aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Gultsch <daniel@gultsch.de>2014-10-20 00:03:32 +0200
committerDaniel Gultsch <daniel@gultsch.de>2014-10-20 00:03:32 +0200
commit0b61fb01299c43c0cb50d817072dc050ac8fec50 (patch)
treee63bd7ccee41ae27410117132dcc8fababb05b30
parent8263e073362aed2ebfda910df8ddad1e84302db1 (diff)
parent99ee049115587b8d914d2df707d8bf152fdd42f6 (diff)
Merge pull request #554 from SamWhited/tls
Enable TLSv1.1 and 1.2 and add option to enable/disable SSLv3
Diffstat (limited to '')
-rw-r--r--res/values/strings.xml6
-rw-r--r--res/xml/preferences.xml7
-rw-r--r--src/eu/siacs/conversations/xmpp/XmppConnection.java45
3 files changed, 48 insertions, 10 deletions
diff --git a/res/values/strings.xml b/res/values/strings.xml
index bc3fc6e4..ac77ca66 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -249,8 +249,10 @@
<string name="pref_force_encryption">Force end-to-end encryption</string>
<string name="pref_force_encryption_summary">Always send messages encrypted (except for conferences)</string>
<string name="pref_dont_save_encrypted">Don’t save encrypted messages</string>
- <string name="pref_dont_save_encrypted_summary">Warning: This could lead to message loss</string>
- <string name="pref_expert_options">Expert options</string>
+ <string name="pref_dont_save_encrypted_summary">Warning: This could lead to message loss</string>
+ <string name="pref_enable_legacy_ssl">Enable legacy SSL</string>
+ <string name="pref_enable_legacy_ssl_summary">Enables SSLv3 support for legacy servers. Warning: SSLv3 is considered insecure.</string>
+ <string name="pref_expert_options">Expert options</string>
<string name="pref_expert_options_summary">Please be very careful with those</string>
<string name="pref_use_larger_font">Increase font size</string>
<string name="pref_use_larger_font_summary">Use larger font sizes across the entire app</string>
diff --git a/res/xml/preferences.xml b/res/xml/preferences.xml
index eccc8bae..e4a527f6 100644
--- a/res/xml/preferences.xml
+++ b/res/xml/preferences.xml
@@ -88,6 +88,11 @@
android:key="dont_save_encrypted"
android:summary="@string/pref_dont_save_encrypted_summary"
android:title="@string/pref_dont_save_encrypted" />
+ <CheckBoxPreference
+ android:defaultValue="false"
+ android:key="enable_legacy_ssl"
+ android:summary="@string/pref_enable_legacy_ssl_summary"
+ android:title="@string/pref_enable_legacy_ssl" />
</PreferenceCategory>
<PreferenceCategory android:title="@string/pref_expert_options_other" >
<CheckBoxPreference
@@ -105,4 +110,4 @@
android:title="@string/pref_never_send_crash" />
</PreferenceCategory>
-</PreferenceScreen> \ No newline at end of file
+</PreferenceScreen>
diff --git a/src/eu/siacs/conversations/xmpp/XmppConnection.java b/src/eu/siacs/conversations/xmpp/XmppConnection.java
index debcaa51..0252d80e 100644
--- a/src/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/eu/siacs/conversations/xmpp/XmppConnection.java
@@ -10,8 +10,10 @@ import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
+import java.util.LinkedList;
import java.util.List;
import java.util.Map.Entry;
@@ -26,15 +28,19 @@ import org.xmlpull.v1.XmlPullParserException;
import de.duenndns.ssl.MemorizingTrustManager;
+import android.content.Context;
+import android.content.SharedPreferences;
import android.os.Bundle;
import android.os.PowerManager;
import android.os.PowerManager.WakeLock;
import android.os.SystemClock;
+import android.preference.PreferenceManager;
import android.util.Log;
import android.util.SparseArray;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.entities.Account;
import eu.siacs.conversations.services.XmppConnectionService;
+import eu.siacs.conversations.ui.StartConversationActivity;
import eu.siacs.conversations.utils.CryptoHelper;
import eu.siacs.conversations.utils.DNSHelper;
import eu.siacs.conversations.utils.zlib.ZLibOutputStream;
@@ -105,6 +111,7 @@ public class XmppConnection implements Runnable {
private OnBindListener bindListener = null;
private OnMessageAcknowledged acknowledgedListener = null;
private MemorizingTrustManager mMemorizingTrustManager;
+ private final Context applicationContext;
public XmppConnection(Account account, XmppConnectionService service) {
this.mRandom = service.getRNG();
@@ -113,6 +120,7 @@ public class XmppConnection implements Runnable {
this.wakeLock = service.getPowerManager().newWakeLock(
PowerManager.PARTIAL_WAKE_LOCK, account.getJid());
tagWriter = new TagWriter();
+ applicationContext = service.getApplicationContext();
}
protected void changeStatus(int nextStatus) {
@@ -377,13 +385,13 @@ public class XmppConnection implements Runnable {
iq.addChild("ping", "urn:xmpp:ping");
this.sendIqPacket(iq, new OnIqPacketReceived() {
- @Override
- public void onIqPacketReceived(Account account, IqPacket packet) {
- Log.d(Config.LOGTAG, account.getJid()
- + ": online with resource " + account.getResource());
- changeStatus(Account.STATUS_ONLINE);
- }
- });
+ @Override
+ public void onIqPacketReceived(Account account, IqPacket packet) {
+ Log.d(Config.LOGTAG, account.getJid()
+ + ": online with resource " + account.getResource());
+ changeStatus(Account.STATUS_ONLINE);
+ }
+ });
}
private Element processPacket(Tag currentTag, int packetType)
@@ -519,6 +527,14 @@ public class XmppConnection implements Runnable {
tagWriter.writeTag(startTLS);
}
+ private SharedPreferences getPreferences() {
+ return PreferenceManager.getDefaultSharedPreferences(applicationContext);
+ }
+
+ private boolean enableLegacySSL() {
+ return getPreferences().getBoolean("enable_legacy_ssl", false);
+ }
+
private void switchOverToTls(Tag currentTag) throws XmlPullParserException,
IOException {
tagReader.readTag();
@@ -535,6 +551,21 @@ public class XmppConnection implements Runnable {
socket.getInetAddress().getHostAddress(), socket.getPort(),
true);
+ // Support all protocols except legacy SSL.
+ // The min SDK version prevents us having to worry about SSLv2. In future, this may be
+ // true of SSLv3 as well.
+ final String[] supportProtocols;
+ if (enableLegacySSL()) {
+ supportProtocols = sslSocket.getSupportedProtocols();
+ } else {
+ final List<String> supportedProtocols = new LinkedList<String>(Arrays.asList(
+ sslSocket.getSupportedProtocols()));
+ supportedProtocols.remove("SSLv3");
+ supportProtocols = new String[supportedProtocols.size()];
+ supportedProtocols.toArray(supportProtocols);
+ }
+ sslSocket.setEnabledProtocols(supportProtocols);
+
if (verifier != null
&& !verifier.verify(account.getServer(),
sslSocket.getSession())) {