1
0
mirror of https://github.com/moparisthebest/k-9 synced 2025-01-13 06:38:05 -05:00

filter enabled cipher suites by availability

This commit is contained in:
András Veres-Szentkirályi 2013-10-20 10:22:53 +02:00
parent d84ce6ddb9
commit dbc47c7297

View File

@ -16,12 +16,18 @@ import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.*;
public class TrustedSocketFactory implements LayeredSocketFactory {
private SSLSocketFactory mSocketFactory;
private org.apache.http.conn.ssl.SSLSocketFactory mSchemeSocketFactory;
protected static final String ENABLED_CIPHERS[] = {
protected static final String ENABLED_CIPHERS[];
static {
List<String> enabledCiphers = new ArrayList<String>();
try {
String preferredCiphers[] = {
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
@ -38,6 +44,26 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
"SSL_RSA_WITH_RC4_128_MD5",
};
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, null, new SecureRandom());
SSLSocketFactory sf = sslContext.getSocketFactory();
Set<String> supportedCiphers = new HashSet<String>();
Collections.addAll(supportedCiphers, sf.getSupportedCipherSuites());
for (String preferredCipher : preferredCiphers) {
if (supportedCiphers.contains(preferredCipher)) {
enabledCiphers.add(preferredCipher);
}
}
} catch (KeyManagementException kme) {
kme.printStackTrace();
} catch (NoSuchAlgorithmException nsae) {
nsae.printStackTrace();
}
ENABLED_CIPHERS = enabledCiphers.isEmpty() ? null :
enabledCiphers.toArray(new String[enabledCiphers.size()]);
}
protected static final String ENABLED_PROTOCOLS[] = {
"TLSv1.2", "TLSv1.1", "TLSv1"
};
@ -68,7 +94,9 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
}
public static void hardenSocket(SSLSocket sock) {
if (ENABLED_CIPHERS != null) {
sock.setEnabledCipherSuites(ENABLED_CIPHERS);
}
sock.setEnabledProtocols(ENABLED_PROTOCOLS);
}