Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use Conscrypt as security provider if available #23984

Closed
wants to merge 2 commits into from

Conversation

dulmandakh
Copy link
Contributor

@dulmandakh dulmandakh commented Mar 17, 2019

Summary

This PR adds support to use Conscrypt as Security Provider if available runtime. Consscrypt supports TLS 1.2 on Android 4.x and TLS 1.3 on all Android versions. Fixes issues (ex #23151) with HTTPS connections on Android 4.x.

Just add below to your project build.gradle and it'll use it.

implementation('org.conscrypt:conscrypt-android:2.0.0')

Workaround

Please copy and paste below code in onCreate method of MyApplication.java

Security.insertProviderAt(new org.conscrypt.OpenSSLProvider(), 1);

Changelog

[Android] [Changed] - Add TLS 1.3 support to all Android versions using Conscrypt.

Test Plan

CI is green and TLS 1.2 connections work on Android,

@facebook-github-bot facebook-github-bot added CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. Contributor A React Native contributor. Partner labels Mar 17, 2019
@dulmandakh dulmandakh added the Platform: Android Android applications. label Mar 17, 2019
@dulmandakh dulmandakh requested a review from gengjiawen March 17, 2019 10:35
@dulmandakh
Copy link
Contributor Author

@hey99xx please review

@sercand
Copy link

sercand commented Mar 17, 2019

I think react-native shouldn't include TLS 1.3 support by default because:

  • It adds 3mb to the apk file
  • TLS 1.3 is not common enough to include a library
  • Android Q adds TLS 1.3, ios 12.2 enables 1.3, why hurry?

@gengjiawen
Copy link
Contributor

gengjiawen commented Mar 17, 2019

I agree with @sercand . Maybe not a good time to add this.

We can add docs to instruct developer how to enable TLS 1.3 in react native.

@dulmandakh
Copy link
Contributor Author

dulmandakh commented Mar 17, 2019 via email

@dulmandakh dulmandakh changed the title TLS 1.3 support using Conscrypt use Conscrypt as security provider if available Mar 18, 2019
@dulmandakh dulmandakh requested a review from mdvacca March 18, 2019 13:24
Copy link
Contributor

@cpojer cpojer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably add some documentation for this somewhere.

Copy link
Contributor

@facebook-github-bot facebook-github-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cpojer is landing this pull request. If you are a Facebook employee, you can view this diff on Phabricator.

@react-native-bot
Copy link
Collaborator

This pull request was successfully merged by @dulmandakh in 75af15e.

When will my fix make it into a release? | Upcoming Releases

@react-native-bot react-native-bot added the Merged This PR has been merged. label Mar 18, 2019
grabbou pushed a commit that referenced this pull request Mar 22, 2019
Summary:
This PR adds support to use Conscrypt as Security Provider if available runtime. Consscrypt supports TLS 1.2 on Android 4.x and TLS 1.3 on all Android versions. Fixes issues (ex #23151) with HTTPS connections on Android 4.x.

Just add below to your project build.gradle and it'll use it.

```gradle
implementation('org.conscrypt:conscrypt-android:2.0.0')
```

[Android] [Changed] - Add TLS 1.3 support to all Android versions using Conscrypt.
Pull Request resolved: #23984

Differential Revision: D14506000

Pulled By: cpojer

fbshipit-source-id: 58bf18f7203d20519fb4451bae83f01e2f020a44
@dulmandakh dulmandakh deleted the android-tls-13 branch October 15, 2019 05:15
@safciplak
Copy link

Ashoat added a commit to CommE2E/comm that referenced this pull request Oct 28, 2020
Summary:
When I updated the server to Ubuntu 20, this switched us over to [requiring TLS 1.2](https://discourse.ubuntu.com/t/default-to-tls-v1-2-in-all-tls-libraries-in-20-04-lts/12464).

However, Android 4 doesn't have support for TLS 1.2, which means we weren't able to connect to the server.

Luckily, [there's a way](facebook/react-native#23984) to use a third-party lib for TLS 1.2 (and TLS 1.3) support in React Native.

Test Plan: Make sure Android 4.4 client can connect to server

Reviewers: palys-swm

Reviewed By: palys-swm

Subscribers: KatPo, zrebcu411, Adrian

Differential Revision: https://phabricator.ashoat.com/D333
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. Contributor A React Native contributor. Merged This PR has been merged. Platform: Android Android applications.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants