use TLSv1.2 as SSL context on supported plattforms

Daniel Gultsch created 10 years ago

Change summary

src/main/java/eu/siacs/conversations/http/HttpConnectionManager.java |  3 
src/main/java/eu/siacs/conversations/utils/SSLSocketHelper.java      | 11 
src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java        |  2 
3 files changed, 14 insertions(+), 2 deletions(-)

Detailed changes

src/main/java/eu/siacs/conversations/http/HttpConnectionManager.java 🔗

@@ -23,6 +23,7 @@ import eu.siacs.conversations.entities.Message;
 import eu.siacs.conversations.services.AbstractConnectionManager;
 import eu.siacs.conversations.services.XmppConnectionService;
 import eu.siacs.conversations.utils.CryptoHelper;
+import eu.siacs.conversations.utils.SSLSocketHelper;
 
 public class HttpConnectionManager extends AbstractConnectionManager {
 
@@ -76,7 +77,7 @@ public class HttpConnectionManager extends AbstractConnectionManager {
 							new StrictHostnameVerifier());
 		}
 		try {
-			final SSLContext sc = SSLContext.getInstance("TLS");
+			final SSLContext sc = SSLSocketHelper.getSSLContext();
 			sc.init(null, new X509TrustManager[]{trustManager},
 					mXmppConnectionService.getRNG());

src/main/java/eu/siacs/conversations/utils/SSLSocketHelper.java 🔗

@@ -1,11 +1,14 @@
 package eu.siacs.conversations.utils;
 
+import android.os.Build;
+
 import java.lang.reflect.Method;
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.LinkedList;
 
+import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 
@@ -59,4 +62,12 @@ public class SSLSocketHelper {
 			// ignore any error, we just can't set the alpn protocol...
 		}
 	}
+
+	public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
+		if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
+			return SSLContext.getInstance("TLSv1.2");
+		} else {
+			return SSLContext.getInstance("TLS");
+		}
+	}
 }

src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java 🔗

@@ -408,7 +408,7 @@ public class XmppConnection implements Runnable {
 	}
 
 	private TlsFactoryVerifier getTlsFactoryVerifier() throws NoSuchAlgorithmException, KeyManagementException, IOException {
-		final SSLContext sc = SSLContext.getInstance("TLS");
+		final SSLContext sc = SSLSocketHelper.getSSLContext();
 		MemorizingTrustManager trustManager = this.mXmppConnectionService.getMemorizingTrustManager();
 		KeyManager[] keyManager;
 		if (account.getPrivateKeyAlias() != null && account.getPassword().isEmpty()) {