From 503237087ffc5585876dfdb96ef167960bef0f15 Mon Sep 17 00:00:00 2001 From: Sam Whited Date: Sat, 17 Jan 2015 13:40:15 -0500 Subject: [PATCH] Remove legacy SSL support --- .gitignore | 1 + .../conversations/xmpp/XmppConnection.java | 24 ++++++++----------- src/main/res/values-cs/strings.xml | 1 - src/main/res/values-de/strings.xml | 1 - src/main/res/values-es/strings.xml | 1 - src/main/res/values-eu/strings.xml | 1 - src/main/res/values-fr/strings.xml | 1 - src/main/res/values-it/strings.xml | 1 - src/main/res/values-nl/strings.xml | 1 - src/main/res/values-sv/strings.xml | 1 - src/main/res/values/strings.xml | 2 -- src/main/res/xml/preferences.xml | 5 ---- 12 files changed, 11 insertions(+), 29 deletions(-) diff --git a/.gitignore b/.gitignore index 5b4928353..7ddfcc0d3 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,4 @@ proguard/ .idea import-summary.txt +.navigation/ diff --git a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java index 6424b1d5c..c16ac32bd 100644 --- a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java +++ b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java @@ -507,23 +507,19 @@ public class XmppConnection implements Runnable { } final String[] supportProtocols; - if (enableLegacySSL()) { - supportProtocols = sslSocket.getSupportedProtocols(); - } else { - final Collection supportedProtocols = new LinkedList<>( - Arrays.asList(sslSocket.getSupportedProtocols())); - supportedProtocols.remove("SSLv3"); - supportProtocols = new String[supportedProtocols.size()]; - supportedProtocols.toArray(supportProtocols); + final Collection supportedProtocols = new LinkedList<>( + Arrays.asList(sslSocket.getSupportedProtocols())); + supportedProtocols.remove("SSLv3"); + supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]); - final String[] cipherSuites = CryptoHelper.getSupportedCipherSuites( - sslSocket.getSupportedCipherSuites()); - if (cipherSuites.length > 0) { - sslSocket.setEnabledCipherSuites(cipherSuites); - } - } sslSocket.setEnabledProtocols(supportProtocols); + final String[] cipherSuites = CryptoHelper.getSupportedCipherSuites( + sslSocket.getSupportedCipherSuites()); + if (cipherSuites.length > 0) { + sslSocket.setEnabledCipherSuites(cipherSuites); + } + if (!verifier.verify(account.getServer().getDomainpart(),sslSocket.getSession())) { Log.d(Config.LOGTAG,account.getJid().toBareJid()+": TLS certificate verification failed"); disconnect(true); diff --git a/src/main/res/values-cs/strings.xml b/src/main/res/values-cs/strings.xml index 77b169f20..f05020b79 100644 --- a/src/main/res/values-cs/strings.xml +++ b/src/main/res/values-cs/strings.xml @@ -267,7 +267,6 @@ Vždy zasílat šifrované zprávy (mimo konference) Neukládat šifrované zprávy Varování: Toto může vést ke ztrátě zpráv - Povolit zastaralé SSL Expertní nastavení S tímto zacházejte velmi opatrně O aplikaci Conversations diff --git a/src/main/res/values-de/strings.xml b/src/main/res/values-de/strings.xml index 60596bf80..eb9d5dd5f 100644 --- a/src/main/res/values-de/strings.xml +++ b/src/main/res/values-de/strings.xml @@ -267,7 +267,6 @@ Nachrichten immer verschlüsseln (außer für Konferenzen) Verschlüsselte Nachrichten nicht speichern Achtung: kann zu Nachrichtenverlust führen - Alte SSL-Version aktivieren Einstellungen für Experten Hier bitte vorsichtig sein Über Conversations diff --git a/src/main/res/values-es/strings.xml b/src/main/res/values-es/strings.xml index efc51dd95..7a20341d1 100644 --- a/src/main/res/values-es/strings.xml +++ b/src/main/res/values-es/strings.xml @@ -267,7 +267,6 @@ Siempre enviar mensajes cifrados (excepto para conversaciones en grupo) No guardar mensajes cifrados Aviso: Esto podría llevar a pérdida de mensajes - Habilitar SSL heredado Ajustes avanzados Por favor, cuidado con estas opciones Acerca de Conversations diff --git a/src/main/res/values-eu/strings.xml b/src/main/res/values-eu/strings.xml index fa22ddb31..5e3256954 100644 --- a/src/main/res/values-eu/strings.xml +++ b/src/main/res/values-eu/strings.xml @@ -267,7 +267,6 @@ Mezuak beti enkriptatuta bidali (konferentzietan izan ezik) Ez gorde enkriptatutako mezuak Adi: Honek mezuen galera ekar lezake - Oinordetutako SSL gaitu Adituentzako aukerak Mesedez kontuz ibili hauekin Conversationsi buruz diff --git a/src/main/res/values-fr/strings.xml b/src/main/res/values-fr/strings.xml index e9b09b7d2..7767fb606 100644 --- a/src/main/res/values-fr/strings.xml +++ b/src/main/res/values-fr/strings.xml @@ -267,7 +267,6 @@ Toujours envoyer des messages chiffrés (sauf pour les conférences) Ne pas sauvegarder les messages chiffrés Attention: Celà peut mener à une perte de messages - Activer SSL hérité Options avancées A utiliser avec précautions Sur Conversations diff --git a/src/main/res/values-it/strings.xml b/src/main/res/values-it/strings.xml index 0e659e458..e733dff85 100644 --- a/src/main/res/values-it/strings.xml +++ b/src/main/res/values-it/strings.xml @@ -267,7 +267,6 @@ Manda sempre messaggi cifrati (ad eccezione delle conferenze) Non salvare i messaggi cifrati Attenzione: Questo potrebbe comportare la perdita di messaggi - Abilita il vecchio SSL Opzioni da Esperto Fai attenzione con queste impostazioni Info su Conversations diff --git a/src/main/res/values-nl/strings.xml b/src/main/res/values-nl/strings.xml index bd347bff5..540914dd4 100644 --- a/src/main/res/values-nl/strings.xml +++ b/src/main/res/values-nl/strings.xml @@ -267,7 +267,6 @@ Stuur berichten altijd versleuteld (behalve in groepsgesprekken) Sla versleutelde berichten niet op Waarschuwing: Dit kan leiden tot verlies van berichten - Sta legacy SSL toe Expert-instellingen Wees voorzichtig met deze instellingen Over Conversations diff --git a/src/main/res/values-sv/strings.xml b/src/main/res/values-sv/strings.xml index f7bcd5b5a..79a8656b3 100644 --- a/src/main/res/values-sv/strings.xml +++ b/src/main/res/values-sv/strings.xml @@ -267,7 +267,6 @@ Sänd alltid krypterade meddelanden (utom för konferenser) Spara in krypterade meddelanden Varning: Detta kan leda till att meddelanden förloras - Aktivera förlegad SSL Expertinställningar Var försiktig med dem Om Conversations diff --git a/src/main/res/values/strings.xml b/src/main/res/values/strings.xml index 2dac29da8..dc4c1bdbb 100644 --- a/src/main/res/values/strings.xml +++ b/src/main/res/values/strings.xml @@ -269,8 +269,6 @@ Always send messages encrypted (except for conferences) Don’t save encrypted messages Warning: This could lead to message loss - Enable legacy SSL - Enables legacy SSLv3 support and insecure SSL ciphers. Expert options Please be careful with these About Conversations diff --git a/src/main/res/xml/preferences.xml b/src/main/res/xml/preferences.xml index 2ff6800b9..7c92530f2 100644 --- a/src/main/res/xml/preferences.xml +++ b/src/main/res/xml/preferences.xml @@ -116,11 +116,6 @@ android:key="dont_save_encrypted" android:summary="@string/pref_dont_save_encrypted_summary" android:title="@string/pref_dont_save_encrypted" /> -