1 files changed, 23 insertions, 5 deletions

diff --git a/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java b/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java
index fc21acbc..eb7e2c3c 100644
--- a/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java
+++ b/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java
@@ -4,7 +4,9 @@ import java.security.SecureRandom;
 import java.text.Normalizer;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Iterator;
 import java.util.LinkedHashSet;
+import java.util.List;
 
 import eu.siacs.conversations.Config;
 
@@ -97,10 +99,26 @@ public final class CryptoHelper {
 		return builder.toString();
 	}
 
-	public static String[] getSupportedCipherSuites(final String[] platformSupportedCipherSuites) {
-		//final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
-		//cipherSuites.retainAll(Arrays.asList(platformSupportedCipherSuites));
-		//return cipherSuites.toArray(new String[cipherSuites.size()]);
-		return platformSupportedCipherSuites;
+	public static String[] getOrderedCipherSuites(final String[] platformSupportedCipherSuites) {
+		final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
+		final List<String> platformCiphers = Arrays.asList(platformSupportedCipherSuites);
+		cipherSuites.retainAll(platformCiphers);
+		cipherSuites.addAll(platformCiphers);
+		filterWeakCipherSuites(cipherSuites);
+		return cipherSuites.toArray(new String[cipherSuites.size()]);
+	}
+
+	private static void filterWeakCipherSuites(final Collection<String> cipherSuites) {
+		final Iterator<String> it = cipherSuites.iterator();
+		while (it.hasNext()) {
+			String cipherName = it.next();
+			// remove all ciphers with no or very weak encryption or no authentication
+			for (String weakCipherPattern : Config.WEAK_CIPHER_PATTERNS) {
+				if (cipherName.contains(weakCipherPattern)) {
+					it.remove();
+					break;
+				}
+			}
+		}
 	}
 }