{ "id": "153271", "key": "TIMOB-20061", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "16997", "name": "Release 5.2.0", "archived": false, "released": true, "releaseDate": "2016-02-23" }, { "id": "17072", "name": "Release 5.1.2", "archived": false, "released": true, "releaseDate": "2016-01-12" } ], "resolution": { "id": "1", "description": "A fix for this issue is checked into the tree and tested.", "name": "Fixed" }, "resolutiondate": "2015-11-25T02:08:24.000+0000", "created": "2015-11-18T14:59:53.000+0000", "priority": { "name": "Critical", "id": "1" }, "labels": [ "TLS", "android" ], "versions": [], "issuelinks": [], "assignee": { "name": "hpham", "key": "hpham", "displayName": "Hieu Pham", "active": true, "timeZone": "America/Los_Angeles" }, "updated": "2015-12-02T23:47:42.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "10202", "name": "Android", "description": "Android Platform" } ], "description": "Using the latest SDK and studio, using Set TLS version on android functions as expected when built directly to the device, however once published to the store, the setting is ignored and android default behaviour kicks in.\r\n\r\nOn android versions 5 and above TLS 1.2 is used correctly both locally and published.\r\nOn android versions below 5 (4.4.4 and 4.1.0 confirmed) TLS 1.1 or TLS 1.2 is used correctly locally but connections are refused once published (SSL handshake fails)\r\n\r\nWe have TLS 1.0 disabled on our production environment for security reasons and as a consequence of the setting not taking affect, all android devices cannot connect to the server.\r\n\r\n\r\n*Repro Steps\r\nCreate a service endpoint with TLS 1.1 and TLS 1.2 only enabled.\r\nCreate HTTP client initialising TLS version\r\n\r\n{code:java}\r\n// Some comments here\r\n// create new HTTPClient\r\n\t\tvar httpRegister = Titanium.Network.createHTTPClient({\r\n\t\t\ttlsVersion : Ti.Network.TLS_VERSION_1_1\r\n\t\t});\r\n{code}\r\nSet target and min SDKS\r\n{code:xml}\r\n \r\n \r\n{code}\r\nAdd connection to server endpoint.\r\nCompile using Latest SDK and deploy to android 4.1 or 4.4.4 device (simulator also behaves correctly)\r\nRun application and hit endpoint.-> works\r\n\r\nPublish application to play store as beta or live\r\nRun application and hit endpoint -> call fails", "attachment": [], "flagged": false, "summary": "TLS Version set in Android ignored on Publish", "creator": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "subtasks": [], "reporter": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "environment": "Accelerator Studio\r\nMac OSX EL Capitan", "closedSprints": [ { "id": 529, "state": "closed", "name": "2015 Sprint 24 SDK", "startDate": "2015-11-21T01:30:12.670Z", "endDate": "2015-12-05T01:30:00.000Z", "completeDate": "2015-12-07T03:57:17.094Z", "originBoardId": 114 } ], "comment": { "comments": [ { "id": "370809", "author": { "name": "cbowley", "key": "cbowley", "displayName": "Chris Bowley", "active": true, "timeZone": "Europe/London" }, "body": "Martin, I'm wondering if the SSL failure is not due to the TLS version but rather that the certificate does not validate.\r\n\r\nBy default, the SSL certificate is only validated in production builds so if there is an issue with validation you would only see this in production: http://docs.appcelerator.com/platform/latest/#!/api/Titanium.Network.HTTPClient-property-validatesSecureCertificate.\r\n\r\nIf you are not already, set validatesSecureCertificate to true and test in development.", "updateAuthor": { "name": "cbowley", "key": "cbowley", "displayName": "Chris Bowley", "active": true, "timeZone": "Europe/London" }, "created": "2015-11-19T13:07:40.000+0000", "updated": "2015-11-19T13:07:40.000+0000" }, { "id": "370875", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Verified issue in simulators by setting validatesSecureCertificate to true.