Security

TLS stack (protocol versions, ciphers)

To establish secure connections with TLS, DAVdroid makes use of the Android TLS stack. Supported protocol versions (TLS 1.1, 1.2 etc.) and ciphers (for key exchange and encryption, e.g. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) depend on the used Android version.

Both your client (DAVdroid / Android device) and the CalDAV/CardDAV server must share at least one cipher, otherwise a SSLProtocolException will occur. For example, if your server requires the most recent ciphers, connecting with older Android versions may not work.

See the Android documentation for a list of supported protocols and ciphers for various Android versions.

Android versions below 6.0 only: Not all protocols and ciphers supported by a device are automatically enabled for apps by default. DAVdroid

  1. enables SNI,
  2. disables SSL 3 and enables all supported TLS versions (like TLS 1.2), and
  3. enables some ciphers considered to be secure (see source code of class SSLSocketFactoryCompat for details).

Last updated: 06 Feb 2018