Use platform ciphers as well, just prefer ours

This commit is contained in:
Sam Whited 2015-02-02 08:33:55 -05:00
parent ecbceae88b
commit 03d30e4fdb
4 changed files with 12 additions and 9 deletions

View file

@ -34,8 +34,8 @@ public final class Config {
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_AES_128_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_AES_256_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA384",

View file

@ -148,7 +148,7 @@ public class HttpConnection implements Downloadable {
mXmppConnectionService.getRNG()); mXmppConnectionService.getRNG());
final SSLSocketFactory sf = sc.getSocketFactory(); final SSLSocketFactory sf = sc.getSocketFactory();
final String[] cipherSuites = CryptoHelper.getSupportedCipherSuites( final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
sf.getSupportedCipherSuites()); sf.getSupportedCipherSuites());
if (cipherSuites.length > 0) { if (cipherSuites.length > 0) {
sc.getDefaultSSLParameters().setCipherSuites(cipherSuites); sc.getDefaultSSLParameters().setCipherSuites(cipherSuites);

View file

@ -5,6 +5,7 @@ import java.text.Normalizer;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.LinkedHashSet; import java.util.LinkedHashSet;
import java.util.List;
import eu.siacs.conversations.Config; import eu.siacs.conversations.Config;
@ -97,10 +98,11 @@ public final class CryptoHelper {
return builder.toString(); return builder.toString();
} }
public static String[] getSupportedCipherSuites(final String[] platformSupportedCipherSuites) { public static String[] getOrderedCipherSuites(final String[] platformSupportedCipherSuites) {
//final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS)); final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
//cipherSuites.retainAll(Arrays.asList(platformSupportedCipherSuites)); final List<String> platformCiphers = Arrays.asList(platformSupportedCipherSuites);
//return cipherSuites.toArray(new String[cipherSuites.size()]); cipherSuites.retainAll(platformCiphers);
return platformSupportedCipherSuites; cipherSuites.addAll(platformCiphers);
return cipherSuites.toArray(new String[cipherSuites.size()]);
} }
} }

View file

@ -515,8 +515,9 @@ public class XmppConnection implements Runnable {
sslSocket.setEnabledProtocols(supportProtocols); sslSocket.setEnabledProtocols(supportProtocols);
final String[] cipherSuites = CryptoHelper.getSupportedCipherSuites( final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
sslSocket.getSupportedCipherSuites()); sslSocket.getSupportedCipherSuites());
Log.d(Config.LOGTAG, "Using ciphers: " + Arrays.toString(cipherSuites));
if (cipherSuites.length > 0) { if (cipherSuites.length > 0) {
sslSocket.setEnabledCipherSuites(cipherSuites); sslSocket.setEnabledCipherSuites(cipherSuites);
} }