aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/eu/siacs/conversations
diff options
context:
space:
mode:
authorDaniel Gultsch <daniel@gultsch.de>2015-02-09 16:04:54 +0100
committerDaniel Gultsch <daniel@gultsch.de>2015-02-09 16:04:54 +0100
commitc3260d620e7f5712440496a60416b6f3389221aa (patch)
tree0ce9dbb96e564645699de5c5e71f592c1b62af6a /src/main/java/eu/siacs/conversations
parent026be61b7290829899a685c119f8924550386494 (diff)
parent03d30e4fdb0b60c4c4531703495a385c97cfbe10 (diff)
Merge pull request #959 from SamWhited/ciphers_fix
Ciphers fix
Diffstat (limited to 'src/main/java/eu/siacs/conversations')
-rw-r--r--src/main/java/eu/siacs/conversations/Config.java4
-rw-r--r--src/main/java/eu/siacs/conversations/http/HttpConnection.java2
-rw-r--r--src/main/java/eu/siacs/conversations/utils/CryptoHelper.java12
-rw-r--r--src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java3
4 files changed, 12 insertions, 9 deletions
diff --git a/src/main/java/eu/siacs/conversations/Config.java b/src/main/java/eu/siacs/conversations/Config.java
index 7a50c47f6..d8b3139ee 100644
--- a/src/main/java/eu/siacs/conversations/Config.java
+++ b/src/main/java/eu/siacs/conversations/Config.java
@@ -34,8 +34,8 @@ public final class Config {
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
- "TLS_ECDHE_RSA_AES_128_SHA",
- "TLS_ECDHE_RSA_AES_256_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA384",
diff --git a/src/main/java/eu/siacs/conversations/http/HttpConnection.java b/src/main/java/eu/siacs/conversations/http/HttpConnection.java
index 4bff52514..e7d309190 100644
--- a/src/main/java/eu/siacs/conversations/http/HttpConnection.java
+++ b/src/main/java/eu/siacs/conversations/http/HttpConnection.java
@@ -148,7 +148,7 @@ public class HttpConnection implements Downloadable {
mXmppConnectionService.getRNG());
final SSLSocketFactory sf = sc.getSocketFactory();
- final String[] cipherSuites = CryptoHelper.getSupportedCipherSuites(
+ final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
sf.getSupportedCipherSuites());
if (cipherSuites.length > 0) {
sc.getDefaultSSLParameters().setCipherSuites(cipherSuites);
diff --git a/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java b/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java
index fc21acbca..31fe2c116 100644
--- a/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java
+++ b/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java
@@ -5,6 +5,7 @@ import java.text.Normalizer;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedHashSet;
+import java.util.List;
import eu.siacs.conversations.Config;
@@ -97,10 +98,11 @@ public final class CryptoHelper {
return builder.toString();
}
- public static String[] getSupportedCipherSuites(final String[] platformSupportedCipherSuites) {
- //final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
- //cipherSuites.retainAll(Arrays.asList(platformSupportedCipherSuites));
- //return cipherSuites.toArray(new String[cipherSuites.size()]);
- return platformSupportedCipherSuites;
+ public static String[] getOrderedCipherSuites(final String[] platformSupportedCipherSuites) {
+ final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
+ final List<String> platformCiphers = Arrays.asList(platformSupportedCipherSuites);
+ cipherSuites.retainAll(platformCiphers);
+ cipherSuites.addAll(platformCiphers);
+ return cipherSuites.toArray(new String[cipherSuites.size()]);
}
}
diff --git a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
index 19e271b2e..121d8a54b 100644
--- a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
@@ -515,8 +515,9 @@ public class XmppConnection implements Runnable {
sslSocket.setEnabledProtocols(supportProtocols);
- final String[] cipherSuites = CryptoHelper.getSupportedCipherSuites(
+ final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
sslSocket.getSupportedCipherSuites());
+ Log.d(Config.LOGTAG, "Using ciphers: " + Arrays.toString(cipherSuites));
if (cipherSuites.length > 0) {
sslSocket.setEnabledCipherSuites(cipherSuites);
}