[TIMOB-24004] Android: Parameter tlsVersion has no effect in version< 5.0

GitHub Issue	n/a
Type	Bug
Priority	High
Status	Closed
Resolution	Invalid
Resolution Date	2016-10-12T10:19:55.000+0000
Affected Version/s	n/a
Fix Version/s	n/a
Components	Android
Labels	n/a
Reporter	Michael Bahl
Assignee	Gary Mathews
Created	2016-08-03T09:28:36.000+0000
Updated	2019-04-24T04:57:27.000+0000

Description

Comments

Sharif AbuDarda 2016-08-03

Hello, I Can't reproduce the issue with the code provided below. I am testing on ANdroid 4.4.4 with SDK 5.3.1.GA.

   var httpclient = Titanium.Network.createHTTPClient({
   
       validatesSecureCertificate: true,
   
       tlsVersion : Ti.Network.TLS_VERSION_1_2,
   
       onload : function(response) {
   
            Ti.API.info("Received text: " + this.responseText);
   
                    
   
       },
   
       onerror : function(response) {
   
            Ti.API.debug(response.error);
   
       }
   
    
   
   });
   
   httpclient.open("GET","https://appservices.anvilgroup.com/help");
   
   httpclient.send();

I am getting no such error.

   [INFO] :   Received text: <!DOCTYPE html>
   [INFO] :   <html lang="en">
   [INFO] :   <head>
   [INFO] :   <meta charset="utf-8" />
   [INFO] :   <meta name="viewport" content="width=device-width" />
   [INFO] :   <title>ANVIL App Service API</title>
   [INFO] :   
   [INFO] :   </head>
   [INFO] :   <body>
   [INFO] :   
   [INFO] :   
   [INFO] :   <link type="text/css" href="/Areas/HelpPage/HelpPage.css" rel="stylesheet" />
   [INFO] :   <header class="help-page">
   [INFO] :   <div class="content-wrapper">
   [INFO] :   <div class="float-left">
   [INFO] :   <h1>ANVIL App Service API</h1>
   [INFO] :   </div>
   [INFO] :   </div>
   [INFO] :   </header>
   [INFO] :   <div id="body" class="help-page">
   [INFO] :   <section class="featured">
   [INFO] :   <div class="content-wrapper">
   [INFO] :   <h2>Introduction</h2>
   [INFO] :   <p>
   [INFO] :   This API is intended for ANVIL apps
   [INFO] :   </p>
   [INFO] :   </div>
   [INFO] :   </section>
   [INFO] :   <section class="content-wrapper main-content clear-fix">
   [INFO] :   
   [INFO] :   
   [INFO] :   <h2 id="Assistance">Assistance</h2>
   [INFO] :   <p>Supplies / accepts information for assistance</p>
   [INFO] :   <table class="help-page-table">
   [INFO] :   <thead>
   [INFO] :   <tr><th>API</th><th>Description</th></tr>
   [INFO] :   </thead>
   [INFO] :   <tbody>
   [INFO] :   <tr>
   [INFO] :   <td class="api-name"><a href="/Help/Api/GET-api-ext-Assistance-Lines-id">GET api/{ext}/Assistance/Lines/{id}</a></td>
   [INFO] :   <td class="api-documentation">
   [INFO] :   <p>Gets Assistance lines configured for a specific client</p>
   [INFO] :   </td>
   [INFO] :   </tr>
   [INFO] :   <tr>
   [INFO] :   <td class="api-name"><a href="/Help/Api/GET-api-ext-Assistance-LinesV1-id">GET api/{ext}/Assistance/LinesV1/{id}</a></td>
   [INFO] :   <td class="api-documentation">
   [INFO] :   <p>Gets Assistance lines configured for a specific client (using EnterpriseSetup V1 Client Id)</p>
   [INFO] :   </td>
   [INFO] :   </tr>
   [INFO] :   </tbody>
   [INFO] :   </table>
   [INFO] :   
   [INFO] :   <h2 id="InfoTree">InfoTree</h2>
   [INFO] :   <p>Supply Info Tree items</p>
   [INFO] :   <table class="help-page-table">
   [INFO] :   <thead>
   [INFO] :   <tr><th>API</th><th>Description</th></tr>
   [INFO] :   </thead>
   [INFO] :   <tbody>
   [INFO] :   <tr>
   [INFO] :   <td class="api-name"><a href="/Help/Api/GET-api-ext-InfoTree-id-type-countryId">GET api/{ext}/InfoTree/{id}/{type}/{countryId}</a></td>
   [INFO] :   <td class="api-documentation">
   [INFO] :   <p>Get Info Tree data items (by type) for a defined client</p>
   [INFO] :   </td>
   [INFO] :   </tr>
   [INFO] :   <tr>
   [INFO] :   <td class="api-name"><a href="/Help/Api/GET-api-ext-InfoTree-id-type-countryId-language">GET api/{ext}/InfoTree/{id}/{type}/{countryId}/{language}</a></td>
   [INFO] :   <td class="api-documentation">
   [INFO] :   <p>Get resourced Info Tree data items (by type) for a defined client including a country Id filter</p>
   [INFO] :   </td>
   [INFO] :   </tr>
   [INFO] :   <tr>
   [INFO] :   
   [INFO] :   <td class="api-documentation">
   [INFO] :   <p>Get resourced Info Tree data items (by type) for a defined client</p>
   [INFO] :   </td>
   [INFO] :   </tr>
   [INFO] :   </tbody>
   [INFO] :   </table>
   [INFO] :   
   [INFO] :   <h2 id="Area">Area</h2>
   [INFO] :   <p>Supplies information on areas (towns, cities etc)</p>
   [INFO] :   <table class="help-page-table">
   [INFO] :   <thead>
   [INFO] :   <tr><th>API</th><th>Description</th></tr>
   [INFO] :   </thead>
   [INFO] :   <tbody>
   [INFO] :   <tr>
   [INFO] :   <td class="api-name"><a href="/Help/Api/GET-api-ext-Area-id">GET api/{ext}/Area/{id}</a></td>
   [INFO] :   <td class="api-documentation">
   [INFO] :   <p>Get Area record by Id</p>
   [INFO] :   </td>
   [INFO] :   </tr>
   [INFO] :   <tr>
   [INFO] :   <td class="api-name"><a href="/Help/Api/GET-api-ext-Area-all">GET api/{ext}/Area/all</a></td>
   [INFO] :   <td class="api-documentation">
   [INFO] :   <p>Returns all Area records</p>
   [INFO] :   </td>
   [INFO] :   </tr>
   [INFO] :   <tr>
   [INFO] :   <td class="api-name"><a href="/Help/Api/GET-api-ext-Area-Lookup-all">GET api/{ext}/Area/Lookup/all</a></td>
   [INFO] :   <td class="api-documentation">
   [INFO] :   <p>Returns a lookup list of ALL Area records</p>
   [INFO] :   </td>
   [INFO] :   </tr>
   [INFO] :   <tr>
   [INFO] :   <td class="api-name"><a href="/Help/Api/GET-api-ext-Area-ByCountryId-id">GET api/{ext}/Area/ByCountryId/{id}</a><

