Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

OkHttpClientProvider for Android 4 does not support TLSv1 #14244

Closed
PaulVanStaden opened this issue May 29, 2017 · 9 comments
Closed

OkHttpClientProvider for Android 4 does not support TLSv1 #14244

PaulVanStaden opened this issue May 29, 2017 · 9 comments
Labels
Bug Platform: Android Android applications. Resolution: Locked This issue was locked by the bot.

Comments

@PaulVanStaden
Copy link
Contributor

PaulVanStaden commented May 29, 2017

Description

Correctly functioning behaviour.

In Android v5 and upwards when using the standard OkHttpClientProvider it uses OkHttpClient.Builder() to determine the connectionSpecs. This returns a default

DEFAULT_CONNECTION_SPECS = Util.immutableList(
      ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS, ConnectionSpec.CLEARTEXT);

Inconsistent behaviour

For Android SDK Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN && Build.VERSION.SDK_INT <= Build.VERSION_CODES.KITKAT it goes into a custom enableTls12OnPreLollipop codeblock that specifically only implements ConnectionSpec.MODERN_TLS

This results that connections using TLSv1 will not work on Android 4.

Reproduction Steps and Sample Code

  1. Run an emulator on API 16.
  2. Try a SSL network request to a SSL server only accepting TLSv1
  3. Fail network request due to the following error
javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb9561090: Failure in SSL library, usually a protocol error
error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x9e0fd925:0x00000000)

Solution

Will Add pull request.
Added #14245

in com.facebook.react.modules.network.TLSSocketFactory replace

private Socket enableTLSOnSocket(Socket socket) {
        if(socket != null && (socket instanceof SSLSocket)) {
            ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
        }
        return socket;
    }

with

private Socket enableTLSOnSocket(Socket socket) {
        if(socket != null && (socket instanceof SSLSocket)) {
            ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1","TLSv1.1", "TLSv1.2"});
        }
        return socket;
    }

Additional Information

  • React Native version: v0.45.0-rc.2
  • Platform: Android
  • Development Operating System: OSX and Windows
  • Dev tools: Android Studio version, Android SDK 25
@hramos

This comment has been minimized.

@hramos hramos added the Icebox label Jul 31, 2017
@hramos hramos closed this as completed Jul 31, 2017
facebook-github-bot pushed a commit that referenced this issue Sep 24, 2017
Summary:
This problem tries to solve issue #14244

Implemented a fetch request to a TLSv1 server. It now successfully resolves TLS handshake.
Tested same fetch to TLSv1.2 server and still successfully resolves TLS handshake.
Closes #14245

Differential Revision: D5898689

Pulled By: shergin

fbshipit-source-id: 8766ebe6909443367651ab868aa5ff62747cd906
@8of
Copy link

8of commented Jul 24, 2018

Reoccured on React Native 0.56.0

@sijad
Copy link

sijad commented Sep 10, 2018

any news on this one? we can't use cloudflare CDN because of this bug.

@kelset kelset added the Platform: Android Android applications. label Sep 10, 2018
@stale
Copy link

stale bot commented Dec 9, 2018

Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may also label this issue as "For Discussion" or "Good first issue" and I will leave it open. Thank you for your contributions.

@stale stale bot added the Stale There has been a lack of activity on this issue and it may be closed soon. label Dec 9, 2018
@sijad
Copy link

sijad commented Dec 9, 2018

I think this should kept open

@stale stale bot removed the Stale There has been a lack of activity on this issue and it may be closed soon. label Dec 9, 2018
@lahed
Copy link

lahed commented Dec 12, 2018

Some solution, the same thing happens to me, since 0.56.0 it stopped working

@ThaJay
Copy link

ThaJay commented Feb 28, 2019

This is the original pull request
#9840
Original issue:
#7192

@dulmandakh
Copy link
Contributor

we fixed the issue in the master, and will be included in future releases. 75af15e

@dulmandakh
Copy link
Contributor

please see #23984 for workarounds

@facebook facebook locked as resolved and limited conversation to collaborators Mar 20, 2020
@react-native-bot react-native-bot added the Resolution: Locked This issue was locked by the bot. label Mar 20, 2020
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Labels
Bug Platform: Android Android applications. Resolution: Locked This issue was locked by the bot.
Projects
None yet
Development

No branches or pull requests

9 participants