[userbinator]

A bit of an aside, but

While Android 2.3 Gingerbread does not have the modern roots installed and relies on AddTrust, it also does not support TLS 1.2 or 1.3, and is unsupported and labelled obsolete by the vendor.

If the platform doesn’t support modern algorithms (SHA-2, for example) then you will need to speak to that system vendor about updates.

I find things like that really really irritating. Crypto is basically maths, and a very pure form at that, so should be one of the most portable types of software in existence. Computers have been doing maths since before they were machines. Instead, the forced obolescence bandwagon has made companies take this very pure and portable technology and tied it to their platform's versions, using the "security" argument to bait and coerce users into taking other unwanted changes, and possibly replacing hardware that is otherwise functional (and, as mentioned earlier, is perfectly capable of executing the relevant code) along with all the ecological impact that has. Adding new root certificates at least for PCs is rather easy due to their extreme portability, but I wish the same could be said of crypto algorithms/libraries.

[josephcsible]

You're mad at the wrong people. The security argument is legitimate, so there's no need for your scare quotes. The weaknesses in TLS older than 1.2 are real. You should instead be upset at device vendors for deciding to drop support for devices so quickly. If they'd just keep supplying updates, or even open-source everything so the community could, then this wouldn't be an issue.

[toast0]

You could ship better crypto (and updated CAs) with your app for Android -- then you could get support for whatever you like on all versions. But it might not use hardware acceleration if available, and hardware running Gingerbread needs crypto acceleration if available. TLS 1.3 isn't all that much code if you can use the system x.509 and system ciphers, or maybe pick one or two ciphers to ship if they're not there; I'd guess TLS 1.2 isn't that much code either, the complexity comes from trying to support lots of versions -- and from X.509 which has a lot of stuff to process.

I think Chrome for Android did include TLS 1.2 at least, when it was shipping for Gingerbread.

[zozbot234]

These days, Android 2.3 Gingerbread devices are essentially obsolete even from a strictly hardware point of view. Most of those were actually very well supported by the old CyanogenMod releases, but few people would even bother trying to bring up something reasonably modern like pmOS by building on that work, the specs are just that bad.