diff options
author | Daniel Gultsch <daniel@gultsch.de> | 2014-10-20 00:03:32 +0200 |
---|---|---|
committer | Daniel Gultsch <daniel@gultsch.de> | 2014-10-20 00:03:32 +0200 |
commit | 0b61fb01299c43c0cb50d817072dc050ac8fec50 (patch) | |
tree | e63bd7ccee41ae27410117132dcc8fababb05b30 | |
parent | 8263e073362aed2ebfda910df8ddad1e84302db1 (diff) | |
parent | 99ee049115587b8d914d2df707d8bf152fdd42f6 (diff) |
Merge pull request #554 from SamWhited/tls
Enable TLSv1.1 and 1.2 and add option to enable/disable SSLv3
-rw-r--r-- | res/values/strings.xml | 6 | ||||
-rw-r--r-- | res/xml/preferences.xml | 7 | ||||
-rw-r--r-- | src/eu/siacs/conversations/xmpp/XmppConnection.java | 45 |
3 files changed, 48 insertions, 10 deletions
diff --git a/res/values/strings.xml b/res/values/strings.xml index bc3fc6e4..ac77ca66 100644 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -249,8 +249,10 @@ <string name="pref_force_encryption">Force end-to-end encryption</string> <string name="pref_force_encryption_summary">Always send messages encrypted (except for conferences)</string> <string name="pref_dont_save_encrypted">Don’t save encrypted messages</string> - <string name="pref_dont_save_encrypted_summary">Warning: This could lead to message loss</string> - <string name="pref_expert_options">Expert options</string> + <string name="pref_dont_save_encrypted_summary">Warning: This could lead to message loss</string> + <string name="pref_enable_legacy_ssl">Enable legacy SSL</string> + <string name="pref_enable_legacy_ssl_summary">Enables SSLv3 support for legacy servers. Warning: SSLv3 is considered insecure.</string> + <string name="pref_expert_options">Expert options</string> <string name="pref_expert_options_summary">Please be very careful with those</string> <string name="pref_use_larger_font">Increase font size</string> <string name="pref_use_larger_font_summary">Use larger font sizes across the entire app</string> diff --git a/res/xml/preferences.xml b/res/xml/preferences.xml index eccc8bae..e4a527f6 100644 --- a/res/xml/preferences.xml +++ b/res/xml/preferences.xml @@ -88,6 +88,11 @@ android:key="dont_save_encrypted" android:summary="@string/pref_dont_save_encrypted_summary" android:title="@string/pref_dont_save_encrypted" /> + <CheckBoxPreference + android:defaultValue="false" + android:key="enable_legacy_ssl" + android:summary="@string/pref_enable_legacy_ssl_summary" + android:title="@string/pref_enable_legacy_ssl" /> </PreferenceCategory> <PreferenceCategory android:title="@string/pref_expert_options_other" > <CheckBoxPreference @@ -105,4 +110,4 @@ android:title="@string/pref_never_send_crash" /> </PreferenceCategory> -</PreferenceScreen>
\ No newline at end of file +</PreferenceScreen> diff --git a/src/eu/siacs/conversations/xmpp/XmppConnection.java b/src/eu/siacs/conversations/xmpp/XmppConnection.java index debcaa51..0252d80e 100644 --- a/src/eu/siacs/conversations/xmpp/XmppConnection.java +++ b/src/eu/siacs/conversations/xmpp/XmppConnection.java @@ -10,8 +10,10 @@ import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.ArrayList; +import java.util.Arrays; import java.util.HashMap; import java.util.Hashtable; +import java.util.LinkedList; import java.util.List; import java.util.Map.Entry; @@ -26,15 +28,19 @@ import org.xmlpull.v1.XmlPullParserException; import de.duenndns.ssl.MemorizingTrustManager; +import android.content.Context; +import android.content.SharedPreferences; import android.os.Bundle; import android.os.PowerManager; import android.os.PowerManager.WakeLock; import android.os.SystemClock; +import android.preference.PreferenceManager; import android.util.Log; import android.util.SparseArray; import eu.siacs.conversations.Config; import eu.siacs.conversations.entities.Account; import eu.siacs.conversations.services.XmppConnectionService; +import eu.siacs.conversations.ui.StartConversationActivity; import eu.siacs.conversations.utils.CryptoHelper; import eu.siacs.conversations.utils.DNSHelper; import eu.siacs.conversations.utils.zlib.ZLibOutputStream; @@ -105,6 +111,7 @@ public class XmppConnection implements Runnable { private OnBindListener bindListener = null; private OnMessageAcknowledged acknowledgedListener = null; private MemorizingTrustManager mMemorizingTrustManager; + private final Context applicationContext; public XmppConnection(Account account, XmppConnectionService service) { this.mRandom = service.getRNG(); @@ -113,6 +120,7 @@ public class XmppConnection implements Runnable { this.wakeLock = service.getPowerManager().newWakeLock( PowerManager.PARTIAL_WAKE_LOCK, account.getJid()); tagWriter = new TagWriter(); + applicationContext = service.getApplicationContext(); } protected void changeStatus(int nextStatus) { @@ -377,13 +385,13 @@ public class XmppConnection implements Runnable { iq.addChild("ping", "urn:xmpp:ping"); this.sendIqPacket(iq, new OnIqPacketReceived() { - @Override - public void onIqPacketReceived(Account account, IqPacket packet) { - Log.d(Config.LOGTAG, account.getJid() - + ": online with resource " + account.getResource()); - changeStatus(Account.STATUS_ONLINE); - } - }); + @Override + public void onIqPacketReceived(Account account, IqPacket packet) { + Log.d(Config.LOGTAG, account.getJid() + + ": online with resource " + account.getResource()); + changeStatus(Account.STATUS_ONLINE); + } + }); } private Element processPacket(Tag currentTag, int packetType) @@ -519,6 +527,14 @@ public class XmppConnection implements Runnable { tagWriter.writeTag(startTLS); } + private SharedPreferences getPreferences() { + return PreferenceManager.getDefaultSharedPreferences(applicationContext); + } + + private boolean enableLegacySSL() { + return getPreferences().getBoolean("enable_legacy_ssl", false); + } + private void switchOverToTls(Tag currentTag) throws XmlPullParserException, IOException { tagReader.readTag(); @@ -535,6 +551,21 @@ public class XmppConnection implements Runnable { socket.getInetAddress().getHostAddress(), socket.getPort(), true); + // Support all protocols except legacy SSL. + // The min SDK version prevents us having to worry about SSLv2. In future, this may be + // true of SSLv3 as well. + final String[] supportProtocols; + if (enableLegacySSL()) { + supportProtocols = sslSocket.getSupportedProtocols(); + } else { + final List<String> supportedProtocols = new LinkedList<String>(Arrays.asList( + sslSocket.getSupportedProtocols())); + supportedProtocols.remove("SSLv3"); + supportProtocols = new String[supportedProtocols.size()]; + supportedProtocols.toArray(supportProtocols); + } + sslSocket.setEnabledProtocols(supportProtocols); + if (verifier != null && !verifier.verify(account.getServer(), sslSocket.getSession())) { |