11 April 2017

Android O to drop insecure TLS version fallback in HttpsURLConnection

Posted by Tobias Thierer, Software Engineer

To improve security, insecure TLS version fallback has been removed from HttpsURLConnection in Android O.

What is changing and why?

TLS version fallback is a compatibility workaround in the HTTPS stack to connect to servers that do not implement TLS protocol version negotiation correctly. In previous versions of Android, if the initial TLS handshake fails in a particular way, HttpsURLConnection retries the handshake with newer TLS protocol versions disabled. In Android O, it will no longer attempt those retries. Connections to servers that correctly implement TLS protocol version negotiation are not affected.

We are removing this workaround because it weakens TLS by disabling TLS protocol version downgrade protections. The workaround is no longer needed, because fewer than 0.01% of web servers relied on it as of late 2015.

Will my app be affected?

Most apps will not be affected by this change. The easiest way to be sure is to build and test your app with the Android O Developer Preview. Your app's HTTPS connections in Android O will not be affected if they:

  • Target web servers that work with recent versions of Chrome or Firefox, because those servers have correctly implemented TLS protocol version negotiation. Support for TLS version fallback was removed in Firefox 37 (Mar 2015) and Chrome 50 (Apr 2016).
  • Use a third-party HTTP library not built on top of HttpsURLConnection. We suggest you disable protocol fallback if you're using a third-party library. For example, in OkHttp versions up to 3.6, you may want to configure your OkHttpClient to only use ConnectionSpec.MODERN_TLS.

My app is affected. What now?

If your app relies on TLS version fallback, its HTTPS connections are vulnerable to downgrade attacks. To fix this, you should contact whoever operates the server. If this is not possible right away, then as a workaround you could use a third-party HTTP library that offers TLS version fallback. Be aware that using this method weakens your app's TLS security. To discover any compatibility issues, please test your app against the Android O Developer Preview.