From 1bfb78ee51434da589fb6ace1387d83e2ca33ec1 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Sun, 10 Nov 2013 00:25:10 +0000 Subject: [PATCH] Use TrustedSocketFactory for STARTTLS. The TrustedSocketFactory, which provides goodies like better cipher suites and TLSv1.2, was only being used for tunnelled connections. Use it for STARTTLS connections as well. --- src/com/fsck/k9/mail/store/ImapStore.java | 4 ++-- src/com/fsck/k9/mail/store/Pop3Store.java | 4 ++-- src/com/fsck/k9/mail/store/TrustedSocketFactory.java | 8 ++++++++ src/com/fsck/k9/mail/transport/SmtpTransport.java | 4 ++-- 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/com/fsck/k9/mail/store/ImapStore.java b/src/com/fsck/k9/mail/store/ImapStore.java index 5c8d93981..a71a95aaf 100644 --- a/src/com/fsck/k9/mail/store/ImapStore.java +++ b/src/com/fsck/k9/mail/store/ImapStore.java @@ -2504,8 +2504,8 @@ public class ImapStore extends Store { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mSettings.getHost(), secure) }, new SecureRandom()); - mSocket = sslContext.getSocketFactory().createSocket(mSocket, mSettings.getHost(), mSettings.getPort(), - true); + mSocket = TrustedSocketFactory.createSocket(sslContext, mSocket, + mSettings.getHost(), mSettings.getPort(), true); mSocket.setSoTimeout(Store.SOCKET_READ_TIMEOUT); mIn = new PeekableInputStream(new BufferedInputStream(mSocket .getInputStream(), 1024)); diff --git a/src/com/fsck/k9/mail/store/Pop3Store.java b/src/com/fsck/k9/mail/store/Pop3Store.java index 1621c1527..26e37d1dd 100644 --- a/src/com/fsck/k9/mail/store/Pop3Store.java +++ b/src/com/fsck/k9/mail/store/Pop3Store.java @@ -359,8 +359,8 @@ public class Pop3Store extends Store { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mHost, secure) }, new SecureRandom()); - mSocket = sslContext.getSocketFactory().createSocket(mSocket, mHost, mPort, - true); + mSocket = TrustedSocketFactory.createSocket(sslContext, mSocket, mHost, + mPort, true); mSocket.setSoTimeout(Store.SOCKET_READ_TIMEOUT); mIn = new BufferedInputStream(mSocket.getInputStream(), 1024); mOut = new BufferedOutputStream(mSocket.getOutputStream(), 512); diff --git a/src/com/fsck/k9/mail/store/TrustedSocketFactory.java b/src/com/fsck/k9/mail/store/TrustedSocketFactory.java index 5268c01ee..2dd319251 100644 --- a/src/com/fsck/k9/mail/store/TrustedSocketFactory.java +++ b/src/com/fsck/k9/mail/store/TrustedSocketFactory.java @@ -85,6 +85,14 @@ public class TrustedSocketFactory { return socket; } + public static Socket createSocket(SSLContext sslContext, Socket s, String host, int port, + boolean autoClose) throws IOException { + SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket(s, host, port, autoClose); + hardenSocket(socket); + + return socket; + } + private static void hardenSocket(SSLSocket sock) { if (ENABLED_CIPHERS != null) { sock.setEnabledCipherSuites(ENABLED_CIPHERS); diff --git a/src/com/fsck/k9/mail/transport/SmtpTransport.java b/src/com/fsck/k9/mail/transport/SmtpTransport.java index 4e71d3ee8..daf147326 100644 --- a/src/com/fsck/k9/mail/transport/SmtpTransport.java +++ b/src/com/fsck/k9/mail/transport/SmtpTransport.java @@ -304,8 +304,8 @@ public class SmtpTransport extends Transport { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mHost, secure) }, new SecureRandom()); - mSocket = sslContext.getSocketFactory().createSocket(mSocket, mHost, mPort, - true); + mSocket = TrustedSocketFactory.createSocket(sslContext, mSocket, mHost, + mPort, true); mIn = new PeekableInputStream(new BufferedInputStream(mSocket.getInputStream(), 1024)); mOut = mSocket.getOutputStream();