github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-25 07:41:55 -05:00
Code Issues 144 Packages Projects Releases 118 Wiki Activity

Does BW Android support TLSv1.3? #1049

New Issue
Closed
opened 2025-11-26 22:37:48 -06:00 by GiteaMirror · 12 comments
GiteaMirror commented 2025-11-26 22:37:48 -06:00
Owner
Copy Link

Originally created by @bobberb on GitHub (Jun 23, 2020).

Originally assigned to: @mpbw2 on GitHub.

My device stopped syncing 6 months ago without my knowledge until today. After doing some digging and putting TLSv1.2 in my nginx.conf first before TLSv1.3, I no longer have the handshake error. Is TLSv1.3 support planned for bitwarden?

Originally created by @bobberb on GitHub (Jun 23, 2020). Originally assigned to: @mpbw2 on GitHub. My device stopped syncing 6 months ago without my knowledge until today. After doing some digging and putting TLSv1.2 in my nginx.conf first before TLSv1.3, I no longer have the handshake error. Is TLSv1.3 support planned for bitwarden?
GiteaMirror commented 2025-11-26 22:37:48 -06:00
Author
Owner
Copy Link

@mpbw2 commented on GitHub (Jun 23, 2020):

What version of Android are you running @bobberb ? (Android 10 introduced support for TLSv1.3)

@mpbw2 commented on GitHub (Jun 23, 2020): What version of Android are you running @bobberb ? (Android 10 introduced support for TLSv1.3)
GiteaMirror commented 2025-11-26 22:37:49 -06:00
Author
Owner
Copy Link

@bobberb commented on GitHub (Jun 23, 2020):

I'm running the latest version of the S10+, most certainly Android 10.

On Tue, Jun 23, 2020, 4:31 PM Matt Portune notifications@github.com wrote:

What version of Android are you running @bobberb
https://github.com/bobberb ? (Android 10 introduced support for TLSv1.3)


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/bitwarden/mobile/issues/990#issuecomment-648401136,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAON37ASZ3YAZM56ZR2M2WDRYEGIPANCNFSM4OGAKXMQ
.

@bobberb commented on GitHub (Jun 23, 2020): I'm running the latest version of the S10+, most certainly Android 10. On Tue, Jun 23, 2020, 4:31 PM Matt Portune <notifications@github.com> wrote: > What version of Android are you running @bobberb > <https://github.com/bobberb> ? (Android 10 introduced support for TLSv1.3) > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/bitwarden/mobile/issues/990#issuecomment-648401136>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAON37ASZ3YAZM56ZR2M2WDRYEGIPANCNFSM4OGAKXMQ> > . >
GiteaMirror commented 2025-11-26 22:37:49 -06:00
Author
Owner
Copy Link

@mpbw2 commented on GitHub (Jun 23, 2020):

Ok thanks, we'll look into this.

@mpbw2 commented on GitHub (Jun 23, 2020): Ok thanks, we'll look into this.
GiteaMirror commented 2025-11-26 22:37:49 -06:00
Author
Owner
Copy Link

@bobberb commented on GitHub (Jun 23, 2020):

nginx:
2020/06/23 16:12:17 [crit] 425#425: *1 SSL_do_handshake() failed (SSL: error:142090BA:SSL routines:tls_early_post_process_client_hello:bad cipher) while SSL handshaking, client: 10.0.1.4, server: 0.0.0.0:443

Android: Error bad handshake

Bitwarden: Latest from Google Play
Nginx: 1.18
Openssl: 1.1.1.g-2 (Arch Linux)
Android: Kernel 4.14.117 Galaxy S10 G975U Android 10

@bobberb commented on GitHub (Jun 23, 2020): nginx: `2020/06/23 16:12:17 [crit] 425#425: *1 SSL_do_handshake() failed (SSL: error:142090BA:SSL routines:tls_early_post_process_client_hello:bad cipher) while SSL handshaking, client: 10.0.1.4, server: 0.0.0.0:443` Android: `Error bad handshake` Bitwarden: Latest from Google Play Nginx: 1.18 Openssl: 1.1.1.g-2 (Arch Linux) Android: Kernel 4.14.117 Galaxy S10 G975U Android 10
GiteaMirror commented 2025-11-26 22:37:50 -06:00
Author
Owner
Copy Link

@benjaminBrownlee commented on GitHub (Jan 8, 2022):

Any progress on this issue? I don't do any C# or Android development, but I feel that this would be a pretty simple configuration option. With a look at the packages you are using for HTTP and a little bit of searching, I found this solution to enable all TLS versions:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13 | SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
@benjaminBrownlee commented on GitHub (Jan 8, 2022): Any progress on this issue? I don't do any C# or Android development, but I feel that this would be a pretty simple configuration option. With a look at the packages you are using for HTTP and a little bit of searching, I found this solution to enable all TLS versions: ```c# System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13 | SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; ```
GiteaMirror commented 2025-11-26 22:37:50 -06:00
Author
Owner
Copy Link

@mikejaques commented on GitHub (Feb 17, 2022):

Answer the original question: no, the Android app does not currently, as of Feb 16, 2022. I had set my HAProxy to reject TLS < 1.3, and the app failed with "Handshake failed". If I set my HAProxy to reject < 1.2, I can successful login to my privately hosted bitwarden vault. So it maximally supports TLSv1.2 currently.

@mikejaques commented on GitHub (Feb 17, 2022): Answer the original question: no, the Android app does not currently, as of Feb 16, 2022. I had set my HAProxy to reject TLS < 1.3, and the app failed with "Handshake failed". If I set my HAProxy to reject < 1.2, I can successful login to my privately hosted bitwarden vault. So it maximally supports TLSv1.2 currently.
GiteaMirror commented 2025-11-26 22:37:50 -06:00
Author
Owner
Copy Link

@Agraphie commented on GitHub (Mar 15, 2022):

Would be great if this could be fixed. Are there any updates on the roadmap? TLS 1.3 is being rolled out more and more as default.

