Feature #72
Updated by Soren Stoutner about 8 years ago
Charles Fisher <chasjfish@gmail.com> requested disabling Android KitKat (API 19) enables SSLv3 on Android API 19 (KitKat), by default, which is insecure and can lead to man-in-the middle attacks. It is already disabled systemwide on API > 19. https://www.ssllabs.com/ It is possible to disable SSLv3 in API 19 KitKat using a custom SSLSocketFactory with `setEnabledProtocols()`. https://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/ https://developer.android.com/reference/javax/net/ssl/SSLSocketFactory.html https://developer.android.com/reference/javax/net/ssl/SSLSocket.html http://callistaenterprise.se/blogg/teknik/2011/11/24/android-tlsssl-mutual-authentication/ http://stackoverflow.com/questions/21274366/maintain-session-attributte-while-open-new-url-in-webview-android