SSLHandshakeException on Android 4.4 and lower
This was due to a few reasons:
- There is a lack of clarity surrounding TLS 1.2 support on older Android devices.
- Device manufacturers have differing commitments to the official Android specs for shipping TLS 1.2 on their devices
- Carriers and device manufacturers have differing commitments to providing software and security updates to their customers.
you can force TLS v1.2 for Android 4.0 devices that don't have it enabled by default
To fix it use the following code as async call.
ProviderInstaller.installIfNeededAsync(getApplicationContext(), new
ProviderInstaller.ProviderInstallListener() {
@Override
public void onProviderInstalled() {
SSLContext sslContext;
try {
sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, null, null);
sslContext.createSSLEngine();
} catch (Exception e) {
e.printStackTrace();
}
}
@Override
public void onProviderInstallFailed(int i, Intent intent) {
}
});
For more info use this reference
https://ankushg.com/posts/tls-1.2-on-android/
Not sure if I can fully answer your question, but I'll give it a try:
If you analyze the Paypal REST API endpoint, for example with SSL Labs like so https://www.ssllabs.com/ssltest/analyze.html?d=api.sandbox.paypal.com&hideResults=on, you see they only support the TLS 1.2 protocol.
Now Android does support this since API Level 16, as you can see here https://developer.android.com/reference/javax/net/ssl/SSLSocket.html, but it is disabled by default and only in API Levels 20+ they enabled it.
In the Xamarin forums someone posted a solution for enabling TLS 1.2 for Android with API Levels 16 to 19 by forking ModernHttpClient and adding an improved SSL socket factory: https://forums.xamarin.com/discussion/63005/modernhttpclient-tls-1-2-android-api-19
This should fix your issue with those Android versions, but it will not help you with versions before Android 4.1.