Project

General

Profile

Feature #72

Updated by Soren Stoutner over 7 years ago

Charles Fisher <chasjfish@gmail.com> requested disabling Android KitKat (API 19) enables SSLv3 on Android API 19 (KitKat), by default, which is insecure and can lead to man-in-the middle attacks.    It is already disabled systemwide on API > 19. 

 https://www.ssllabs.com/ 

 It is possible to disable SSLv3 in API 19 KitKat using a custom SSLSocketFactory with `setEnabledProtocols()`. 

 https://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/ 

 https://developer.android.com/reference/javax/net/ssl/SSLSocketFactory.html 

 https://developer.android.com/reference/javax/net/ssl/SSLSocket.html 

 http://callistaenterprise.se/blogg/teknik/2011/11/24/android-tlsssl-mutual-authentication/ 

 http://stackoverflow.com/questions/21274366/maintain-session-attributte-while-open-new-url-in-webview-android

Back