3

My question is about the list of cipher suites sent by an Android app when negotiating a TLS session with a server (in the "client hello" request). I looked at the lists of supported ciphers sent by a number of apps during "client hello" and for each app they appear to be the same. Is there a standard list of cipher suites each app gets from the Android device?

PS. I found a post on SO which suggests there is: How to override the cipherlist sent to the server by Android when using HttpsURLConnection?

Community
  • 1
  • 1
Michael
  • 301
  • 4
  • 11
  • possible duplicate of [How to override the cipherlist sent to the server by Android when using HttpsURLConnection?](http://stackoverflow.com/questions/16299531/how-to-override-the-cipherlist-sent-to-the-server-by-android-when-using-httpsurl) – user207421 Feb 04 '15 at 08:55

1 Answers1

4

https://www.ssllabs.com/ssltest/clients.html has a list of default cipher suites for common clients, including various Android versions.

For example, this is the list for Android 5 (source: https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=5.0.0):

Cipher Suites (in order of preference):

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14)
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13)
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc15)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0xa2)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
TLS_RSA_WITH_RC4_128_SHA (0x5)
TLS_RSA_WITH_RC4_128_MD5 (0x4)
TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0xff)
Anand Bhat
  • 5,591
  • 26
  • 30
  • Thanks Andy - apologies for my slow reply. I check the cipher list generated by one of the Android components on my Nexus tablet (Android version 5.0.2), and it matches the list you provided on SSL labs.
    I checked the list of changes to ciphers for 5.0 on the Android Developer site and they said they are removing MD5 and 3DES:
    http://developer.android.com/about/versions/android-5.0-changes.html#ssl
     – Michael Feb 07 '15 at 15:18
  • It's odd that MD5 and 3DES still appear in the default cipher list. – Michael Feb 07 '15 at 15:26