@Agraphie commented on GitHub (Mar 15, 2022): Would be great if this could be fixed. Are there any updates on the roadmap? TLS 1.3 is being rolled out more and more as default.
GiteaMirror commented 2025-11-26 22:37:50 -06:00
Author
Owner
Copy Link

@Icelk commented on GitHub (Jun 18, 2022):

Agreed. Some web servers have TLS 1.3 as the primary cipher, which means Bitwarden fails to log in, as they apparently choose TLS 1.3 when the client only supports TLS 1.2. This results in me not being able to log in.

@Icelk commented on GitHub (Jun 18, 2022): Agreed. Some web servers have TLS 1.3 as the primary cipher, which means Bitwarden fails to log in, as they apparently choose TLS 1.3 when the client only supports TLS 1.2. This results in me not being able to log in.
GiteaMirror commented 2025-11-26 22:37:51 -06:00
Author
Owner
Copy Link

@Icelk commented on GitHub (Jun 27, 2022):

I've investigated further. BW supports TLS 1.3 and all the appropriate cipher suites and signature schemes. My problem was due to a misconfigured webserver. This issue can now be closed.

@Icelk commented on GitHub (Jun 27, 2022): I've investigated further. BW supports TLS 1.3 and all the appropriate cipher suites and signature schemes. My problem was due to a misconfigured webserver. This issue can now be closed.
GiteaMirror commented 2025-11-26 22:37:51 -06:00
Author
Owner
Copy Link

@benjaminBrownlee commented on GitHub (Jun 28, 2022):

I've investigated further. BW supports TLS 1.3 and all the appropriate cipher suites and signature schemes. My problem was due to a misconfigured webserver. This issue can now be closed.

Care to elaborate and provide direction? It appears that several other people believe that this is an issue on the client side.

@benjaminBrownlee commented on GitHub (Jun 28, 2022): > I've investigated further. BW supports TLS 1.3 and all the appropriate cipher suites and signature schemes. My problem was due to a misconfigured webserver. This issue can now be closed. Care to elaborate and provide direction? It appears that several other people believe that this is an issue on the client side.
GiteaMirror commented 2025-11-26 22:37:51 -06:00
Author
Owner
Copy Link

@Icelk commented on GitHub (Jun 28, 2022):

Looking at the logs from my web server when I use the mobile app, its clear it supports TLS1.3:

[2022-06-28T06:59:12Z INFO  kvarn::encryption] Trying to handshake
[2022-06-28T06:59:12Z DEBUG rustls::server::hs] decided upon suite TLS13_AES_128_GCM_SHA256
[2022-06-28T06:59:12Z DEBUG rustls::server::hs] Chosen ALPN protocol [104, 116, 116, 112, 47, 49, 46, 49]
[2022-06-28T06:59:12Z INFO  kvarn::encryption] Successful handshake
[2022-06-28T06:59:12Z DEBUG kvarn] New connection requesting hostname 'Some("bitwarden.icelk.dev")'
[2022-06-28T06:59:12Z INFO  kvarn] Accepting requests from 192.168.1.1:40578
[2022-06-28T06:59:12Z DEBUG kvarn] We got a new request on connection.
[2022-06-28T06:59:12Z DEBUG kvarn] Accepting new connection from 192.168.1.1:40578 on bitwarden.icelk.dev
[2022-06-28T06:59:12Z INFO  kvarn_extensions::reverse_proxy] Sending request
[2022-06-28T06:59:12Z INFO  kvarn_extensions::reverse_proxy] Sent reverse-proxy request. Reading response.

The cipher suite TLS13_AES_128_GCM_SHA256 means TLS1.3 support.

@Icelk commented on GitHub (Jun 28, 2022): Looking at the logs from my web server when I use the mobile app, its clear it supports TLS1.3: <details> <pre><code>[2022-06-28T06:59:12Z INFO kvarn::encryption] Trying to handshake [2022-06-28T06:59:12Z DEBUG rustls::server::hs] decided upon suite TLS13_AES_128_GCM_SHA256 [2022-06-28T06:59:12Z DEBUG rustls::server::hs] Chosen ALPN protocol [104, 116, 116, 112, 47, 49, 46, 49] [2022-06-28T06:59:12Z INFO kvarn::encryption] Successful handshake [2022-06-28T06:59:12Z DEBUG kvarn] New connection requesting hostname 'Some("bitwarden.icelk.dev")' [2022-06-28T06:59:12Z INFO kvarn] Accepting requests from 192.168.1.1:40578 [2022-06-28T06:59:12Z DEBUG kvarn] We got a new request on connection. [2022-06-28T06:59:12Z DEBUG kvarn] Accepting new connection from 192.168.1.1:40578 on bitwarden.icelk.dev [2022-06-28T06:59:12Z INFO kvarn_extensions::reverse_proxy] Sending request [2022-06-28T06:59:12Z INFO kvarn_extensions::reverse_proxy] Sent reverse-proxy request. Reading response. </code></pre> </details> The cipher suite TLS13_AES_128_GCM_SHA256 means TLS1.3 support.
GiteaMirror commented 2025-11-26 22:37:51 -06:00
Author
Owner
Copy Link

@vvolkgang commented on GitHub (Jun 20, 2024):

Issue migrated to https://github.com/bitwarden/mobile/issues/990

@vvolkgang commented on GitHub (Jun 20, 2024): Issue migrated to https://github.com/bitwarden/mobile/issues/990
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#1049
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?