Making SSLEngine use TLSv1.2 on Android (4.4.2)? -

Making SSLEngine use TLSv1.2 on Android (4.4.2)? -

folks, i'm hoping there's obvious i'm missing, , hope able shed light. i'm trying tlsv1.2 running in ssl + nio context (using androidasync library), i'm trying enable via sslengine. can run code this:

sslcontext sslcontext = sslcontext.getinstance("tlsv1.2"); sslcontext.init(null, null, null); string[] protocols = sslcontext.getsupportedsslparameters().getprotocols(); (string protocol : protocols) { timber.d("context supported protocol: " + protocol); } sslengine engine = sslcontext.createsslengine(); string[] supportedprotocols = engine.getsupportedprotocols(); (string protocol : supportedprotocols) { timber.d("engine supported protocol: " + protocol); }

and end seeing on logcat:

06-22 21:56:27.715 1117-1117/? d/xxx﹕ context supported protocol: sslv3 06-22 21:56:27.715 1117-1117/? d/xxx﹕ context supported protocol: tlsv1 06-22 21:56:27.725 1117-1117/? d/xxx﹕ context supported protocol: tlsv1.1 06-22 21:56:27.725 1117-1117/? d/xxx﹕ context supported protocol: tlsv1.2 06-22 21:56:27.735 1117-1117/? d/xxx﹕ engine supported protocol: tlsv1 06-22 21:56:27.745 1117-1117/? d/xxx﹕ engine supported protocol: sslv3

of course of study if seek engine.setenabledprotocols(new string[] { "tlsv1.2" }) illegalargumentexception "protocol tlsv1.2 not supported."

i can see context claims back upwards tlsv1.2, engine create context doesn't? what's going on here? none of changes if utilize "tls" instead of "tlsv1.2" in first line above, btw.

i gather might have this issue, , i've read this (as yet unanswered) question , articles this, don't quite seem hitting spot - solutions i've seen seem rely on sslsocket rather sslengine.

thanks much knowledge can drop.

update 6/23/14 10amedt

so found sslengine.setsslparameters, hoping allow me pass in sslparameters got sslcontext.getsupportedsslparameters(), when phone call exception claims cipher suites aren't supported, looks setsslparameters() doing same thing setenabledciphersuites() does, , engine in state doesn't recognize tls 1.2 protocol/suites supported.

the android api docs correctly state tlsv1.2 supported sslengine in api level 20 or later (lollipop) while sslsocket supports since level 16.

using sslsocket or requiring api 20 no alternative our project , neither changing server code allow tlsv1 or sslv3. our solution install newer security provider using google play services:

providerinstaller.installifneeded(getapplicationcontext());

this gives app access newer version of openssl , java security provider includes back upwards tlsv1.2 in sslengine. 1 time new provider installed, can create sslengine supports sslv3, tlsv1, tlsv1.1 , tlsv1.2 usual way:

sslcontext sslcontext = sslcontext.getinstance("tlsv1.2"); sslcontext.init(null, null, null); sslengine engine = sslcontext.createsslengine();

or can restrict enabled protocols using engine.setenabledprotocols.

android sslengine