From c4b9d428616ba3efcea00a88158f12922d876e42 Mon Sep 17 00:00:00 2001
From: Sam Whited <sam@samwhited.com>
Date: Thu, 16 Oct 2014 10:02:47 -0400
Subject: Enable all supported protocols including TLSv1.1 and 1.2

---
 src/eu/siacs/conversations/xmpp/XmppConnection.java | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src')

diff --git a/src/eu/siacs/conversations/xmpp/XmppConnection.java b/src/eu/siacs/conversations/xmpp/XmppConnection.java
index 43614f50..0162af9e 100644
--- a/src/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/eu/siacs/conversations/xmpp/XmppConnection.java
@@ -519,6 +519,7 @@ public class XmppConnection implements Runnable {
 			SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket,
 					socket.getInetAddress().getHostAddress(), socket.getPort(),
 					true);
+			sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
 
 			if (verifier != null
 					&& !verifier.verify(account.getServer(),
-- 
cgit v1.2.3


From 113b7d17361a7da7ae08b0845011070e0c005fc5 Mon Sep 17 00:00:00 2001
From: Sam Whited <sam@samwhited.com>
Date: Sat, 18 Oct 2014 15:56:59 -0400
Subject: Remove support for legacy SSL

---
 src/eu/siacs/conversations/xmpp/XmppConnection.java | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/eu/siacs/conversations/xmpp/XmppConnection.java b/src/eu/siacs/conversations/xmpp/XmppConnection.java
index 0162af9e..1ac6cb2b 100644
--- a/src/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/eu/siacs/conversations/xmpp/XmppConnection.java
@@ -10,6 +10,7 @@ import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Hashtable;
 import java.util.List;
@@ -519,7 +520,14 @@ public class XmppConnection implements Runnable {
 			SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket,
 					socket.getInetAddress().getHostAddress(), socket.getPort(),
 					true);
-			sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
+
+			// Support all protocols except legacy SSL.
+			// The min SDK version prevents us having to worry about SSLv2. In future, this may be
+			// true of SSLv3 as well.
+			final List<String> supportedProtocols = new LinkedList<String>(Arrays.asList(
+						sslSocket.getSupportedProtocols()));
+			supportedProtocols.remove("SSLv3");
+			sslSocket.setEnabledProtocols(supportedProtocols.toArray(new String[supportedProtocols.size()]));
 
 			if (verifier != null
 					&& !verifier.verify(account.getServer(),
-- 
cgit v1.2.3


From 6c7c3ddf15aebaedbd4c62e7771bb7e378ebf4ad Mon Sep 17 00:00:00 2001
From: Sam Whited <sam@samwhited.com>
Date: Sun, 19 Oct 2014 15:53:03 -0400
Subject: Add "Enable legacy SSL" preference

---
 .../siacs/conversations/xmpp/XmppConnection.java   | 44 ++++++++++++++++------
 1 file changed, 33 insertions(+), 11 deletions(-)

(limited to 'src')

diff --git a/src/eu/siacs/conversations/xmpp/XmppConnection.java b/src/eu/siacs/conversations/xmpp/XmppConnection.java
index 1ac6cb2b..43469f08 100644
--- a/src/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/eu/siacs/conversations/xmpp/XmppConnection.java
@@ -13,6 +13,7 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Hashtable;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map.Entry;
 
@@ -27,15 +28,19 @@ import org.xmlpull.v1.XmlPullParserException;
 
 import de.duenndns.ssl.MemorizingTrustManager;
 
+import android.content.Context;
+import android.content.SharedPreferences;
 import android.os.Bundle;
 import android.os.PowerManager;
 import android.os.PowerManager.WakeLock;
 import android.os.SystemClock;
+import android.preference.PreferenceManager;
 import android.util.Log;
 import android.util.SparseArray;
 import eu.siacs.conversations.Config;
 import eu.siacs.conversations.entities.Account;
 import eu.siacs.conversations.services.XmppConnectionService;
+import eu.siacs.conversations.ui.StartConversationActivity;
 import eu.siacs.conversations.utils.CryptoHelper;
 import eu.siacs.conversations.utils.DNSHelper;
 import eu.siacs.conversations.utils.zlib.ZLibOutputStream;
@@ -105,6 +110,7 @@ public class XmppConnection implements Runnable {
 	private OnBindListener bindListener = null;
 	private OnMessageAcknowledged acknowledgedListener = null;
 	private MemorizingTrustManager mMemorizingTrustManager;
+    private final Context applicationContext;
 
