You probably want to consider secure web services based. The Jt Design Pattern Framework already implements secure web services for Android:
a) Java Pattern Oriented Framework, An application of the Messaging Design Pattern IBM Technical Library http://www.ibm.com/developerworks/webservices/library/ws-designpattern/index.html b) Messaging Design Pattern (MDP) and pattern implementation - Published in the 17th conference on Pattern Languages of Programs (PLoP 2010). https://jt.dev.java.net/files/documents/5553/150311/designPatterns.pdf c) Messaging Design Pattern and a distributed Component/Service Model https://jt.dev.java.net/files/documents/5553/149793/MDPdistributedModel.pdf Jt web services for Android provide encryption and authentication. They are also based on a messaging approach which allow for selective encryption of messages. This improves performance. The documentation contains several working examples (Certificates, symmetric/Asymmetric encryption, session key, etc). On Nov 23, 2:55 pm, Anm <andrew.n.marsh...@gmail.com> wrote: > What is the preferred way to do SSL on Android? > > Coming from a long time Java background, I have tended to jump to a > https protocol URLConnection: > > // URL connection channel. > HttpURLConnection url_connnection = > (HttpURLConnection)url.openConnection(); > > // Let the RTS know that we want to do output. > url_connnection.setDoOutput( true ); > > // No caching, we want the real thing. > url_connnection.setUseCaches( false ); > > // Send POST output. > if( post_params!=null && !post_params.isEmpty() ) { > uploadPostParameters( post_params, url_connnection ); > } > > // Get Input > input_stream = url_connection.getInputStream(); > > But this code is running into all sorts of problems on varying > platforms and OS versions: > javax.net.ssl.SSLException: Write error: ssl=0x8f548: I/O error > during system call, Broken pipe > Empty string responses (no error thrown) with no sign of an external > connection on the server logs > java.io.IOException: SSL handshake failure: I/O error during system > call, Connection reset by peer > java.io.IOException: SSL handshake failure: Failure in SSL library, > usually a protocol error > error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol (external/openssl/ssl/s23_clnt.c:585 0xaf58a49b:0x00000000) > > The first two usually go away by repeating it (which is consistent > with Android issue 8625). The handshake exceptions do not seem to go > away once present. > > To be clear, this is not a self-signed certificate on my SSL server. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en