You can test the best encryption level established between yourself and a website by pointing your browser (or app code) at
https://www.fortify.net/sslcheck.html Note that different websites may negotiate weaker encryption. Your app could check a whitelist for acceptable/approved ciphers (determined by you) using HttpsURLConnection::getCipherSuite(). On Thu, Jun 24, 2010 at 5:19 PM, Amir Alagic <[email protected]> wrote: > Hi, > > I have few questions about HTTPS security and I really hope that > someone can give me answers. I have heard that when we use HTTPS > (HttpsURLConnection) in our Android applications that it is possible > that our app can send data that is not protected or protected with > very low encryption with SSL2 protocol without end user to be aware > of. > > Is this true? Is there even support for SSL2 in Android ? Or is HTTPS > on Android safe enough as it is?