Thanks.

Michael Bahl 2016-08-03

Of cause your example works because https://appservices.anvilgroup.com support both tls1.1 and tls1.2, but your example wouldn't work if https://appservices.anvilgroup.com only supports tls1.2. For example both commands below will work for https://appservices.anvilgroup.com: curl https://appservices.anvilgroup.com/help --tlsv1.1 curl https://appservices.anvilgroup.com/help --tlsv1.2 if we try to connect to a server which onyl supports tls1.2 for instance https://elster.de: curl https://elster.de --tlsv1.1 //This will fail curl https://elster.de --tlsv1.2 //This one will work If we try to connect to a server which only supports tls1.2 your titanium sample will fail on android < 5.0. Check it out and let me know your results.
Michael Bahl 2016-08-29

I have creted a sample project for you --> https://github.com/MichelBahl/tls-AC-4323. Please reopen this ticket.
Michael Bahl 2016-08-29

Here is a video showing the bug https://www.youtube.com/watch?v=B8c0cBGIevs&feature=youtu.be
Sharif AbuDarda 2016-09-28

Hello, Can you try in latest SDK 5.5.0.GA?
Michael Bahl 2016-09-30

I am gonna check this, this weekend
Michael Bahl 2016-10-03

It's still not working. if you have problems to repdroduce the issue, contact me via e-mail to exchange skype name/number.

Sharif AbuDarda 2016-10-04

Hello, I tried your test project, For me, the app works for both case, I watched your video, I see you are getting the error and for me, I am getting the below log in Android 5.0.0. Make sure you are using the latest SDK 5.5.1.GA. Thanks.

