Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: TLS on a mobile app - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
TLS on a mobile app
Question:

I've been doing some testing on a mobile app for both android and iOS devices. My purpose of the testing is to identify if the connection between the app and the host server is encrypted. I've been using wireshark for packet captures.

When I look at the packet captures for the iOS device wireshark shows the connection as TLSv1.2; however, when I look at the packet captures for the android device the connection is shown as TLSv1.

I tested the android device at howsmyssl.com and it showed that the android device was using TLSv1.2. This leads me to believe that for some reason on the android device the app is forcing a downgrade to TLSv1. Does that sound like a correct deduction? And what, if any, issue would downgrading to TLSv1 create?

Thanks in advance.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!