I've been doing some testing on a mobile app for both android and iOS devices. My purpose of the testing is to identify if the connection between the app and the host server is encrypted. I've been using wireshark for packet captures.
When I look at the packet captures for the iOS device wireshark shows the connection as TLSv1.2; however, when I look at the packet captures for the android device the connection is shown as TLSv1.
I tested the android device at howsmyssl.com and it showed that the android device was using TLSv1.2. This leads me to believe that for some reason on the android device the app is forcing a downgrade to TLSv1. Does that sound like a correct deduction? And what, if any, issue would downgrading to TLSv1 create?
Thanks in advance.
Mar 30th 2015
3 years ago