From 105d3b3c4e26f326117d22d876eb088089fb6fe1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Veres-Szentkir=C3=A1lyi?= Date: Sun, 20 Oct 2013 10:40:16 +0200 Subject: [PATCH] filter TLS protocol versions by support as well --- .../mail/transport/TrustedSocketFactory.java | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/com/fsck/k9/mail/transport/TrustedSocketFactory.java b/src/com/fsck/k9/mail/transport/TrustedSocketFactory.java index f9ad359f9..aa73edf8d 100644 --- a/src/com/fsck/k9/mail/transport/TrustedSocketFactory.java +++ b/src/com/fsck/k9/mail/transport/TrustedSocketFactory.java @@ -23,6 +23,7 @@ public class TrustedSocketFactory implements LayeredSocketFactory { private org.apache.http.conn.ssl.SSLSocketFactory mSchemeSocketFactory; protected static final String ENABLED_CIPHERS[]; + protected static final String ENABLED_PROTOCOLS[]; static { String preferredCiphers[] = { @@ -41,14 +42,22 @@ public class TrustedSocketFactory implements LayeredSocketFactory { "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_MD5", }; + String preferredProtocols[] = { + "TLSv1.2", "TLSv1.1", "TLSv1" + }; String[] supportedCiphers = null; + String[] supportedProtocols = null; try { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, null, new SecureRandom()); SSLSocketFactory sf = sslContext.getSocketFactory(); supportedCiphers = sf.getSupportedCipherSuites(); + SSLSocket sock = (SSLSocket)sf.createSocket(); + supportedProtocols = sock.getSupportedProtocols(); + } catch (IOException ioe) { + ioe.printStackTrace(); } catch (KeyManagementException kme) { kme.printStackTrace(); } catch (NoSuchAlgorithmException nsae) { @@ -57,6 +66,8 @@ public class TrustedSocketFactory implements LayeredSocketFactory { ENABLED_CIPHERS = supportedCiphers == null ? null : filterBySupport(preferredCiphers, supportedCiphers); + ENABLED_PROTOCOLS = supportedProtocols == null ? null : + filterBySupport(preferredProtocols, supportedProtocols); } protected static String[] filterBySupport(String[] preferred, String[] supported) { @@ -70,10 +81,6 @@ public class TrustedSocketFactory implements LayeredSocketFactory { return enabled.toArray(new String[enabled.size()]); } - protected static final String ENABLED_PROTOCOLS[] = { - "TLSv1.2", "TLSv1.1", "TLSv1" - }; - public TrustedSocketFactory(String host, boolean secure) throws NoSuchAlgorithmException, KeyManagementException { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[] { @@ -103,7 +110,9 @@ public class TrustedSocketFactory implements LayeredSocketFactory { if (ENABLED_CIPHERS != null) { sock.setEnabledCipherSuites(ENABLED_CIPHERS); } - sock.setEnabledProtocols(ENABLED_PROTOCOLS); + if (ENABLED_PROTOCOLS != null) { + sock.setEnabledProtocols(ENABLED_PROTOCOLS); + } } public Socket createSocket(