SSLProtocolException about braintree-android-drop-in HOT 6 CLOSED

Hey @crocoM4,

Thanks for opening this issue. We're aware of issues with the SSL implementation on that particular Samsung device that will prevent the device from communicating with Braintree's servers. Note also that later this year, Braintree will be completely dropping support for all security protocols lower than TLS 1.2, as required by PCI regulations. See this article for more information on the industry's transition to newer security protocols. Would you mind trying your integration on a newer device or emulator and letting us know if you're still experiencing issues?

from braintree-android-drop-in.

The SDK has had TLS 1.2 enabled on API 16-19 devices for quite some time.

We've heard of this issue occurring on a very small number of devices, but have never been able to get a device that reproduces this. We suspect an implementation bug on the devices that always tries to use SSLv3 and won't fallback to other methods if the server does not support SSLv3.

As a quick test, if you put this code in your app and run it on the Samsung S7390 that is currently returning the error you should get some log output that may be useful in tracking this down.

try {
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, null, null);
    SocketFactory socketFactory = sslContext.getSocketFactory();

    String[] supportedProtocols = ((SSLSocket) socketFactory.createSocket()).getSupportedProtocols();
    for (String protocol : supportedProtocols) {
        Log.d("SSL-TEST", "Supported SSL protocol: " + protocol);
    }
} catch (Exception e) {
    Log.d("SSL-TEST", e.getMessage());
}

from braintree-android-drop-in.

Hi @sdcoffey,
thanks for reply.
I have test my app on a THL T6C Android 5.1 API 22 and it work.
I try even on a Samsung S4 Android 4.4.2 API 19 and it worked but, i think, because that device is rooted, maybe on other API 19 device it doesn't work.

In android documentation said that the TLS 1.2 is supported by 16+ API device but is enable by default from API 20+ .

I search a method to enable it and i fonud this solution , create a custom SSLSocketFactory and than pass to a OkHttpClient.

There is a possibilty to integrate that method and make calls to Braintree's servers?

There is any a workaround to make it work?

from braintree-android-drop-in.

Hi @lkorth
i put your code in my MainActivity in the onCreate method.
here the log that i get:

05-04 17:30:10.384 5795-5795/com.example.prova D/SSL-TEST: Supported SSL protocol: SSLv3
05-04 17:30:10.384 5795-5795/com.example.prova D/SSL-TEST: Supported SSL protocol: TLSv1
05-04 17:30:10.384 5795-5795/com.example.prova D/SSL-TEST: Supported SSL protocol: TLSv1.1
05-04 17:30:10.384 5795-5795/com.example.prova D/SSL-TEST: Supported SSL protocol: TLSv1.2

if you need more tests or info just let me know.

Thanks for the reply and the explanations

from braintree-android-drop-in.

After a lot of search i found a solution that worked for me, in my code i added this:

ProviderInstaller.installIfNeeded(getApplicationContext());

here google documentation

For now I' dont get the exception and the drop-in ui work just fine.

from braintree-android-drop-in.

Thanks for sharing your fix!

It sounds like this may be similar to paypal/PayPal-Android-SDK#341 and something in Google Play services is swapping the SSL implementation. Calling ProviderInstaller#installIfNeeded may be resetting it.

from braintree-android-drop-in.