\r\nSeeing exactly the same issue as when published.\r\n\r\niOS 9+ - Works correctly\r\nAndroid 5 + - Works correctly\r\nAndroid 4.4.4 - Won't connect\r\nAndroid 4.1.0 - Won't connect \r\n\r\nSSL certificate was renewed last month so is valid, no warnings and full green logo etc in browser.\r\nhttps://appservices.anvilgroup.com/help for verification", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2015-11-19T20:56:31.000+0000", "updated": "2015-11-19T20:56:31.000+0000" }, { "id": "370876", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "In case it is relevant, Server certificate is a wild card, V3, Sha256 certificate.", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2015-11-19T21:02:31.000+0000", "updated": "2015-11-19T21:02:31.000+0000" }, { "id": "371400", "author": { "name": "hpham", "key": "hpham", "displayName": "Hieu Pham", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Testing code:\r\n{code}\r\nvar httpclient = Titanium.Network.createHTTPClient({\r\n validatesSecureCertificate: true,\r\n\ttlsVersion : Ti.Network.TLS_VERSION_1_2,\r\n\tonload : function(response) {\r\n\t\t Ti.API.info(\"Received text: \" + this.responseText);\r\n\t\t \r\n },\r\n onerror : function(response) {\r\n \t Ti.API.debug(response.error);\r\n }\r\n\r\n});\r\nhttpclient.open(\"GET\",\"https://appservices.anvilgroup.com/help\");\r\nhttpclient.send();\r\n{code}\r\nRun on API < 20 to reproduce.", "updateAuthor": { "name": "hpham", "key": "hpham", "displayName": "Hieu Pham", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2015-11-24T22:54:12.000+0000", "updated": "2015-11-24T22:54:12.000+0000" }, { "id": "371401", "author": { "name": "hpham", "key": "hpham", "displayName": "Hieu Pham", "active": true, "timeZone": "America/Los_Angeles" }, "body": "master PR: https://github.com/appcelerator/titanium_mobile/pull/7493", "updateAuthor": { "name": "hpham", "key": "hpham", "displayName": "Hieu Pham", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2015-11-24T22:54:49.000+0000", "updated": "2015-11-24T22:54:49.000+0000" }, { "id": "371415", "author": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "body": "PR merged. ", "updateAuthor": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "created": "2015-11-25T02:09:21.000+0000", "updated": "2015-11-25T02:09:21.000+0000" }, { "id": "371418", "author": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "body": "5_1_X (5.1.2) Backport PR: https://github.com/appcelerator/titanium_mobile/pull/7495", "updateAuthor": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "created": "2015-11-25T02:31:30.000+0000", "updated": "2015-11-25T02:31:30.000+0000" }, { "id": "371419", "author": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "body": "5_1_X PR merged.", "updateAuthor": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "created": "2015-11-25T02:48:41.000+0000", "updated": "2015-11-25T02:48:41.000+0000" }, { "id": "371975", "author": { "name": "lchoudhary", "key": "lchoudhary", "displayName": "Lokesh Choudhary", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Verified the fix with the testing code.\r\nUsing TLS version 1.1 & 1.2 on Android API<20 we can reach the endpoint & get the content.\r\n\r\nClosing.\r\n\r\nEnvironment:\r\nAppc Studio : 4.4.0.201511241829\r\nTi SDK : 5.1.2.v20151202061227\r\nTi CLI : 5.0.5\r\nAlloy : 1.7.26\r\nMAC Yosemite : 10.10.5\r\nAppc NPM : 4.2.2\r\nAppc CLI : 5.1.0\r\nNode: v0.12.27", "updateAuthor": { "name": "lchoudhary", "key": "lchoudhary", "displayName": "Lokesh Choudhary", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2015-12-02T23:47:20.000+0000", "updated": "2015-12-02T23:47:20.000+0000" } ], "maxResults": 12, "total": 12, "startAt": 0 } } }