Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / libcore / 53360555a747056b8e599c3e3fb06532e7e30f61
commit53360555a747056b8e599c3e3fb06532e7e30f61[log] [tgz]
authorAlex Klyubin <klyubin@google.com>Tue Nov 26 10:53:29 2013 -0800
committerAlex Klyubin <klyubin@google.com>Mon Dec 16 17:19:40 2013 -0800
treea12e54aa57ec6399a82225c548b34026f1ba1094
parent69e4812b123eecf09f1cf12d9072fa2f3c8f65a4 [diff]
Enable TLSv1.1 and TLSv1.2 by default for SSLSocket.

TLSv1.1 and TLSv1.2 offer built-in protection against BEAST attack
and support for GCM cipher suites.

This change causes TLS/SSL handshake failures with a small fraction
of servers, load balancers and TLS/SSL accelerators with broken
TLS/SSL implementations.

Scans demonstrate that the number is around 0.6%. Breaking
connectivity (using platform default settings) to a tiny minority of
the ecosystem is acceptable because this inconvenience is outweighed
by the added safety for the overwheling majority of the ecosystem.

App developers affected by this issue should consider asking such
servers to be fixed or explicitly disabling TLSv1.1 and TLSv1.2 in
their apps.

Bug: 11220570
Change-Id: Ice9e8ce550401ba5e3385fd369c40f01c06ac7fd
2 files changed
tree: a12e54aa57ec6399a82225c548b34026f1ba1094
  1. benchmarks/
  2. dalvik/
  3. dex/
  4. dom/
  5. expectations/
  6. harmony-tests/
  7. include/
  8. json/
  9. jsr166-tests/
  10. libart/
  11. libdvm/
  12. luni/
  13. support/
  14. xml/
  15. Android.mk
  16. CaCerts.mk
  17. CleanSpec.mk
  18. Docs.mk
  19. JavaLibrary.mk
  20. NativeCode.mk
  21. NOTICE
  22. run-libcore-tests