aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSam Whited <sam@samwhited.com>2014-10-18 15:56:59 -0400
committerSam Whited <sam@samwhited.com>2014-10-18 20:22:26 -0400
commit113b7d17361a7da7ae08b0845011070e0c005fc5 (patch)
treed3ddd9379c1d773e760a32e385dd015fabc840d8
parentc4b9d428616ba3efcea00a88158f12922d876e42 (diff)
Remove support for legacy SSL
-rw-r--r--src/eu/siacs/conversations/xmpp/XmppConnection.java10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/eu/siacs/conversations/xmpp/XmppConnection.java b/src/eu/siacs/conversations/xmpp/XmppConnection.java
index 0162af9e..1ac6cb2b 100644
--- a/src/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/eu/siacs/conversations/xmpp/XmppConnection.java
@@ -10,6 +10,7 @@ import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
@@ -519,7 +520,14 @@ public class XmppConnection implements Runnable {
SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket,
socket.getInetAddress().getHostAddress(), socket.getPort(),
true);
- sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
+
+ // Support all protocols except legacy SSL.
+ // The min SDK version prevents us having to worry about SSLv2. In future, this may be
+ // true of SSLv3 as well.
+ final List<String> supportedProtocols = new LinkedList<String>(Arrays.asList(
+ sslSocket.getSupportedProtocols()));
+ supportedProtocols.remove("SSLv3");
+ sslSocket.setEnabledProtocols(supportedProtocols.toArray(new String[supportedProtocols.size()]));
if (verifier != null
&& !verifier.verify(account.getServer(),