AnsweredAssumed Answered

Android app downgrading to TLS v1

Question asked by Zamboni Driver on Mar 30, 2015
Latest reply on Apr 10, 2015 by Alexander Traud



I've been doing some testing on a mobile app for both android and iOS devices.  My purpose of the testing is to identify if the connection between the app and the host server is encrypted.  I've been using wireshark for packet captures.


When I look at the packet captures for the iOS device wireshark shows the connection as TLSv1.2; however, when I look at the packet captures for the android device the connection is shown as TLSv1.


I tested the android device at and it showed that the android device was using TLSv1.2.  This leads me to believe that for some reason on the android device the app is forcing a downgrade to TLSv1.


I ran the server through qualys and it came back with an A-


How much of an issue could this be?


Thanks in advance.