Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Api support below Lollipop #92

Closed
nangsan opened this issue May 23, 2017 · 4 comments
Closed

Api support below Lollipop #92

nangsan opened this issue May 23, 2017 · 4 comments
Labels
question

Comments

@nangsan
Copy link
Contributor

nangsan commented May 23, 2017

Current library minSdkVersion is pointing Lollipop,
is there any specific reason for not supporting older version API.
@halil-raso
Copy link

Hi @nangsan
Alexa exposes its endpoints over http/2 and it requires TLSv1.2 as a secure protocol. Android started supporting TLSv1.2 for 16+ versions without enabling it by default and it enabled it by default for 20+. and there is a problem when trying to enable for 16+. As a result Alexa works properly for 20+ and for this reason this sample app requires 21 as a minsdkversion.
Hope to help you.

@nangsan
Copy link
Contributor Author

nangsan commented May 25, 2017
edited
Loading

Hi @JavaAnd
Thanks for the info!
This library uses Okhttp3 for making http2 requests, and Okhttp supports from Android 2.3+ devices.
And Okhttp has been tracking this issue(supporting TLSv1.2 for <20+ versions) and somehow they find a solution for that and I'm referencing that issue(More info).

I don't know much about TLS, though I found this in Okhttp, hope it helps.
And here's the additional link addressing this.

@willblaschko
Copy link
Owner

There's a combination issue here:

  1. http2 support
  2. TLSv1.2 support (and)
  3. Security cert signing

See this:
https://forums.developer.amazon.com/questions/30084/enable-tls-11.html

There are a lot of devices that should support http2 and TLS v1.2 based on their Android version but don't, or that do but don't have the right AES encryption to be supported by Alexa.

It seemed safer (based on what I observed in my user base) to make the minimum 21+ versus 16+. There were lots of negative reviews from users <= 20. If your project will be working with a known subset of Android devices whose configuration you can control, you can set this level to whatever you need as long as all the libraries support it.

@nangsan
Copy link
Contributor Author

nangsan commented May 26, 2017

Hi @willblaschko
Thanks for the info, and I have another question.
Current Library Version(2.4.2) doesn't handle SetEndpoint Directive,
but the master branch has a solution for that
but doesn't deal with login check.
Is the master branch still in development?
Is it okay to port the master code as a library?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@willblaschko @nangsan @halil-raso