Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-24594] Android: Loading images via HTTPS TLS 1.1 or newer fails on Android 4.x

GitHub Issuen/a
TypeBug
PriorityMedium
StatusClosed
ResolutionFixed
Resolution Date2019-03-19T19:57:20.000+0000
Affected Version/sRelease 6.0.3
Fix Version/sRelease 8.0.1
ComponentsAndroid
LabelsimageView
ReporterJoshua Quick
AssigneeGary Mathews
Created2017-04-19T02:14:35.000+0000
Updated2019-03-19T19:57:20.000+0000

Description

*Summary:* Images loaded via HTTPS from a server that uses a TLS 1.1 or TLS 1.2 certificate will fail to load on an Android OS version older than 5.0. *Steps to reproduce:*

Copy and paste the below code to a Titanium project.

Run it on an Android 4.x device.

Result: Notice that the image fails to load.

Run it on an Android 5.x or newer device.

Result: Image is successfully loaded and displayed.

var imageFilePath = "https://eoimages.gsfc.nasa.gov/images/imagerecords/73000/73751/world.topo.bathy.200407.3x21600x21600.B2.jpg";
var window = Titanium.UI.createWindow();
var imageView = Ti.UI.createImageView(
{
	image: imageFilePath,
	height: Ti.UI.FILL,
	width: Ti.UI.FILL,
});
window.add(imageView);
window.open();
*Reason:* Android 5.0 and newer devices support TLS 1.0, 1.1, and 1.2 by default without any code changes, but older Android OS versions only support TLS 1.0 by default. *Work-around:* Developers can work-around this issue by download the image themselves via the HTTPClient API and then displaying the downloaded file. Titanium's HTTPClient supports TLS 1.1 and 1.2 on Android 4.1 and higher.

Comments

  1. Joshua Quick 2017-04-19

    *Recommended Solution:* Use an SSLSocketFactory derived class like what we have in Titanium's core network module "TiSocketFactory.java", which is what Titanium's HTTPClient JavaScript API uses.
  2. Gary Mathews 2017-04-19

  3. Joshua Quick 2017-04-20

    [~gmathews], yes, I've seen the "TiSocketFactory" code and that's definitely the solution to this issue. That's why I stated that a developer can work-around this by downloading the image his/herself via the HTTPClient. :) The issue is that setting "image" and "backgroundImage" via a URL goes through our "TiDownloadManager" instead, which does not set up a custom SSLSocketFactory that handles TLS 1.1/1.2. It also does not handle redirects between protocols, such as HTTP->HTTPS and vice-versa (I'm currently correcting this last one).
  4. Gary Mathews 2018-12-19

    master: https://github.com/appcelerator/titanium_mobile/pull/10553
  5. Gary Mathews 2019-01-08

    8_0_X: https://github.com/appcelerator/titanium_mobile/pull/10588
  6. Keerthi Mahalingam 2019-03-07

    FR Passed. PR merged
  7. Keerthi Mahalingam 2019-03-19

    Verified the fix SDK 8.1.0.v20190319060446 and 8.0.1.v20190318134648. Closing. 
       Operating System
     Name                        = Mac OS X
     Version                     = 10.13.6
     Architecture                = 64bit
     # CPUs                      = 8
     Memory                      = 17179869184
   Node.js
     Node.js Version             = 8.12.0
     npm Version                 = 6.4.1
   Titanium CLI
     CLI Version                 = 5.1.1
   Titanium SDK
     SDK Version                 = 8.1.0.v20190319060446
    Device          = samsung 5 android 6
   Emulator =PIXEL android 9

JSON Source