wbrawner/thunderbird-android
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

filter TLS protocol versions by support as well

Browse source
This commit is contained in:
András Veres-Szentkirályi 2013-10-20 10:40:16 +02:00
parent 77d43fb7bd
commit 105d3b3c4e
1 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
src/com/fsck/k9/mail/transport/TrustedSocketFactory.java
View file

@ -23,6 +23,7 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
private org.apache.http.conn.ssl.SSLSocketFactory mSchemeSocketFactory; private org.apache.http.conn.ssl.SSLSocketFactory mSchemeSocketFactory;
protected static final String ENABLED_CIPHERS[]; protected static final String ENABLED_CIPHERS[];
protected static final String ENABLED_PROTOCOLS[];
static { static {
String preferredCiphers[] = { String preferredCiphers[] = {
@ -41,14 +42,22 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
"SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5",
}; };
String preferredProtocols[] = {
"TLSv1.2", "TLSv1.1", "TLSv1"
};
String[] supportedCiphers = null; String[] supportedCiphers = null;
String[] supportedProtocols = null;
try { try {
SSLContext sslContext = SSLContext.getInstance("TLS"); SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, null, new SecureRandom()); sslContext.init(null, null, new SecureRandom());
SSLSocketFactory sf = sslContext.getSocketFactory(); SSLSocketFactory sf = sslContext.getSocketFactory();
supportedCiphers = sf.getSupportedCipherSuites(); supportedCiphers = sf.getSupportedCipherSuites();
SSLSocket sock = (SSLSocket)sf.createSocket();
supportedProtocols = sock.getSupportedProtocols();
} catch (IOException ioe) {
ioe.printStackTrace();
} catch (KeyManagementException kme) { } catch (KeyManagementException kme) {
kme.printStackTrace(); kme.printStackTrace();
} catch (NoSuchAlgorithmException nsae) { } catch (NoSuchAlgorithmException nsae) {
@ -57,6 +66,8 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
ENABLED_CIPHERS = supportedCiphers == null ? null : ENABLED_CIPHERS = supportedCiphers == null ? null :
filterBySupport(preferredCiphers, supportedCiphers); filterBySupport(preferredCiphers, supportedCiphers);
ENABLED_PROTOCOLS = supportedProtocols == null ? null :
filterBySupport(preferredProtocols, supportedProtocols);
} }
protected static String[] filterBySupport(String[] preferred, String[] supported) { protected static String[] filterBySupport(String[] preferred, String[] supported) {
@ -70,10 +81,6 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
return enabled.toArray(new String[enabled.size()]); return enabled.toArray(new String[enabled.size()]);
} }
protected static final String ENABLED_PROTOCOLS[] = {
"TLSv1.2", "TLSv1.1", "TLSv1"
};
public TrustedSocketFactory(String host, boolean secure) throws NoSuchAlgorithmException, KeyManagementException { public TrustedSocketFactory(String host, boolean secure) throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sslContext = SSLContext.getInstance("TLS"); SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] { sslContext.init(null, new TrustManager[] {
@ -103,7 +110,9 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
if (ENABLED_CIPHERS != null) { if (ENABLED_CIPHERS != null) {
sock.setEnabledCipherSuites(ENABLED_CIPHERS); sock.setEnabledCipherSuites(ENABLED_CIPHERS);
} }
sock.setEnabledProtocols(ENABLED_PROTOCOLS); if (ENABLED_PROTOCOLS != null) {
sock.setEnabledProtocols(ENABLED_PROTOCOLS);
}
} }
public Socket createSocket( public Socket createSocket(