filter TLS protocol versions by support as well

2013-10-20 10:40:16 +02:00 · 2013-10-20 10:40:16 +02:00 · 105d3b3c4e
commit 105d3b3c4e
parent 77d43fb7bd
1 changed files with 14 additions and 5 deletions
--- a/src/com/fsck/k9/mail/transport/TrustedSocketFactory.java
+++ b/src/com/fsck/k9/mail/transport/TrustedSocketFactory.java
@ -23,6 +23,7 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
    private org.apache.http.conn.ssl.SSLSocketFactory mSchemeSocketFactory;

 	protected static final String ENABLED_CIPHERS[];
+    protected static final String ENABLED_PROTOCOLS[];

    static {
        String preferredCiphers[] = {
@ -41,14 +42,22 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
            "SSL_RSA_WITH_RC4_128_SHA",
            "SSL_RSA_WITH_RC4_128_MD5",
        };
+        String preferredProtocols[] = {
+            "TLSv1.2", "TLSv1.1", "TLSv1"
+        };

        String[] supportedCiphers = null;
+        String[] supportedProtocols = null;

        try {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, null, new SecureRandom());
            SSLSocketFactory sf = sslContext.getSocketFactory();
            supportedCiphers = sf.getSupportedCipherSuites();
+            SSLSocket sock = (SSLSocket)sf.createSocket();
+            supportedProtocols = sock.getSupportedProtocols();
+        } catch (IOException ioe) {
+            ioe.printStackTrace();
        } catch (KeyManagementException kme) {
            kme.printStackTrace();
        } catch (NoSuchAlgorithmException nsae) {
@ -57,6 +66,8 @@ public class TrustedSocketFactory implements LayeredSocketFactory {

        ENABLED_CIPHERS = supportedCiphers == null ? null :
            filterBySupport(preferredCiphers, supportedCiphers);
+        ENABLED_PROTOCOLS = supportedProtocols == null ? null :
+            filterBySupport(preferredProtocols, supportedProtocols);
    }

    protected static String[] filterBySupport(String[] preferred, String[] supported) {
@ -70,10 +81,6 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
        return enabled.toArray(new String[enabled.size()]);
    }

-    protected static final String ENABLED_PROTOCOLS[] = {
-        "TLSv1.2", "TLSv1.1", "TLSv1"
-    };
-
    public TrustedSocketFactory(String host, boolean secure) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, new TrustManager[] {
@ -103,8 +110,10 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
        if (ENABLED_CIPHERS != null) {
            sock.setEnabledCipherSuites(ENABLED_CIPHERS);
        }
+        if (ENABLED_PROTOCOLS != null) {
            sock.setEnabledProtocols(ENABLED_PROTOCOLS);
        }
+    }

    public Socket createSocket(
        final Socket socket,