specific Issues that only happen on some devices or with some specific hardware/software label Mar 3, 2020
Stypox
Stypox requested changes Mar 3, 2020
View reviewed changes
@Stypox
Copy link
Member

Stypox commented Mar 3, 2020

@TobiGr see #2898 (comment)
Is it really useful to disable TLS1.1 on Android 4, while every other user would keep 1.0 and 1.1 enabled? @mqus proposed a solution based on code from another project, maybe we should use that to disable 1.1 everywhere?

@Redirion
Copy link
Member

Redirion commented Mar 6, 2020

while waiting for the next update for Netcipher this PR could be changed in the following way:
remove the check for Kitkat, to use TLSSocketFactoryCompat for all devices and change ((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.2"}); to ((SSLSocket) socket).setEnabledProtocols(Build.VERSION.SDK_INT > 28 ? new String[]{"TLSv1.2", "TLSv1.3"} : new String[]{"TLSv1.2"});as Android 10 added support for TLSv1.3

@mqus
Copy link
Contributor Author

mqus commented Mar 6, 2020

Which does not really adress the set ciphersuites, which are also different between android versions. I seriously do not want to touch that, this will have to happen in another PR.

@mqus
Copy link
Contributor Author

mqus commented Mar 6, 2020

But i agree that waiting for netcipher is not viable.

@Stypox
Copy link
Member

Stypox commented Jan 16, 2021

At which point is this? Should it be merged now? @Redirion @mqus

@TobiGr TobiGr force-pushed the dev branch 2 times, most recently from 679bc75 to 2aeccc0 Compare March 16, 2021 08:24
@litetex litetex marked this pull request as draft October 1, 2021 17:55
@litetex
Copy link
Member

litetex commented Oct 1, 2021

Converted to draft:

  • no progress/feedback since >9 months.
  • no GitHub actions build
  • merge conflicts

Should be closed in the future if no further progress happens here.
The only thing keeping it currently open is the fact that this is security related.

@Redirion
Copy link
Member

Redirion commented Oct 1, 2021

this is superseded by PR #7175

@Redirion Redirion closed this Oct 1, 2021
@litetex litetex mentioned this pull request Oct 10, 2021
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Stypox Stypox Stypox requested changes

@TobiGr TobiGr TobiGr left review comments

Assignees

No one assigned

Labels

device/software specific Issues that only happen on some devices or with some specific hardware/software

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Deprecate TLS 1.1

5 participants

@mqus @Redirion @TobiGr @Stypox @litetex