Skip to content

Commit

Permalink
use Conscrypt as security provider if available (#23984)
Browse files Browse the repository at this point in the history
Summary:
This PR adds support to use Conscrypt as Security Provider if available runtime. Consscrypt supports TLS 1.2 on Android 4.x and TLS 1.3 on all Android versions. Fixes issues (ex #23151) with HTTPS connections on Android 4.x.

Just add below to your project build.gradle and it'll use it.

```gradle
implementation('org.conscrypt:conscrypt-android:2.0.0')
```

[Android] [Changed] - Add TLS 1.3 support to all Android versions using Conscrypt.
Pull Request resolved: #23984

Differential Revision: D14506000

Pulled By: cpojer

fbshipit-source-id: 58bf18f7203d20519fb4451bae83f01e2f020a44
  • Loading branch information
dulmandakh authored and grabbou committed Mar 22, 2019
1 parent a38dc73 commit fab86ee
Showing 1 changed file with 10 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
import com.facebook.common.logging.FLog;

import java.io.File;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
Expand Down Expand Up @@ -69,7 +71,14 @@ public static OkHttpClient.Builder createClientBuilder() {
.writeTimeout(0, TimeUnit.MILLISECONDS)
.cookieJar(new ReactCookieJarContainer());

return enableTls12OnPreLollipop(client);
try {
Class ConscryptProvider = Class.forName("org.conscrypt.OpenSSLProvider");
Security.insertProviderAt(
(Provider) ConscryptProvider.newInstance(), 1);
return client;
} catch (Exception e) {
return enableTls12OnPreLollipop(client);
}
}

public static OkHttpClient.Builder createClientBuilder(Context context) {
Expand Down

1 comment on commit fab86ee

@halaei
Copy link
Contributor

@halaei halaei commented on fab86ee Jul 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it require some proguard config?

Please sign in to comment.