use TLSv1.2 as SSL context on supported plattforms

This commit is contained in:
Daniel Gultsch 2016-02-03 18:17:16 +01:00
parent 1d572c61d0
commit 7dd9545ea3
3 changed files with 14 additions and 2 deletions

View file

@ -23,6 +23,7 @@ import eu.siacs.conversations.entities.Message;
import eu.siacs.conversations.services.AbstractConnectionManager;
import eu.siacs.conversations.services.XmppConnectionService;
import eu.siacs.conversations.utils.CryptoHelper;
import eu.siacs.conversations.utils.SSLSocketHelper;
public class HttpConnectionManager extends AbstractConnectionManager {
@ -76,7 +77,7 @@ public class HttpConnectionManager extends AbstractConnectionManager {
new StrictHostnameVerifier());
}
try {
final SSLContext sc = SSLContext.getInstance("TLS");
final SSLContext sc = SSLSocketHelper.getSSLContext();
sc.init(null, new X509TrustManager[]{trustManager},
mXmppConnectionService.getRNG());

View file

@ -1,11 +1,14 @@
package eu.siacs.conversations.utils;
import android.os.Build;
import java.lang.reflect.Method;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedList;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
@ -59,4 +62,12 @@ public class SSLSocketHelper {
// ignore any error, we just can't set the alpn protocol...
}
}
public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
return SSLContext.getInstance("TLSv1.2");
} else {
return SSLContext.getInstance("TLS");
}
}
}

View file

@ -408,7 +408,7 @@ public class XmppConnection implements Runnable {
}
private TlsFactoryVerifier getTlsFactoryVerifier() throws NoSuchAlgorithmException, KeyManagementException, IOException {
final SSLContext sc = SSLContext.getInstance("TLS");
final SSLContext sc = SSLSocketHelper.getSSLContext();
MemorizingTrustManager trustManager = this.mXmppConnectionService.getMemorizingTrustManager();
KeyManager[] keyManager;
if (account.getPrivateKeyAlias() != null && account.getPassword().isEmpty()) {