🧾 Description
While Android 4.4 (KitKat) supports TLS v1.2 at the system level, it is not enabled by default for applications using the standard API/SDK. This article explains the difference in TLS behavior between browsers and apps, and provides guidance on enabling TLS v1.2 for apps on devices like the DL-Axist and Skorpio X4.
Background
- Browsers: TLS v1.2 is enabled by default. You can verify this by visiting https://www.howsmyssl.com using the device’s default browser.
- Apps: Although TLS v1.2 is supported starting from API level 16 (Android 4.1), it is only enabled by default from API level 20 (Android 4.4W), which was designed for Android Wear.
- This means that on Android 4.4 devices, apps must explicitly enable TLS v1.2 in their code to use it.
🛠️ Resolution Steps
1. Enable TLS v1.2 in Application Code
Developers must configure their app to use TLS v1.2 manually. This typically involves:
Creating a custom SSLSocketFactory that supports TLS v1.2.
Applying it to the HTTP client used in the app (e.g., OkHttp, HttpURLConnection).
Example Using OkHttp:
Refer to this GitHub discussion for implementation details:
👉 OkHttp TLS v1.2 on Android 4.4
Additional Guide:
👉 Enable TLS 1.1 and 1.2 on Android 4.1+
Important Notes
- This change must be made in the app’s source code—it cannot be configured via system settings.
- TLS v1.2 is essential for secure communication with modern servers that reject older protocols like TLS v1.0 and v1.1.