Native Android TLS (iohAndroidTLS) is the Android-native TLS transport for sgcWebSockets. It drives the platform's own javax.net.ssl.SSLEngine through JNI, so your APK ships no OpenSSL .so files. Enable it by setting TLSOptions.IOHandler to iohAndroidTLS.
Android-native TLS using the platform's SSLEngine through JNI. No OpenSSL .so in your APK.
Native Android TLS hands the encryption to Android itself. sgcWebSockets calls the platform's javax.net.ssl.SSLEngine through JNI, so the operating system performs the handshake, the record encryption and the certificate work. The immediate benefit is that your APK carries no OpenSSL .so files. The package is smaller, and you never patch or version-match a third-party crypto library, because the TLS stack is maintained and updated by the OS.
The backend validates the server against the Android system trust store and performs hostname verification, so connections to well-known certificate authorities work without extra configuration. It negotiates TLS 1.3, and it supports ALPN on Android 10 (API 29) and later, which lets you advertise application protocols such as http/1.1 during the handshake.
Choose this backend for Android apps that must avoid shipping or patching OpenSSL, or that prefer to defer entirely to the platform's TLS policy. Like every sgcWebSockets backend it sits behind the same TLSOptions API, so the rest of your networking code is identical to the OpenSSL, SChannel and Apple paths, and only the IOHandler line changes per platform.
Set TLSOptions.IOHandler to iohAndroidTLS in your Android build. No OpenSSL .so is needed.
uses
sgcWebSocket, sgcWebSocket_Types;
// ...
WSClient.TLS := True;
WSClient.TLSOptions.IOHandler := iohAndroidTLS;
WSClient.TLSOptions.VerifyCertificate := True;
WSClient.TLSOptions.ALPNProtocols.Add('http/1.1'); // Android 10 (API 29)+
WSClient.Host := 'your.server.com';
WSClient.Port := 443;
WSClient.Active := True;WSClient->TLS = true;
WSClient->TLSOptions->IOHandler = iohAndroidTLS;
WSClient->TLSOptions->VerifyCertificate = true;
WSClient->TLSOptions->ALPNProtocols->Add("http/1.1"); // Android 10 (API 29)+
WSClient->Host = "your.server.com";
WSClient->Port = 443;
WSClient->Active = true;The TLS stack already lives on the device, so your package stays lean and the OS owns the updates.
The APK ships without libssl or libcrypto, so the package is smaller and there is no native crypto to maintain.
Validation runs against the Android system trust store with hostname verification, no extra setup for public CAs.
The platform negotiates TLS 1.3, and ALPN is available on Android 10 (API 29) and later for protocol selection.
Android owns the TLS implementation, so security fixes arrive through system updates rather than your release cycle.
Native Android TLS (iohAndroidTLS) requires the Enterprise edition of sgcWebSockets. See the feature matrix for the full breakdown.