This repository was archived by the owner on Jan 21, 2022. It is now read-only.
TLS1.3 support and ENCRYPTION_PADDING_NONE is added#392
Open
arindamhit wants to merge 3 commits intoMAS-2.1.00from
Open
TLS1.3 support and ENCRYPTION_PADDING_NONE is added#392arindamhit wants to merge 3 commits intoMAS-2.1.00from
arindamhit wants to merge 3 commits intoMAS-2.1.00from
Conversation
…ed as part of the padding property
uppoju
approved these changes
Aug 23, 2021
zakirjt
reviewed
Aug 23, 2021
| private static final String SSL_TLS_V1_2_PROTOCOL = "TLSv1.2"; | ||
| private static final String SSL_TLS_V1_3_PROTOCOL = "TLSv1.3"; | ||
| private static final String[] SUPPORTED_TLS = {SSL_V3_PROTOCOL, SSL_TLS_V1_PROTOCOL, SSL_TLS_V1_1_PROTOCOL, SSL_TLS_V1_2_PROTOCOL}; | ||
| private static final String[] SUPPORTED_TLS_Q = {SSL_V3_PROTOCOL, SSL_TLS_V1_PROTOCOL, SSL_TLS_V1_1_PROTOCOL, SSL_TLS_V1_2_PROTOCOL, SSL_TLS_V1_3_PROTOCOL}; |
Contributor
There was a problem hiding this comment.
SUPPORTED_TLS_Q , I think you are trying to say, its android q onwards, but its difficult to understand still, please use a more meaningful keyword here.
Contributor
Author
There was a problem hiding this comment.
Can I make SUPPORTED_TLS_FROM_ANDROID_Q ?
| private Socket enableTLS(Socket socket) { | ||
| if (socket != null && (socket instanceof SSLSocket)) { | ||
| ((SSLSocket) socket).setEnabledProtocols(SUPPORTED_TLS); | ||
| if ((socket instanceof SSLSocket)) { |
Contributor
There was a problem hiding this comment.
Why is the null check removed here ?
Contributor
Author
There was a problem hiding this comment.
Because instanceof covers that null check. It is actually redundant. IDE was showing the same.
zakirjt
approved these changes
Aug 23, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue: After Gateway 10 CR03, RSA-PSS support has been added in the Gateway but for Android 10 and above, we have missed it in our SDK. We need to enable ENCRYPTION_PADDING_NONE to support the same for Android 10 and above.
Apart from that, Android SDK 29 and above has started supporting TLS 1.3. As our gateway has the support for TLS 1.3, MAS SDK does not have that. So we enhanced it to support the TLS 1.3 protocol.
For the devices which are running below Android SDK 29(means Android 9 or below devices), they don't support TLS 1.3. In that case, we should enable TLS 1.2 and TLS 1.3 both on the gateway.