From 17c08c41b13556bf64acc68a12e38de49438bca0 Mon Sep 17 00:00:00 2001
From: Frank Gu <Frank.Gu@touchstargroup.com>
Date: Fri, 6 May 2016 15:41:41 +1000
Subject: [PATCH] Enable TLSv1.2 only if Android API is 16+, otherwise use
 TLSv1.

---
 .../main/java/com/digi/wva/internal/HttpClient.java  | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/wvalib/src/main/java/com/digi/wva/internal/HttpClient.java b/wvalib/src/main/java/com/digi/wva/internal/HttpClient.java
index 91ed30c..65d8eaf 100644
--- a/wvalib/src/main/java/com/digi/wva/internal/HttpClient.java
+++ b/wvalib/src/main/java/com/digi/wva/internal/HttpClient.java
@@ -173,9 +173,10 @@ public final void onJsonParseError(JSONException error, String rawBody) {
 
 	public class TLSSocketFactory extends SSLSocketFactory {
 		private SSLSocketFactory internalSSLSocketFactory;
+		private String supportedProtocol;
 
-		public TLSSocketFactory() throws KeyManagementException, NoSuchAlgorithmException {
-			SSLContext context = SSLContext.getInstance("TLS");
+		public TLSSocketFactory(String protocol) throws KeyManagementException, NoSuchAlgorithmException {
+			SSLContext context = SSLContext.getInstance(protocol);
             context.init(null, new X509TrustManager[]{new X509TrustManager() {
                 @Override
                 public X509Certificate[] getAcceptedIssuers() {
@@ -193,6 +194,7 @@ public void checkClientTrusted(X509Certificate[] chain, String authType)
                 }
             }}, null);
 			internalSSLSocketFactory = context.getSocketFactory();
+			supportedProtocol = protocol;
 		}
 
 		@Override
@@ -232,7 +234,7 @@ public Socket createSocket(InetAddress address, int port, InetAddress localAddre
 
 		private Socket enableTLSOnSocket(Socket socket) {
 			if(socket != null && (socket instanceof SSLSocket)) {
-				((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.2"});
+				((SSLSocket)socket).setEnabledProtocols(new String[] { supportedProtocol });
 			}
 			return socket;
 		}
@@ -247,7 +249,9 @@ private SSLSocketFactory makeSSLSocketFactory() {
 		SSLSocketFactory factory = null;
 
 		try {
-			factory = new TLSSocketFactory();
+			// Enable TLSv1.2 protocol only if the Android API is 16+, otherwise use TLSv1.
+			int currentAPIVersion = android.os.Build.VERSION.SDK_INT;
+			factory = (currentAPIVersion >= android.os.Build.VERSION_CODES.JELLY_BEAN) ? new TLSSocketFactory("TLSv1.2") : new TLSSocketFactory("TLSv1");
 		} catch (NoSuchAlgorithmException e) {
 		} catch (KeyManagementException e) {
 		}