Use platform ciphers as well, just prefer ours

Sam Whited created 11 years ago

Change summary

src/main/java/eu/siacs/conversations/Config.java              |  4 
src/main/java/eu/siacs/conversations/http/HttpConnection.java |  2 
src/main/java/eu/siacs/conversations/utils/CryptoHelper.java  | 12 ++--
src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java |  3 
4 files changed, 12 insertions(+), 9 deletions(-)

Detailed changes

src/main/java/eu/siacs/conversations/Config.java 🔗

@@ -34,8 +34,8 @@ public final class Config {
 		"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384",
 		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256",
 		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-		"TLS_ECDHE_RSA_AES_128_SHA",
-		"TLS_ECDHE_RSA_AES_256_SHA",
+		"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+		"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
 
 		"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
 		"TLS_DHE_RSA_WITH_AES_128_GCM_SHA384",

src/main/java/eu/siacs/conversations/http/HttpConnection.java 🔗

@@ -148,7 +148,7 @@ public class HttpConnection implements Downloadable {
 					mXmppConnectionService.getRNG());
 
 			final SSLSocketFactory sf = sc.getSocketFactory();
-			final String[] cipherSuites = CryptoHelper.getSupportedCipherSuites(
+			final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
 					sf.getSupportedCipherSuites());
 			if (cipherSuites.length > 0) {
 				sc.getDefaultSSLParameters().setCipherSuites(cipherSuites);

src/main/java/eu/siacs/conversations/utils/CryptoHelper.java 🔗

@@ -5,6 +5,7 @@ import java.text.Normalizer;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.LinkedHashSet;
+import java.util.List;
 
 import eu.siacs.conversations.Config;
 
@@ -97,10 +98,11 @@ public final class CryptoHelper {
 		return builder.toString();
 	}
 
-	public static String[] getSupportedCipherSuites(final String[] platformSupportedCipherSuites) {
-		//final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
-		//cipherSuites.retainAll(Arrays.asList(platformSupportedCipherSuites));
-		//return cipherSuites.toArray(new String[cipherSuites.size()]);
-		return platformSupportedCipherSuites;
+	public static String[] getOrderedCipherSuites(final String[] platformSupportedCipherSuites) {
+		final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
+		final List<String> platformCiphers = Arrays.asList(platformSupportedCipherSuites);
+		cipherSuites.retainAll(platformCiphers);
+		cipherSuites.addAll(platformCiphers);
+		return cipherSuites.toArray(new String[cipherSuites.size()]);
 	}
 }

src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java 🔗

@@ -515,8 +515,9 @@ public class XmppConnection implements Runnable {
 
 			sslSocket.setEnabledProtocols(supportProtocols);
 
-			final String[] cipherSuites = CryptoHelper.getSupportedCipherSuites(
+			final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
 					sslSocket.getSupportedCipherSuites());
+			Log.d(Config.LOGTAG, "Using ciphers: " + Arrays.toString(cipherSuites));
 			if (cipherSuites.length > 0) {
 				sslSocket.setEnabledCipherSuites(cipherSuites);
 			}