Add support for new security protocols on older android versions #1226
Conversation
SandroMachado
force-pushed
the
support/add-support-for-tls-older-android-versions
branch
3 times, most recently
from
3a76327 to
62ecb05
Compare
SandroMachado
force-pushed
the
support/add-support-for-tls-older-android-versions
branch
from
62ecb05 to
d6b2eb7
Compare
|
Requiring Google Play Services is, for me, a no go. |
|
We need the Google Play Services Base dependency because it is the only way to update the application context with the latest updates for the Security Provider. We only need the base dependency, so it is not the full google play services library. Since the application is available through the Google Play Store, most part of the users will have the google play services and should be seamless to them the update. If the user does not have the google play services, the app will also work without breaking. This PR will increase the support and the security of the application. |
|
👍 for merging. This will disable insecure encryption methods. |
|
Thanks a lot for your contribution! Alternatively you can add a comment here where you state that this contribution is MIT licensed. Some more details about out pull request workflow can be found here: http://owncloud.org/code-reviews-on-github/ |
|
This contribution is MIT licensed. |
|
@SandroMachado the build is broken. Most likely due to the missing exploded jar/aar for the ant build and its corresponding build scripts. This would need to be fixed in order to be able to merge this in case @davivel and @masensio (core team) decide that this should be merged. |
|
@AndyScherzinger thanks for the feedback. |
|
@SandroMachado you are very welcome! Also I saw that the PR has merge conflicts which would need to be resolved. But as I said you probably should wait for the feedback from @davivel and @masensio before putting any more effort into it. |
|
TLS 1.2 already supported |
With this pull request the application should update its own security provider enabling by default the latests security protocols and increase the overall app security.
The workaround introduced by owncloud/android-library#43 can also be removed. Updating the security provider also fix the android issues with TLS on API levels 16 to 20.
This PR should also close the issues related to problems with security protocols like #470
Travis integration is broken because it is necessary to add support for the google play services
compile 'com.google.android.gms:play-services-base:8.1.0'.