use Conscrypt as security provider if available (#23984)

Summary: This PR adds support to use Conscrypt as Security Provider if available runtime. Consscrypt supports TLS 1.2 on Android 4.x and TLS 1.3 on all Android versions. Fixes issues (ex https://github.com/facebook/react-native/issues/23151) with HTTPS connections on Android 4.x. Just add below to your project build.gradle and it'll use it. ```gradle implementation('org.conscrypt:conscrypt-android:2.0.0') ``` [Android] [Changed] - Add TLS 1.3 support to all Android versions using Conscrypt. Pull Request resolved: https://github.com/facebook/react-native/pull/23984 Differential Revision: D14506000 Pulled By: cpojer fbshipit-source-id: 58bf18f7203d20519fb4451bae83f01e2f020a44
2026-03-06 22:37:14 +08:00 · 2019-03-18 11:58:08 -07:00
parent eec2495a96
commit 75af15ede4
1 changed files with 10 additions and 1 deletions
--- a/ReactAndroid/src/main/java/com/facebook/react/modules/network/OkHttpClientProvider.java
+++ b/ReactAndroid/src/main/java/com/facebook/react/modules/network/OkHttpClientProvider.java
@@ -13,6 +13,8 @@ import android.os.Build;
 import com.facebook.common.logging.FLog;

 import java.io.File;
+import java.security.Provider;
+import java.security.Security;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
@@ -69,7 +71,14 @@ public class OkHttpClientProvider {
      .writeTimeout(0, TimeUnit.MILLISECONDS)
      .cookieJar(new ReactCookieJarContainer());

-    return enableTls12OnPreLollipop(client);
+    try {
+      Class ConscryptProvider = Class.forName("org.conscrypt.OpenSSLProvider");
+      Security.insertProviderAt(
+        (Provider) ConscryptProvider.newInstance(), 1);
+      return client;
+    } catch (Exception e) {
+      return enableTls12OnPreLollipop(client);
+    }
  }

  public static OkHttpClient.Builder createClientBuilder(Context context) {