From 75af15ede44135110e40de75a649d5b15430c590 Mon Sep 17 00:00:00 2001
From: Dulmandakh <dulmandakh@gmail.com>
Date: Mon, 18 Mar 2019 11:58:08 -0700
Subject: [PATCH] use Conscrypt as security provider if available (#23984)

Summary:
This PR adds support to use Conscrypt as Security Provider if available runtime. Consscrypt supports TLS 1.2 on Android 4.x and TLS 1.3 on all Android versions. Fixes issues (ex https://github.com/facebook/react-native/issues/23151) with HTTPS connections on Android 4.x.

Just add below to your project build.gradle and it'll use it.

```gradle
implementation('org.conscrypt:conscrypt-android:2.0.0')
```

[Android] [Changed] - Add TLS 1.3 support to all Android versions using Conscrypt.
Pull Request resolved: https://github.com/facebook/react-native/pull/23984

Differential Revision: D14506000

Pulled By: cpojer

fbshipit-source-id: 58bf18f7203d20519fb4451bae83f01e2f020a44
---
 .../react/modules/network/OkHttpClientProvider.java   | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/ReactAndroid/src/main/java/com/facebook/react/modules/network/OkHttpClientProvider.java b/ReactAndroid/src/main/java/com/facebook/react/modules/network/OkHttpClientProvider.java
index ceeaf874a2a8e7..34aefeabbb1276 100644
--- a/ReactAndroid/src/main/java/com/facebook/react/modules/network/OkHttpClientProvider.java
+++ b/ReactAndroid/src/main/java/com/facebook/react/modules/network/OkHttpClientProvider.java
@@ -13,6 +13,8 @@
 import com.facebook.common.logging.FLog;
 
 import java.io.File;
+import java.security.Provider;
+import java.security.Security;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
@@ -69,7 +71,14 @@ public static OkHttpClient.Builder createClientBuilder() {
       .writeTimeout(0, TimeUnit.MILLISECONDS)
       .cookieJar(new ReactCookieJarContainer());
 
-    return enableTls12OnPreLollipop(client);
+    try {
+      Class ConscryptProvider = Class.forName("org.conscrypt.OpenSSLProvider");
+      Security.insertProviderAt(
+        (Provider) ConscryptProvider.newInstance(), 1);
+      return client;
+    } catch (Exception e) {
+      return enableTls12OnPreLollipop(client);
+    }
   }
 
   public static OkHttpClient.Builder createClientBuilder(Context context) {