Use platform ciphers as well, just prefer ours
This commit is contained in:
parent
ecbceae88b
commit
03d30e4fdb
|
@ -34,8 +34,8 @@ public final class Config {
|
||||||
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384",
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384",
|
||||||
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256",
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256",
|
||||||
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||||
"TLS_ECDHE_RSA_AES_128_SHA",
|
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
|
||||||
"TLS_ECDHE_RSA_AES_256_SHA",
|
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
|
||||||
|
|
||||||
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
|
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||||
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA384",
|
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA384",
|
||||||
|
|
|
@ -148,7 +148,7 @@ public class HttpConnection implements Downloadable {
|
||||||
mXmppConnectionService.getRNG());
|
mXmppConnectionService.getRNG());
|
||||||
|
|
||||||
final SSLSocketFactory sf = sc.getSocketFactory();
|
final SSLSocketFactory sf = sc.getSocketFactory();
|
||||||
final String[] cipherSuites = CryptoHelper.getSupportedCipherSuites(
|
final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
|
||||||
sf.getSupportedCipherSuites());
|
sf.getSupportedCipherSuites());
|
||||||
if (cipherSuites.length > 0) {
|
if (cipherSuites.length > 0) {
|
||||||
sc.getDefaultSSLParameters().setCipherSuites(cipherSuites);
|
sc.getDefaultSSLParameters().setCipherSuites(cipherSuites);
|
||||||
|
|
|
@ -5,6 +5,7 @@ import java.text.Normalizer;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.LinkedHashSet;
|
import java.util.LinkedHashSet;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
import eu.siacs.conversations.Config;
|
import eu.siacs.conversations.Config;
|
||||||
|
|
||||||
|
@ -97,10 +98,11 @@ public final class CryptoHelper {
|
||||||
return builder.toString();
|
return builder.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String[] getSupportedCipherSuites(final String[] platformSupportedCipherSuites) {
|
public static String[] getOrderedCipherSuites(final String[] platformSupportedCipherSuites) {
|
||||||
//final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
|
final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
|
||||||
//cipherSuites.retainAll(Arrays.asList(platformSupportedCipherSuites));
|
final List<String> platformCiphers = Arrays.asList(platformSupportedCipherSuites);
|
||||||
//return cipherSuites.toArray(new String[cipherSuites.size()]);
|
cipherSuites.retainAll(platformCiphers);
|
||||||
return platformSupportedCipherSuites;
|
cipherSuites.addAll(platformCiphers);
|
||||||
|
return cipherSuites.toArray(new String[cipherSuites.size()]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -515,8 +515,9 @@ public class XmppConnection implements Runnable {
|
||||||
|
|
||||||
sslSocket.setEnabledProtocols(supportProtocols);
|
sslSocket.setEnabledProtocols(supportProtocols);
|
||||||
|
|
||||||
final String[] cipherSuites = CryptoHelper.getSupportedCipherSuites(
|
final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
|
||||||
sslSocket.getSupportedCipherSuites());
|
sslSocket.getSupportedCipherSuites());
|
||||||
|
Log.d(Config.LOGTAG, "Using ciphers: " + Arrays.toString(cipherSuites));
|
||||||
if (cipherSuites.length > 0) {
|
if (cipherSuites.length > 0) {
|
||||||
sslSocket.setEnabledCipherSuites(cipherSuites);
|
sslSocket.setEnabledCipherSuites(cipherSuites);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue