I did an app for a company and it supported API level 13+ (3.0+). It collects data from their CMS via XML and displays it on the app. This is done over HTTPS which worked fine until they upgraded their server to TLS 1.2. Now android versions below API level 20 won't fetch the XML because of SSLPeerUnverifiedException
and a whole lot of phones can't see this app anymore.
Is there a way to get past SSLPeerUnverified
while leaving TLS 1.2 enabled?
Note: The current SSL certificates are as follows:
AddTrust External CA Root
--> COMODO High-Assurance Secure Server CA
--> *.appdomain.com
Most helpful SOF article so far:
Implementing TLS 1.2 on Android 2.3.3
Someone else on the team answered this but the result included the following:
SSLContext helper=null;
helper.init(null,null,null);
SSLContext.getInstance("TLSv1.2");
SSLEngine engine = helper.createSSLEngine();
Here's the function he used to check ssl and put everything in:
public void sslCheck() {
int PLAY_SERVICES_RESOLUTION_REQUEST=9000;
int resultCode = GooglePlayServicesUtil.isGooglePlayServicesAvailable(this);
//Log.i("log_tag2", String.valueOf(resultCode));
if (resultCode != ConnectionResult.SUCCESS) {
if (GooglePlayServicesUtil.isUserRecoverableError(resultCode)) {
Log.i("log_tag2","Not good!");
if (MyAppActivity.instance != null) {
Log.i("log_tag2","but can fix");
GooglePlayServicesUtil.getErrorDialog(
resultCode,
MyAppActivity.instance,
PLAY_SERVICES_RESOLUTION_REQUEST).show();
}
}
}
else {
Log.i("log_tag2","Already good!");
try {
ProviderInstaller.installIfNeeded(this);
Log.i("log_tag", "1");
} catch (GooglePlayServicesRepairableException e) {
e.printStackTrace();
} catch (GooglePlayServicesNotAvailableException e) {
e.printStackTrace();
}
SSLContext helper=null;
try {
helper = SSLContext.getInstance("TLSv1.2");
Log.i("log_tag","2");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
try {
helper.init(null,null,null);
Log.i("log_tag", "3");
} catch (KeyManagementException e) {
e.printStackTrace();
}
SSLEngine engine = helper.createSSLEngine();
}
}