Using OkHttp and Google Security ProviderInstaller any connection to a domain that supports both TLS1.2 and TLS1.3 are made using 1.2 version. Without ProviderInstaller all works fine using 1.3.
this is sample code, using last version of okhttp and play-services-basement on Android 12
GlobalScope.launch(Dispatchers.IO) {
var r1 = OkHttpClient().newCall(Request.Builder().url("https://www.google.com").build()).execute()
println(r1.handshake)
try {
ProviderInstaller.installIfNeeded(this@MainActivity)
println("ProviderInstaller DONE")
} catch (e: Exception) {
e.printStackTrace()
}
var r2 = OkHttpClient().newCall(Request.Builder().url("https://www.google.com").build()).execute()
println(r2.handshake)
}
the log result are
I/System.out: Handshake{tlsVersion=TLS_1_3 cipherSuite=TLS_AES_128_GCM_SHA256 peerCertificates=[CN=www.google.com, CN=GTS CA 1C3, O=Google Trust Services LLC, C=US, CN=GTS Root R1, O=Google Trust Services LLC, C=US] localCertificates=[]}
I/System.out: ProviderInstaller DONE
I/System.out: Handshake{tlsVersion=TLS_1_2 cipherSuite=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 peerCertificates=[CN=www.google.com, CN=GTS CA 1C3, O=Google Trust Services LLC, C=US, CN=GTS Root R1, O=Google Trust Services LLC, C=US] localCertificates=[]}
Does it seem like a HUGE problem only to me?
Another strange thing is that com.google.firebase.inappmessaging force app to use ProviderInstaller
from Google suggested Security ProviderInstaller downgrade TLS to 1.2?
No comments:
Post a Comment