So far, I have found out by testing:
- Android 4.1.2 (most recent Sasung Galaxy Note 10.1 stock firmware) supports SSLv3, TLSv1, TLSv1.1, TLSv1.2, but only SSLv3 and TLSv1 are enabled by default!
- Android 4.4.2 (CyanogenMod) supports SSLv3, TLSv1, TLSv1.1, TLSv1.2, but only SSLv3 and TLSv1 are enabled by default!
According to this message in the Android issue tracker: https://code.google.com/p/android/issues/detail?id=61085#c6, TLSv1.1 and TLSv1.2 “are now enabled by default”. The message is from Dec 20, 2013. Android 4.4.2 has been released on Dec 9, 2013. So TLS v1.1 and v1.2 will be enabled by default on all Android versions newer than 4.4.2.
There’s also a good article on StackOverflow: SSL/TLS protocols and cipher suites with the AndroidHttpClient. According to it, TLSv1.2 is supported (but disabled) from Android 4.2+.