   [INFO] :   Received text: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   [INFO] :   <html  xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
   [INFO] :   <head>
   [INFO] :   <title>ELSTER - Die elektronische Steuererklärung</title>
   [INFO] :   <meta http-equiv="Content-Language" content="de">
   [INFO] :   <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
   [INFO] :   <meta http-equiv="expires" content="0">
   [INFO] :   <meta http-equiv="pragma" content="no-cache">
   [INFO] :   <link rel='stylesheet' href='css/lp.css' type='text/css' />
   [INFO] :   <link rel='stylesheet' href='css/buttons.css' type='text/css' />
   [INFO] :   <link rel='stylesheet' href='css/buttons-core.css' type='text/css' />
   [INFO] :   <link rel='stylesheet' href='css/font-awesome.css' type='text/css' />
   [INFO] :   <script src="js/jquery-1.9.1.min.js" type="text/javascript"></script>
   [INFO] :   <script src="misc.js" type="text/javascript"></script>
   [INFO] :   <script type="text/javascript" src="js/jssor.js"></script>
   [INFO] :   <script type="text/javascript" src="js/jssor.slider.js"></script>
   [INFO] :   <script type="text/javascript" src="js/slider.js"></script>
   [INFO] :   <noscript>
   [INFO] :   <style type="text/css">
   [INFO] :   #slider1_container {display:none;}
   [INFO] :   </style>
   [INFO] :   </noscript>
   [INFO] :   </head>
   [INFO] :   
   [INFO] :   <body>
   [INFO] :   <div id="outmost">
   [INFO] :   <a name="start"></a>
   [INFO] :   <div id="outer">
   [INFO] :   <div id="content">
   [INFO] :   <!-- Header Logo -->
   [INFO] :   <h1 class="invisible">Elster<span lang="en"> Landing Page</span></h1>
   [INFO] :   <img src="image/lphead.gif" alt="ElsterOnline" class="lphead"/>
   [INFO] :   <div id="flashheader">
   [INFO] :   <noscript>
   [INFO] :   <h2 class="invisible">Info und nützliche Links</h2>
   [INFO] :   <div id="flashexample"><img src="belegabruf/image/vast_motiv.png" alt="Das Bild ist ein Vorschaubild einer Werbeanimation. Es zeigt einen Vater mit seinem Sohn."/></div>
   [INFO] :   <div id="flashtext">
   [INFO] :   <p class="schriftklwth">
   [INFO] :   Elster<span lang="en" xml:lang="en">Online</span> ist Ihr elektronisches Finanzamt. Mit Elster<span lang="en" xml:lang="en">Online</span> können Sie nach einer kostenlosen <a href="https://www.elsteronline.de/eportal/eop/auth/Registrierung.tax" class="intextlink" title="Zur Registrierung im ElsterOnline-Portal, Link öffnet neues Fenster." target="_blank">Registrierung</a> viele Steuerangelegenheiten direkt und bequem am Computer erledigen - ganz ohne Ausdruck, Formulare und Postversand.<br>
   [INFO] :   </p>
   [INFO] :   <p id="flashtxtlink">
   [INFO] :   <a href="https://www.elsteronline.de/eportal" class="pure-button" target="_blank" title="Zum ElsterOnline-Portal, Link öffnet neues Fenster"><i class="fa fa-caret-right"></i> Zum ElsterOnline-Portal</a><br/>
   [INFO] :   <a href="./elfo_home.php" class="pure-button" target="_blank" title="Zum Download: ElsterFormular, Link öffnet neues Fenster"><i class="fa fa-caret-right"></i> Download ElsterFormular</a><br/>
   [INFO] :   <a href="./index_web.php" class="pure-button" target="_blank" title="Zur Elster Webseite, Link öffnet neues Fenster"><i class="fa fa-caret-right"></i> ELSTER Webseite</a><br/>
   [INFO] :   <a href="./belegabruf/index.php" class="pure-button" target="_blank" title="Zur Seite: Belegabruf, Link öffnet neues Fenster"><i class="fa fa-caret-right"></i> Vorausgefüllte Steuererklärung</a><br/>
   [INFO] :   </p>
   [INFO] :   </div>
   [INFO] :   <div id="flashrgbg"> </div>
   [INFO] :   </noscript>
   [INFO] :   <!-- Jssor Slider Begin -->
   [INFO] :   <div id="slider1_container">
   [INFO] :   <div class="loading-slide-parent" u="loading">
   [INFO] :   <div class="loading-slide-child1"></div>

Michael Bahl 2016-10-04

I am using the latest SDK and it fails. Are you using Android 4.4.4 ?

Gary Mathews 2016-10-11

[~mBahl] [~sdarda] It appears the issue isn't with Titanium, Android 4.1+ does support TLSv1.2. However, the ciphers used by https://elster.de are not supported in Android 4.1+. You can view the ciphers supported by Android 4.1+ here: https://developer.android.com/reference/javax/net/ssl/SSLSocket.html *TEST CASE FOR TLSv1.2*

    var http = Titanium.Network.createHTTPClient(
        {
            validatesSecureCertificate: true,
            tlsVersion: Ti.Network.TLS_VERSION_1_2,
            onload: function (response) {
                var tls = /TLS\s\d\.\d/g.exec(this.responseText);
                if (tls) {
                    Ti.API.info('Android API: ' + Ti.Platform.Android.API_LEVEL);
                    Ti.API.info(tls[0]);
                }
            },
            onerror: function (response) {
                Ti.API.info(response.error);
            }
        }
    );
    http.open('GET', 'www.howsmyssl.com');
    http.send();

    Android API: 16
    TLS 1.2

Michael Bahl 2016-10-13

www.howsmyssl.com is *not* a valid test case. You have to test against an URL which only supports 1.2 but not 1.1.
Gary Mathews 2016-10-13

[~mBahl] I did, I tested against https://elster.de/. My test case above is to prove TLSv1.2 is working on Android 4.1 and that the issue is due to the host using ciphers that are not compatible with < Android 5.0. The host I tested with https://elster.de/ *only* allows the following ciphers to be used: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Compatibility for these ciphers was introduced in Android 5.0 (https://developer.android.com/reference/javax/net/ssl/SSLSocket.html)
Lee Morris 2017-03-24

Closing ticket as invalid with reference to the above comments.

JSON Source