Merge pull request #554 from SamWhited/tls
Enable TLSv1.1 and 1.2 and add option to enable/disable SSLv3
This commit is contained in:
commit
0b61fb0129
|
@ -250,6 +250,8 @@
|
||||||
<string name="pref_force_encryption_summary">Always send messages encrypted (except for conferences)</string>
|
<string name="pref_force_encryption_summary">Always send messages encrypted (except for conferences)</string>
|
||||||
<string name="pref_dont_save_encrypted">Don’t save encrypted messages</string>
|
<string name="pref_dont_save_encrypted">Don’t save encrypted messages</string>
|
||||||
<string name="pref_dont_save_encrypted_summary">Warning: This could lead to message loss</string>
|
<string name="pref_dont_save_encrypted_summary">Warning: This could lead to message loss</string>
|
||||||
|
<string name="pref_enable_legacy_ssl">Enable legacy SSL</string>
|
||||||
|
<string name="pref_enable_legacy_ssl_summary">Enables SSLv3 support for legacy servers. Warning: SSLv3 is considered insecure.</string>
|
||||||
<string name="pref_expert_options">Expert options</string>
|
<string name="pref_expert_options">Expert options</string>
|
||||||
<string name="pref_expert_options_summary">Please be very careful with those</string>
|
<string name="pref_expert_options_summary">Please be very careful with those</string>
|
||||||
<string name="pref_use_larger_font">Increase font size</string>
|
<string name="pref_use_larger_font">Increase font size</string>
|
||||||
|
|
|
@ -88,6 +88,11 @@
|
||||||
android:key="dont_save_encrypted"
|
android:key="dont_save_encrypted"
|
||||||
android:summary="@string/pref_dont_save_encrypted_summary"
|
android:summary="@string/pref_dont_save_encrypted_summary"
|
||||||
android:title="@string/pref_dont_save_encrypted" />
|
android:title="@string/pref_dont_save_encrypted" />
|
||||||
|
<CheckBoxPreference
|
||||||
|
android:defaultValue="false"
|
||||||
|
android:key="enable_legacy_ssl"
|
||||||
|
android:summary="@string/pref_enable_legacy_ssl_summary"
|
||||||
|
android:title="@string/pref_enable_legacy_ssl" />
|
||||||
</PreferenceCategory>
|
</PreferenceCategory>
|
||||||
<PreferenceCategory android:title="@string/pref_expert_options_other" >
|
<PreferenceCategory android:title="@string/pref_expert_options_other" >
|
||||||
<CheckBoxPreference
|
<CheckBoxPreference
|
||||||
|
|
|
@ -10,8 +10,10 @@ import java.security.KeyManagementException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Hashtable;
|
import java.util.Hashtable;
|
||||||
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map.Entry;
|
import java.util.Map.Entry;
|
||||||
|
|
||||||
|
@ -26,15 +28,19 @@ import org.xmlpull.v1.XmlPullParserException;
|
||||||
|
|
||||||
import de.duenndns.ssl.MemorizingTrustManager;
|
import de.duenndns.ssl.MemorizingTrustManager;
|
||||||
|
|
||||||
|
import android.content.Context;
|
||||||
|
import android.content.SharedPreferences;
|
||||||
import android.os.Bundle;
|
import android.os.Bundle;
|
||||||
import android.os.PowerManager;
|
import android.os.PowerManager;
|
||||||
import android.os.PowerManager.WakeLock;
|
import android.os.PowerManager.WakeLock;
|
||||||
import android.os.SystemClock;
|
import android.os.SystemClock;
|
||||||
|
import android.preference.PreferenceManager;
|
||||||
import android.util.Log;
|
import android.util.Log;
|
||||||
import android.util.SparseArray;
|
import android.util.SparseArray;
|
||||||
import eu.siacs.conversations.Config;
|
import eu.siacs.conversations.Config;
|
||||||
import eu.siacs.conversations.entities.Account;
|
import eu.siacs.conversations.entities.Account;
|
||||||
import eu.siacs.conversations.services.XmppConnectionService;
|
import eu.siacs.conversations.services.XmppConnectionService;
|
||||||
