1

I need to use an algorithm which is implemented using OpenSSL engine. My target device is an Android9 device using okhttp2.6, I need this algorithm to work in https, how should I modify it?

  1. Can the boringSSL used by okhttp use the OpenSSL engine? What do I have to do? Or do I need to use OpenSSL instead of boringSSL?

  2. How to choose the engine when okhttp uses the SSL library?

The openssl engine can be used in native applications, but I don't know how to use it in Android apk. Android apk is using okhttp2.6 now

Improve this question
1
  • 1
    As far as I remember OKHttp uses the default SSL/TLS engine provided by Android runtime. Adding new security providers is possible using the underlying Java security provider system. Not sure if anybodydid that for on Opens so based implementation. The only implementation that comes close is the Google provided consycrypt. Unfortunately you don't name the algorithm you need so it is not possible to say if this is is suitable to you. Better edit your question and describe in detail what Algo you need. Commented May 22, 2023 at 20:30

1 Answer 1

Reset to default
1

You can choose in two different ways.

  1. Select a different provider, see https://square.github.io/okhttp/security/security_providers/ and install it as the platform security provider.

Via code:

          val provider = Conscrypt.newProviderBuilder()
              .provideTrustManager(true)
              .build()
          Security.insertProviderAt(provider, 1)
  1. Replace the SSLSocketFactory that OkHttp uses.

Generally this is only required if there is an issue integrating a new provider with OkHttp, which relies on very specific APIs to use all possible and most secure SSL features.

However with both of these, you'll need an implementation of OpenSSL as a Socket or the Security Provider algorithms.

For 1, you can bundle your own Conscrypt implementation with your App. Or use the Play Store provider if it supports your device and has the features you need.

https://www.appfoundry.be/blog/Google-Play-Services-Dynamic-Security-Provider

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.