Security

TLS stack (protocol versions, ciphers)

To establish secure connections with TLS, DAVx⁵ makes use of the Android TLS stack. Supported protocol versions (TLS 1.1, 1.2 etc.) and ciphers (for key exchange and encryption, e.g. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) depend on the used Android version.

Both your client (DAVx⁵ / Android device) and the CalDAV/CardDAV server must share at least one cipher, otherwise a SSLProtocolException will occur. For example, if your server requires the most recent ciphers, connecting with older Android versions may not work.

See the Android documentation for a list of supported protocols and ciphers for various Android versions.

Android versions below 6.0 only: Not all protocols and ciphers supported by a device are automatically enabled for apps by default. DAVx⁵

  1. enables SNI,
  2. disables SSL 3 and enables all supported TLS versions (like TLS 1.2), and
  3. enables some ciphers considered to be secure (see source code of class SSLSocketFactoryCompat for details).

Last updated: 30 Dec 2018