Upgrading to TLS v1.2
As part of keeping Kinvey secure, we are disabling TLS version 1.0 in favor of TLS version 1.2. This may impact all or part of the devices connecting to your Kinvey backend, mostly devices running outdated OS versions and/or older Kinvey SDKs.
Use the information below to identify if your app falls into one or more categories that will stop working after we disable TLS v1.0. You will need to take the steps in the appropriate category to secure uninterrupted operation to your app.
Android SDK
Apps built using the Android SDK may be affected if they run on older Android OS versions or older versions of the SDK.
Apps built with Android SDK v3.x
The required steps depend on the Android OS version that your app runs on:
Version 5.0 or later (API level 21 or later): No change is necessary. The app will work by default with TLS v1.2.
Versions 4.1 to 4.4.4 (API levels 16 to 20): You have to rebuild and redistribute the app with the latest version of the Kinvey Android SDK, which is set to use TLS 1.2.
- Version 4.0.4 or earlier (up to and including API level 15): Upgrade the device to a more recent Android OS version because these versions do not support TLS 1.1+.
Apps built with Android SDK v2.x
The required steps depend on the Android OS version that your app runs on:
Version 5.0 or later (API level 21 or later): No change is necessary. The app will work by default with TLS v1.2.
Versions 4.1 to 4.4.4 (API levels 16 to 20):
Follow this workaround to enable TLS v1.2 in your app. Note that an official distribution will not be provided.
- Build a custom unsupported version of the Kinvey Android SDK v2.x with the following changes. The README file of the SDK's GitHub repo provides appropriate instructions.
- TLS protocol version set to 1.2
- Minimal supported Android OS version set to 4.1 (API version 16), up from version 2.3 (API version 9).
- Rebuild of the app for distribution with your custom Kinvey Android SDK v2.x version.
- Distribute the new app version to all devices that run it.
- Build a custom unsupported version of the Kinvey Android SDK v2.x with the following changes. The README file of the SDK's GitHub repo provides appropriate instructions.
Version 4.0.4 or earlier (up to and including API level 15): Upgrade the device to a more recent Android OS version because these versions do not support TLS 1.1+.
Xamarin SDK
What TLS version a Xamarin app uses is determined at the app level, and not by the SDK. This applies for both Xamarin.iOS and Xamarin.Android but for Xamarin.Android, using TLS 1.2 requires Android 5.0 or later.
The TLS version can be set in both Visual Studio and Visual Studio for Mac. You can find detailed steps in the official Microsoft documentation.
Apps built with Xamarin SDK v3.x
For apps using the Xamarin v3.x SDK, rebuild your app after setting the appropriate app-level option as described above. The app will start using TLS 1.2 afterwards.
Apps built with Xamarin SDK v1.x
For apps using the Xamarin v1.x SDK, rebuild your app after setting the appropriate app-level option as described above. The app will start using TLS 1.2 afterwards.
Other platforms
Please consult the documentation of the client library or tool your app runs on to determine how to enable and use TLS v1.2.
Verify your upgrade
After you take the necessary steps to make your app use TLS v1.2, you will want to verify the changes before we disable TLS v1.0.
We recommend using a network analyzer to verify that your app is using TLS v1.2. Popular options include Fiddler and Wireshark. Use the network analyzer to capture the traffic between your device and Kinvey. Examine the capture to identify the TLS version in use.