|
import eu.siacs.conversations.ui.StartConversationActivity;
|
||||||
import eu.siacs.conversations.utils.CryptoHelper;
|
import eu.siacs.conversations.utils.CryptoHelper;
|
||||||
import eu.siacs.conversations.utils.DNSHelper;
|
import eu.siacs.conversations.utils.DNSHelper;
|
||||||
import eu.siacs.conversations.utils.zlib.ZLibOutputStream;
|
import eu.siacs.conversations.utils.zlib.ZLibOutputStream;
|
||||||
|
@ -105,6 +111,7 @@ public class XmppConnection implements Runnable {
|
||||||
private OnBindListener bindListener = null;
|
private OnBindListener bindListener = null;
|
||||||
private OnMessageAcknowledged acknowledgedListener = null;
|
private OnMessageAcknowledged acknowledgedListener = null;
|
||||||
private MemorizingTrustManager mMemorizingTrustManager;
|
private MemorizingTrustManager mMemorizingTrustManager;
|
||||||
|
private final Context applicationContext;
|
||||||
|
|
||||||
public XmppConnection(Account account, XmppConnectionService service) {
|
public XmppConnection(Account account, XmppConnectionService service) {
|
||||||
this.mRandom = service.getRNG();
|
this.mRandom = service.getRNG();
|
||||||
|
@ -113,6 +120,7 @@ public class XmppConnection implements Runnable {
|
||||||
this.wakeLock = service.getPowerManager().newWakeLock(
|
this.wakeLock = service.getPowerManager().newWakeLock(
|
||||||
PowerManager.PARTIAL_WAKE_LOCK, account.getJid());
|
PowerManager.PARTIAL_WAKE_LOCK, account.getJid());
|
||||||
tagWriter = new TagWriter();
|
tagWriter = new TagWriter();
|
||||||
|
applicationContext = service.getApplicationContext();
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void changeStatus(int nextStatus) {
|
protected void changeStatus(int nextStatus) {
|
||||||
|
@ -519,6 +527,14 @@ public class XmppConnection implements Runnable {
|
||||||
tagWriter.writeTag(startTLS);
|
tagWriter.writeTag(startTLS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private SharedPreferences getPreferences() {
|
||||||
|
return PreferenceManager.getDefaultSharedPreferences(applicationContext);
|
||||||
|
}
|
||||||
|
|
||||||
|
private boolean enableLegacySSL() {
|
||||||
|
return getPreferences().getBoolean("enable_legacy_ssl", false);
|
||||||
|
}
|
||||||
|
|
||||||
private void switchOverToTls(Tag currentTag) throws XmlPullParserException,
|
private void switchOverToTls(Tag currentTag) throws XmlPullParserException,
|
||||||
IOException {
|
IOException {
|
||||||
tagReader.readTag();
|
tagReader.readTag();
|
||||||
|
@ -535,6 +551,21 @@ public class XmppConnection implements Runnable {
|
||||||
socket.getInetAddress().getHostAddress(), socket.getPort(),
|
socket.getInetAddress().getHostAddress(), socket.getPort(),
|
||||||
true);
|
true);
|
||||||
|
|
||||||
|
// Support all protocols except legacy SSL.
|
||||||
|
// The min SDK version prevents us having to worry about SSLv2. In future, this may be
|
||||||
|
// true of SSLv3 as well.
|
||||||
|
final String[] supportProtocols;
|
||||||
|
if (enableLegacySSL()) {
|
||||||
|
supportProtocols = sslSocket.getSupportedProtocols();
|
||||||
|
} else {
|
||||||
|
final List<String> supportedProtocols = new LinkedList<String>(Arrays.asList(
|
||||||
|
sslSocket.getSupportedProtocols()));
|
||||||
|
supportedProtocols.remove("SSLv3");
|
||||||
|
supportProtocols = new String[supportedProtocols.size()];
|
||||||
|
supportedProtocols.toArray(supportProtocols);
|
||||||
|
}
|
||||||
|
sslSocket.setEnabledProtocols(supportProtocols);
|
||||||
|
|
||||||
if (verifier != null
|
if (verifier != null
|
||||||
&& !verifier.verify(account.getServer(),
|
&& !verifier.verify(account.getServer(),
|
||||||
sslSocket.getSession())) {
|
sslSocket.getSession())) {
|
||||||
|
|
Loading…
Reference in a new issue