2

So I have an Android app and my own Web server (which has TLS 1.0, TLS 1.1 and TLS 1.2) support turned on. We are planning an App upgrade where we are trying to force the secure connection between the app and the server to use TLS 1.2.

Please note that I am aware of the facts that TLS 1.2 is enabled by default on Android Lollipop (API level 21) onward and for some reason not enabled by default from API level 16-19. I have made the changes in my App. That's all good.

My question is how can I test and guarantee that the App and server are indeed using TLS1.2. I scoured on internet and found ways on how we could see this same info on browsers.

Dibzmania
  • 1,934
  • 1
  • 15
  • 32
  • If you own the server you can debug the app network-behavior recording packets with tcpdump (server-side) and analyzing them with wireshark – Gabrio Apr 10 '17 at 06:08
  • Yes, i own the server. Can you be a more descriptive on what you suggested or point me to a source ? – Dibzmania Apr 10 '17 at 06:16

1 Answers1

4

have you ever practiced with Wireshark? It is a network analyzer, it can be used to record packet and analyze them, you can see through it if your application is using a clear or encrypted communication. I think that it is a pretty good skill to own.

Exists a lot of material in order to practice with it, I've linked you the link to the documentation.

If you record some packets from your server you will be able to read under the Protocol column if your App is using TLS1.2 and find out even more details.

In order to record packets from your server you need to use tcpdump:

tcpdump -i <interface> -s 65535 -w <some-file>

where is the name of the file, tipically .pcap, that you will transfer to your client ,with scp or something similar, to analyze it with wireshark typing from terminal:

wireshark <some-file>

If your app is using TLS1.2 it will be displayed under the Protocol Column on each row that involves the communication with your application.

EDIT: you can use the filter tcp.port==<USED_PORT> where <USED_PORT> in this case is '8391' in wireshark to filter and analyze only the packet you are interested in. If the connection is encrypted you can find somewhere the ssl handshake and after it takes place the encrypted connection. If the connection isn't encrypted you will probably be able to read the data passing in clearly. If you can post somewhere a pcap file i can tell you if the connection is encrypted or not.

EDIT1: If you are sure that the connection is encrypted you can check the used version of the TLS using the filter tcp.port==8391 && ssl. You need to analyze a packet that transmit Application Data, if under the Secure Socket Layer appears the Version: TLS 1.2 you are using the right encryption.

find the TLS version

Gabrio
  • 388
  • 1
  • 4
  • 17
  • I have used wireshark but mostly in an environment where the .pcap file was already generated by someone else (possibly a QA or site team). I wanted to understand your approach and now i get it. I am trying an approach on the device itself (using a packet capture VPN) which will generate the .pcap file for me. Let me try that and see how it goes. – Dibzmania Apr 10 '17 at 06:42
  • In my case, the 'protocol' column shows 'TCP' which as I understand is at a lower layer in the TCP/IP suite. Could that mean that wireshark could not figure out the Transport layer protocol from the packet or the port information. (I believe SSL/TLS would be somewhere between Transport and application layer). Note : We are using a odd port number '8391' for all secure data transfer (https). Could that be the cause – Dibzmania Apr 10 '17 at 23:48
  • I am sure it is encrypted. Just not sure whether it uses TLS 1.0 or 1.2 as the secure protocol over HTTP – Dibzmania Apr 12 '17 at 01:22
  • If you are sure that the connection is encrypted you can check the used version of the TLS using the filter `tcp.port==8391 && ssl`. You need to analyze a packet that transmit `Application Data`, if under the `Secure Socket Layer` appears the `Version: TLS 1.2` you are using the right encryption. – Gabrio Apr 12 '17 at 16:16