 	public XmppConnection(Account account, XmppConnectionService service) {
 		this.mRandom = service.getRNG();
@@ -113,6 +119,7 @@ public class XmppConnection implements Runnable {
 		this.wakeLock = service.getPowerManager().newWakeLock(
 				PowerManager.PARTIAL_WAKE_LOCK, account.getJid());
 		tagWriter = new TagWriter();
+        applicationContext = service.getApplicationContext();
 	}
 
 	protected void changeStatus(int nextStatus) {
@@ -363,13 +370,13 @@ public class XmppConnection implements Runnable {
 		iq.addChild("ping", "urn:xmpp:ping");
 		this.sendIqPacket(iq, new OnIqPacketReceived() {
 
-			@Override
-			public void onIqPacketReceived(Account account, IqPacket packet) {
-				Log.d(Config.LOGTAG, account.getJid()
-						+ ": online with resource " + account.getResource());
-				changeStatus(Account.STATUS_ONLINE);
-			}
-		});
+            @Override
+            public void onIqPacketReceived(Account account, IqPacket packet) {
+                Log.d(Config.LOGTAG, account.getJid()
+                        + ": online with resource " + account.getResource());
+                changeStatus(Account.STATUS_ONLINE);
+            }
+        });
 	}
 
 	private Element processPacket(Tag currentTag, int packetType)
@@ -505,6 +512,14 @@ public class XmppConnection implements Runnable {
 		tagWriter.writeTag(startTLS);
 	}
 
+	private SharedPreferences getPreferences() {
+		return PreferenceManager.getDefaultSharedPreferences(applicationContext);
+	}
+
+	private boolean enableLegacySSL() {
+		return getPreferences().getBoolean("enable_legacy_ssl", true);
+	}
+
 	private void switchOverToTls(Tag currentTag) throws XmlPullParserException,
 			IOException {
 		tagReader.readTag();
@@ -524,10 +539,17 @@ public class XmppConnection implements Runnable {
 			// Support all protocols except legacy SSL.
 			// The min SDK version prevents us having to worry about SSLv2. In future, this may be
 			// true of SSLv3 as well.
-			final List<String> supportedProtocols = new LinkedList<String>(Arrays.asList(
-						sslSocket.getSupportedProtocols()));
-			supportedProtocols.remove("SSLv3");
-			sslSocket.setEnabledProtocols(supportedProtocols.toArray(new String[supportedProtocols.size()]));
+			final String[] supportProtocols;
+			if (enableLegacySSL()) {
+				supportProtocols = sslSocket.getSupportedProtocols();
+			} else {
+				final List<String> supportedProtocols = new LinkedList<String>(Arrays.asList(
+							sslSocket.getSupportedProtocols()));
+				supportedProtocols.remove("SSLv3");
+				supportProtocols = new String[supportedProtocols.size()];
+				supportedProtocols.toArray(supportProtocols);
+			}
+			sslSocket.setEnabledProtocols(supportProtocols);
 
 			if (verifier != null
 					&& !verifier.verify(account.getServer(),
-- 
cgit v1.2.3


From 99ee049115587b8d914d2df707d8bf152fdd42f6 Mon Sep 17 00:00:00 2001
From: Sam Whited <sam@samwhited.com>
Date: Sun, 19 Oct 2014 16:11:35 -0400
Subject: Make legacy SSL option default to false

---
 src/eu/siacs/conversations/xmpp/XmppConnection.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/eu/siacs/conversations/xmpp/XmppConnection.java b/src/eu/siacs/conversations/xmpp/XmppConnection.java
index 43469f08..0ae51fb5 100644
--- a/src/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/eu/siacs/conversations/xmpp/XmppConnection.java
@@ -517,7 +517,7 @@ public class XmppConnection implements Runnable {
 	}
 
 	private boolean enableLegacySSL() {
-		return getPreferences().getBoolean("enable_legacy_ssl", true);
+		return getPreferences().getBoolean("enable_legacy_ssl", false);
 	}
 
 	private void switchOverToTls(Tag currentTag) throws XmlPullParserException,
-- 
cgit v1.2.3