Add "Enable legacy SSL" preference

This commit is contained in:
Sam Whited 2014-10-19 15:53:03 -04:00
parent 113b7d1736
commit 6c7c3ddf15
3 changed files with 43 additions and 14 deletions

View file

@ -250,6 +250,8 @@
<string name="pref_force_encryption_summary">Always send messages encrypted (except for conferences)</string> <string name="pref_force_encryption_summary">Always send messages encrypted (except for conferences)</string>
<string name="pref_dont_save_encrypted">Dont save encrypted messages</string> <string name="pref_dont_save_encrypted">Dont save encrypted messages</string>
<string name="pref_dont_save_encrypted_summary">Warning: This could lead to message loss</string> <string name="pref_dont_save_encrypted_summary">Warning: This could lead to message loss</string>
<string name="pref_enable_legacy_ssl">Enable legacy SSL</string>
<string name="pref_enable_legacy_ssl_summary">Enables SSLv3 support for legacy servers. Warning: SSLv3 is considered insecure.</string>
<string name="pref_expert_options">Expert options</string> <string name="pref_expert_options">Expert options</string>
<string name="pref_expert_options_summary">Please be very careful with those</string> <string name="pref_expert_options_summary">Please be very careful with those</string>
<string name="pref_use_larger_font">Increase font size</string> <string name="pref_use_larger_font">Increase font size</string>

View file

@ -88,6 +88,11 @@
android:key="dont_save_encrypted" android:key="dont_save_encrypted"
android:summary="@string/pref_dont_save_encrypted_summary" android:summary="@string/pref_dont_save_encrypted_summary"
android:title="@string/pref_dont_save_encrypted" /> android:title="@string/pref_dont_save_encrypted" />
<CheckBoxPreference
android:defaultValue="true"
android:key="enable_legacy_ssl"
android:summary="@string/pref_enable_legacy_ssl_summary"
android:title="@string/pref_enable_legacy_ssl" />
</PreferenceCategory> </PreferenceCategory>
<PreferenceCategory android:title="@string/pref_expert_options_other" > <PreferenceCategory android:title="@string/pref_expert_options_other" >
<CheckBoxPreference <CheckBoxPreference

View file

@ -13,6 +13,7 @@ import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.Hashtable; import java.util.Hashtable;
import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map.Entry; import java.util.Map.Entry;
@ -27,15 +28,19 @@ import org.xmlpull.v1.XmlPullParserException;
import de.duenndns.ssl.MemorizingTrustManager; import de.duenndns.ssl.MemorizingTrustManager;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Bundle; import android.os.Bundle;
import android.os.PowerManager; import android.os.PowerManager;
import android.os.PowerManager.WakeLock; import android.os.PowerManager.WakeLock;
import android.os.SystemClock; import android.os.SystemClock;
import android.preference.PreferenceManager;
import android.util.Log; import android.util.Log;
import android.util.SparseArray; import android.util.SparseArray;
import eu.siacs.conversations.Config; import eu.siacs.conversations.Config;
import eu.siacs.conversations.entities.Account; import eu.siacs.conversations.entities.Account;
import eu.siacs.conversations.services.XmppConnectionService; import eu.siacs.conversations.services.XmppConnectionService;
import eu.siacs.conversations.ui.StartConversationActivity;
import eu.siacs.conversations.utils.CryptoHelper; import eu.siacs.conversations.utils.CryptoHelper;
import eu.siacs.conversations.utils.DNSHelper; import eu.siacs.conversations.utils.DNSHelper;
import eu.siacs.conversations.utils.zlib.ZLibOutputStream; import eu.siacs.conversations.utils.zlib.ZLibOutputStream;
@ -105,6 +110,7 @@ public class XmppConnection implements Runnable {
private OnBindListener bindListener = null; private OnBindListener bindListener = null;
private OnMessageAcknowledged acknowledgedListener = null; private OnMessageAcknowledged acknowledgedListener = null;
private MemorizingTrustManager mMemorizingTrustManager; private MemorizingTrustManager mMemorizingTrustManager;
private final Context applicationContext;
public XmppConnection(Account account, XmppConnectionService service) { public XmppConnection(Account account, XmppConnectionService service) {
this.mRandom = service.getRNG(); this.mRandom = service.getRNG();
@ -113,6 +119,7 @@ public class XmppConnection implements Runnable {
this.wakeLock = service.getPowerManager().newWakeLock( this.wakeLock = service.getPowerManager().newWakeLock(
PowerManager.PARTIAL_WAKE_LOCK, account.getJid()); PowerManager.PARTIAL_WAKE_LOCK, account.getJid());
tagWriter = new TagWriter(); tagWriter = new TagWriter();
applicationContext = service.getApplicationContext();
} }
protected void changeStatus(int nextStatus) { protected void changeStatus(int nextStatus) {
@ -505,6 +512,14 @@ public class XmppConnection implements Runnable {
tagWriter.writeTag(startTLS); tagWriter.writeTag(startTLS);
} }
private SharedPreferences getPreferences() {
return PreferenceManager.getDefaultSharedPreferences(applicationContext);
}
private boolean enableLegacySSL() {
return getPreferences().getBoolean("enable_legacy_ssl", true);
}
private void switchOverToTls(Tag currentTag) throws XmlPullParserException, private void switchOverToTls(Tag currentTag) throws XmlPullParserException,
IOException { IOException {
tagReader.readTag(); tagReader.readTag();
@ -524,10 +539,17 @@ public class XmppConnection implements Runnable {
// Support all protocols except legacy SSL. // Support all protocols except legacy SSL.
// The min SDK version prevents us having to worry about SSLv2. In future, this may be // The min SDK version prevents us having to worry about SSLv2. In future, this may be
// true of SSLv3 as well. // true of SSLv3 as well.
final String[] supportProtocols;
if (enableLegacySSL()) {
supportProtocols = sslSocket.getSupportedProtocols();
} else {
final List<String> supportedProtocols = new LinkedList<String>(Arrays.asList( final List<String> supportedProtocols = new LinkedList<String>(Arrays.asList(
sslSocket.getSupportedProtocols())); sslSocket.getSupportedProtocols()));
supportedProtocols.remove("SSLv3"); supportedProtocols.remove("SSLv3");
sslSocket.setEnabledProtocols(supportedProtocols.toArray(new String[supportedProtocols.size()])); supportProtocols = new String[supportedProtocols.size()];
supportedProtocols.toArray(supportProtocols);
}
sslSocket.setEnabledProtocols(supportProtocols);
if (verifier != null if (verifier != null
&& !verifier.verify(account.getServer(), && !verifier.verify(account.getServer(),