Enable tls related protocols for picasso on <=KitKat devices #7350
Conversation
litetex
left a comment
litetex
left a comment
There was a problem hiding this comment.
I think this should be solved/done by #7175.
Btw: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA are considered weak.
thanks for pointing that out. I will try that the NetCipher route #7175 |
|
I've checked NetCipher and get it up and running -- but they do NOT enable TLSv1.1 and TLSv1.2. So NetCipher is no solution for me as the server sp.rmbl.ws only supports TLSv1.2. Maybe I miss something to enable it there. Any hints appreciated. Thank you! Edit: the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA are the only protocols that android 4.x can use with TLSv1.2 in combination with that server. |
|
Okay, I reviewed the PR again and I don't understand the problems at all:
We already overwrite the system default on devices that run Android 4.4 (API 19). I think the problem here is that PicassoHelper gets initialized before the TLS is configured. NewPipe/app/src/main/java/org/schabi/newpipe/MainActivity.java Lines 134 to 137 in b5ad24e Does this fix your problems? |
evermind-zz
force-pushed
the
enable-tls-related-protocols-for-picasso-on-kitkat
branch
from
768014a to
5c7afbf
Compare
|
This was my first try and it did not work. Does OkHttp3 build on top of HttpsURLConnection? As the documentation states:
I verified the OkHttpClient object is not using the TLSSocketFactoryCompat class in PicassoHelper but OpenSSLSocketFactoryImpl. Only the protocols ["TLSv1", "SSLv3"] are enabled So I am not sure if this setting helps at all: NewPipe/app/src/main/java/org/schabi/newpipe/MainActivity.java Lines 134 to 137 in b5ad24e For me also media.ccc.de is not showing pictures on Android 4.4 emulator without this PR In DownloaderImpl the TLSSocketFactoryCompat and additional Ciphers are explicitly set for its OkHttpClient.Builder(). I changed the PR now to not duplicate code and moved the DownloaderImpl enableModernTLS() method to a helper class and reuse that code to configure the PicassoHelper OkHttpClient.Builder() instance in the same way. EDIT: |
|
I created a new pull request using NetCipher which solves my problems |
evermind-zz
deleted the
enable-tls-related-protocols-for-picasso-on-kitkat
branch
evermind-zz
restored the
enable-tls-related-protocols-for-picasso-on-kitkat
branch
- sync with TeamNewPipe v0.21.15 - fix for Picasso to enable TLSv1.1/1.2 on KitKat devices. (fixes Rumble and media.ccc.de displaying of thumbnails) This fix will not be available in NewPipe see TeamNewPipe#7350
2 participants
What is it?
Description of the changes in your PR
Could not load images with Picasso. This problem only surfaced as I maintain a fork of NewPipe that supports the video platform Rumble and the thumbnails stopped to load. The reason is that NewPipe moved from UniversalImageLoader to Picasso. This PR fixes that. It might fix other platforms on those devices too.
APK testing
The APK can be found by going to the "Checks" tab below the title. On the left pane, click on "CI", scroll down to "artifacts" and click "app" to download the zip file which contains the debug APK of this PR.
Due diligence