Tiny Tiny RSS: Community

TLSv1.2 by default in ttrss android app

i cant post links. so i am attaching the issue in this pastebin.

pastebin[.]com[/]raw[/]d1m8iViF
< replace [/] with / >
Look at it after correction. The issue is of using TLSv1.2 and strong ciphers by default in tt-rss android app.
Any help would be appreciated.

set your server to use whatever ciphers you want (as long as they are supported by android and/or okhttp3) and tt-rss app will use it.

these ciphers are recommended by mozilla observatory. But ttrss android app gives ssl error:

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

i have to use these ciphers for ttrss to work:

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

also i have to add TLSv1 for the app to work

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

could this be due to android 4.4. also i was asking can we integrate it in the app to use TLSv1.2 or higher.

i’m not going to add some kind of app-specific ssl libraries to tt-rss.

if okhttp3 uses system ssl libraries you’re going to have to either limit your cipher-related imagination to what they provide or get a newer device.

Test your server with https://www.ssllabs.com/ssltest/ to see what it says about compatibiliy with that ancient Android 4.4 (have you looked to see if LineageOS has support for the device? You could be on Android 10 if so …).

its custom rom. cyanogen mod. i dont think it is supported any where now. so there is no chance of flashing roms.

can you look at the solution provided in this issue:

It turns out one of my servers both gets an A+ grade and supports Android 4.4.2 with TLS v1.2. The apache2 config for this is:

SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder on
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

LineageOS is the followup/fork from when Cyanogen mod died.

Changing rom is not an option for me and my device doesn’t work when i disable TLSv1. I guess the device is just too old. Is there any possibility that native TLSv1.2 support is enabled in the ttrss android app ?

i’m not going to add hacks on top of okhttp3 because of your ancient device running cyanogen.

however, realistically, nobody cares about you enough to MITM you anyway, let it go and use TLSv1 or whatever.

Thanks for your time dev. Your apps are great.