To establish secure connections with TLS, DAVdroid makes use of the Android TLS stack. Supported protocol versions (TLS 1.1, 1.2 etc.) and ciphers (for key exchange and encryption, e.g.
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) depend on the used Android version.
Both your client (DAVdroid / Android device) and the CalDAV/CardDAV server must share at least one cipher, otherwise a
SSLProtocolException will occur. For example, if your server requires the most recent ciphers, connecting with older Android versions may not work.
See the Android documentation for a list of supported protocols and ciphers for various Android versions.
Android versions below 6.0 only: Not all protocols and ciphers supported by a device are automatically enabled for apps by default. DAVdroid
- enables SNI,
- disables SSL 3 and enables all supported TLS versions (like TLS 1.2), and
- enables some ciphers considered to be secure (see source code of class