This post was originally published at Android O to drop insecure TLS version fallback in HttpsURLConnection

Posted by Tobias Thierer, Software Engineer

To improve security, insecure TLS version fallback has been removed from HttpsURLConnection
in Android O.

What is changing and why?

TLS version fallback is a compatibility workaround in the HTTPS stack to connect
to servers that do not implement TLS protocol version negotiation correctly. In
previous versions of Android, if the initial TLS handshake fails in a particular
way, HttpsURLConnection retries the handshake with newer TLS protocol versions
disabled. In Android O, it will no longer attempt those retries. Connections to
servers that correctly implement TLS protocol version negotiation are not
affected.

We are removing this workaround because it weakens TLS by disabling TLS protocol
version downgrade protections. The workaround is no longer needed, because fewer
than 0.01% of web servers relied on it as of late 2015.

Will my app be affected?

Most apps will not be affected by this change. The easiest way to be sure is to
build and test your app with the Android O Developer
Preview
. Your app’s HTTPS connections in Android O will not be affected if
they:

  • Target web servers that work with recent versions of Chrome or Firefox,
    because those servers have correctly implemented TLS protocol version
    negotiation. Support for TLS version fallback was removed in Firefox 37 (Mar
    2015) and Chrome 50 (Apr 2016).
  • Use a third-party HTTP library not built on top of HttpsURLConnection. We
    suggest you disable protocol fallback if you’re using a third-party library. For
    example, in OkHttp versions up to 3.6, you may want to configure your
    OkHttpClient to only use ConnectionSpec.MODERN_TLS.

My app is affected. What now?

If your app relies on TLS version fallback, its HTTPS connections are vulnerable
to downgrade attacks. To fix this, you should contact whoever operates the
server. If this is not possible right away, then as a workaround you could use a
third-party HTTP library that offers TLS version fallback. Be aware that using
this method weakens your app’s TLS security. To discover any compatibility
issues, please test your app against the Android O Developer Preview.

image image

View the original here:

This post was originally published at Android O to drop insecure TLS version fallback in HttpsURLConnection