KitKat and TLSv1.2

栏目: IT技术 · 发布时间: 4年前

内容简介:TLSv1.2 came out in 2008 but Android didn’t get support for it until Android 5 in 2014. Previous releases including Android 4.4 KitKat support up to TLSv1.1 by default.KitKat’s old TLSv1.1 isn’t secure enough and so its retirement has been planned for a lo

TLSv1.2 came out in 2008 but Android didn’t get support for it until Android 5 in 2014. Previous releases including Android 4.4 KitKat support up to TLSv1.1 by default.

KitKat’s old TLSv1.1 isn’t secure enough and so its retirement has been planned for a long time. RFC 7525 said this in 2015:

“Implementations MUST support TLS 1.2 and MUST prefer to negotiate TLS version 1.2 over earlier versions of TLS.
Rationale: Several stronger cipher suites are available only with TLS 1.2. In fact, the cipher suites recommended by this document are only available in TLS 1.2.”

Browsers are shutting off TLSv1.1 right now.

SSL Labs started limiting grades to ‘B’ for HTTPS sites that still offer TLSv1.1. Early this year Chrome , Safari , Firefox , and Edge will require TLSv1.2 or better.

Keep KitKat?

If you maintain an app that runs on KitKat, you have options:

  • Continue to use TLSv1.1.Webservers can support many versions of TLS simultaneously and so you can offer TLSv1.1 to KitKat users and TLSv1.2 to everyone else.

  • Hook up Google Play Services’ ProviderInstaller.This lets you run TLSv1.2 on KitKat devices that have Play Services set up. See Ankush Gupta’s guide for instructions .

  • Embed Conscrypt.You can include a copy of Conscrypt, a library from Google that integrates BoringSSL with Java. This adds about 3 MiB to your APK and you’ll need to remember to keep Conscrypt itself up-to-date. This StackOverflow answer describes what to do.

Code that targets KitKat is limited to OkHttp 3.12.x. Newer releases require Android 5 or newer !

Kill KitKat!

Android 5 came out in 2014. Devices like 2012’s Nexus 4 and 2013’s Galaxy S4 were updated to Android 5.

You could just stop shipping app updates to these dinosaurs and that will be okay. Just remember to keep TLSv1.1 enabled on your web servers.


以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Advanced Web Metrics with Google Analytics

Advanced Web Metrics with Google Analytics

Brian Clifton / Sybex / 2008 / USD 39.99

Are you getting the most out of your website? Google insider and web metrics expert Brian Clifton reveals the information you need to get a true picture of your site's impact and stay competitive usin......一起来看看 《Advanced Web Metrics with Google Analytics》 这本书的介绍吧!

RGB转16进制工具
RGB转16进制工具

RGB HEX 互转工具

MD5 加密
MD5 加密

MD5 加密工具

正则表达式在线测试
正则表达式在线测试

正则表达式在线测试