mirror of
https://github.com/moparisthebest/k-9
synced 2024-12-25 09:08:49 -05:00
filter enabled cipher suites by availability
This commit is contained in:
parent
d84ce6ddb9
commit
dbc47c7297
@ -16,27 +16,53 @@ import java.net.UnknownHostException;
|
||||
import java.security.KeyManagementException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.*;
|
||||
|
||||
public class TrustedSocketFactory implements LayeredSocketFactory {
|
||||
private SSLSocketFactory mSocketFactory;
|
||||
private org.apache.http.conn.ssl.SSLSocketFactory mSchemeSocketFactory;
|
||||
|
||||
protected static final String ENABLED_CIPHERS[] = {
|
||||
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
|
||||
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
|
||||
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
|
||||
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
|
||||
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
|
||||
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
|
||||
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
|
||||
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
|
||||
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
|
||||
"TLS_RSA_WITH_AES_128_CBC_SHA",
|
||||
"TLS_RSA_WITH_AES_256_CBC_SHA",
|
||||
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
"SSL_RSA_WITH_RC4_128_SHA",
|
||||
"SSL_RSA_WITH_RC4_128_MD5",
|
||||
};
|
||||
protected static final String ENABLED_CIPHERS[];
|
||||
|
||||
static {
|
||||
List<String> enabledCiphers = new ArrayList<String>();
|
||||
try {
|
||||
String preferredCiphers[] = {
|
||||
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
|
||||
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
|
||||
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
|
||||
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
|
||||
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
|
||||
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
|
||||
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
|
||||
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
|
||||
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
|
||||
"TLS_RSA_WITH_AES_128_CBC_SHA",
|
||||
"TLS_RSA_WITH_AES_256_CBC_SHA",
|
||||
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
"SSL_RSA_WITH_RC4_128_SHA",
|
||||
"SSL_RSA_WITH_RC4_128_MD5",
|
||||
};
|
||||
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
sslContext.init(null, null, new SecureRandom());
|
||||
SSLSocketFactory sf = sslContext.getSocketFactory();
|
||||
Set<String> supportedCiphers = new HashSet<String>();
|
||||
Collections.addAll(supportedCiphers, sf.getSupportedCipherSuites());
|
||||
|
||||
for (String preferredCipher : preferredCiphers) {
|
||||
if (supportedCiphers.contains(preferredCipher)) {
|
||||
enabledCiphers.add(preferredCipher);
|
||||
}
|
||||
}
|
||||
} catch (KeyManagementException kme) {
|
||||
kme.printStackTrace();
|
||||
} catch (NoSuchAlgorithmException nsae) {
|
||||
nsae.printStackTrace();
|
||||
}
|
||||
ENABLED_CIPHERS = enabledCiphers.isEmpty() ? null :
|
||||
enabledCiphers.toArray(new String[enabledCiphers.size()]);
|
||||
}
|
||||
|
||||
protected static final String ENABLED_PROTOCOLS[] = {
|
||||
"TLSv1.2", "TLSv1.1", "TLSv1"
|
||||
@ -68,7 +94,9 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
|
||||
}
|
||||
|
||||
public static void hardenSocket(SSLSocket sock) {
|
||||
sock.setEnabledCipherSuites(ENABLED_CIPHERS);
|
||||
if (ENABLED_CIPHERS != null) {
|
||||
sock.setEnabledCipherSuites(ENABLED_CIPHERS);
|
||||
}
|
||||
sock.setEnabledProtocols(ENABLED_PROTOCOLS);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user