Securing Web Requests with TLS 1.2

In my development over the years, I can be sure that protecting network requests is a fundamental part of any mobile application. A few weeks ago one of my applications stopped working because I changed the Secure Sockets Layer (SSL) authentication on the mettup.com server, which made me realize that Transport Layer Security (TLS) plays an important role in ensuring application and server requests.

I discussed TLS in more detail in my podcast merge conflict, but in short, TLS provides symmetric encryption technology that prevents man-in-the-middle attacks and prevents any communication privacy of mobile devices. Meetup updated their authentication server to require a minimum of TLS1.2 version when making requests, so I made it clear that I updated my application and enabled TLS1.2 to support my xamarin.ios and xamarin.android apps, only to change some build configurations.

Basic knowledge

When it comes to network requests and TLS, there are two important settings that we can modify:

• HttpClient: Handles the Httpmessagehandler implementation to provide message processing or to provide the underlying native implementation.

• Tls/ssl: Handles the implementation of TLS used by the application.

Each implementation that we can choose provides different functionality, speed, and compatibility, while providing a standard network request invocation and performing transparently behind the scenes.

Android

Select the HttpClient and TLS implementation settings by right-clicking on the item you can find through the Windows version of Visual Studio,Properties > Android Options > Advanced or in Xamarin Studio options > Build > Android Build > general.

650) this.width=650; "Src=" https://s3.amazonaws.com/blog.xamarin.com/wp-content/uploads/2017/03/24131422/ 2017-03-24_1305.png "alt=" 2017-03-24_1305 "class=" AlignCenter size-full wp-image-30686 "width="/>

Start position

On Android HttpClient implements our default WebRequest by using the new HttpClient () default control, while Tls/ssl implements the control.

The controlled Httpclienthandler is the implementation of HttpClient for full management, which has been the default implementation of Xamarin.android for several years. In terms of functional compatibility, the tradeoff is a slightly larger executable size and may be slower to execute than native implementations. This implementation is only compatible with the past TLS 1/1.1, but in the TLS/SSL implementation there is a new option to use the local TLS 1.2 +, which will use Google next annoying SSL under all calls.

The local androidclienthandler option uses local java.net.URLConnection to handle all HTTP requests, improved performance, and smaller executable size. Androidclienthandler warning Although it will run on all versions of Android, it will only be available on Android 5 + devices that support TLS 1.2 and several httpclient features may not be available.

Select programming

Or, you can mix and match the base httpclient Handler using managed and a phone call. Simply pass a androidclienthandler instance, when creating httpclient:

Click ( here ) to collapse or open

2. using System . Net . Http ;
   

4. . . .
   

6. This would use the default message handler for the application; As
   

8. Set in the project Options for the project.
   

10. var client = new HttpClient();
    

12. 
    

14. Use Androidclienthandler for all calls from this HttpClient
    

16. var client = new HttpClient(new Xamarin). Android. Net . Androidclienthandler ());

OS and TLS compatibility

It is important to make sure that you select Native TLS 1.2+ in the SSL/TLS implementation box if your app requires TLS 1.2+. The version that Android applications need to run will determine whether we should choose a managed or native httpclient implementation. For Meetup website manager, I chose Httpclienthandler and local hosted TLS 1.2 + so I can support TLS 1.2 + on all my phones, regardless of the Android version.

IOS & MacOS

IOS and MacOS are more streamlined when handling programs and TLS support. All IOS apps from Xamarin.ios 10.8 Use Apple's TLS for local execution, which provides full TLS 1.2 + support for all applications. There are several options that developers can choose when it comes to httpclient implementations, by right-clicking the project in Visual Studio and choosing Properties > IOS Build > advanced or in Xamarin Studio Choose Options > Build > IOS Build to find.

650) this.width=650; "Src=" Https://s3.amazonaws.com/blog.xamarin.com/wp-content/uploads/2017/03/24132654/Pasted_ Image_at_2017_03_24_01_19_pm.png "alt=" pasted_image_at_2017_03_24_01_19_pm "class=" AlignCenter size-full wp-image-30690 "width=" 558 "height=" 231 "/>

There are three different httpclient handlers that you can choose from for iOS apps. The default management Httpclienthandler provides maximum compatibility for httpclient features. However, like managing the Android HttpClient handler, it also requires more managed code that can increase the size of the application. The other two options, Cfnetwork Handler (iOS 6 +) and Nsurlsession Handler (iOS 7 +), wrap around the respective native APIs, providing the underlying native code for network communication and transmission. Using these will result in smaller executables, improve network performance, and use the underlying iOS queues and threads. The downside is that there may not be all the features and options of full-featured. NET HttpClient.

Select programming

Just like xamarin.android we can choose our application using Httpmessagehandler pragmatic:

Click ( here ) to collapse or open

2. using System . Net . Http ;
   

4. . . .
   

6. This would use the default message handler for the application; As
   

8. Set in the project Options for the project.
   

10. var client = new HttpClient();
    

12. 
    

14. This would create an HttpClient that explicitly uses the Cfnetworkhandler
    

16. var client = new HttpClient(new cfnetworkhandler()) ;
    

18. 
    

20. This would create an HttpClient that explicitly uses Nsurlsessionhandler
    

22. var client = new HttpClient(new nsurlsessionhandler() );

Updating the TLS and HttpClient implementations will enable our applications to be completely secure and compatible with any backend that our application must interact with.

Learn More

Be sure to look at our update, cross-platform Transport Layer Security documentation for a complete, all TLS options Xamarin development conducted in-depth analysis, which includes additional switching and guidance. You can also view documents for specific platforms, issued separately for Android and Ios/macos. Also, be sure to listen to my trials and tribulations on the Merge Conflict 37:tls–how do you even. Finally, learn more about the self-study course "Consuming rest-based Web Services" at Xamarin University, which studies how to integrate and use RESTful Web service in mobile applications.

This article from "Wangccsy" blog, reproduced please contact the author!

Securing Web Requests with TLS 1.2