aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorScott Jackson <daneren2005@gmail.com>2014-11-22 11:27:31 -0800
committerScott Jackson <daneren2005@gmail.com>2014-11-22 11:27:31 -0800
commit9ff2bc9954135bd68d1b60b5466a37cc765cb2f1 (patch)
treeef86dd754194344fb8a299b009a77994b28edb62
parent10cc799d339efb67839e13e25d13946f45602eb7 (diff)
downloaddsub-9ff2bc9954135bd68d1b60b5466a37cc765cb2f1.tar.gz
dsub-9ff2bc9954135bd68d1b60b5466a37cc765cb2f1.tar.bz2
dsub-9ff2bc9954135bd68d1b60b5466a37cc765cb2f1.zip
Remove ciphers which don't play nice with stock Subsonic on latest L release
-rw-r--r--src/github/daneren2005/dsub/service/ssl/SSLSocketFactory.java49
1 files changed, 41 insertions, 8 deletions
diff --git a/src/github/daneren2005/dsub/service/ssl/SSLSocketFactory.java b/src/github/daneren2005/dsub/service/ssl/SSLSocketFactory.java
index 2f11730a..3b1203c7 100644
--- a/src/github/daneren2005/dsub/service/ssl/SSLSocketFactory.java
+++ b/src/github/daneren2005/dsub/service/ssl/SSLSocketFactory.java
@@ -49,6 +49,7 @@ import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
+import java.lang.reflect.Array;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
@@ -58,8 +59,13 @@ import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
import java.security.SecureRandom;
+import java.security.Security;
import java.security.UnrecoverableKeyException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
/**
* Layered socket factory for TLS/SSL connections.
@@ -144,8 +150,6 @@ import java.security.UnrecoverableKeyException;
public class SSLSocketFactory implements LayeredSocketFactory {
private static final String TAG = SSLSocketFactory.class.getSimpleName();
public static final String TLS = "TLS";
- public static final String SSL = "SSL";
- public static final String SSLV2 = "SSLv2";
public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER
= new AllowAllHostnameVerifier();
@@ -343,16 +347,18 @@ public class SSLSocketFactory implements LayeredSocketFactory {
@SuppressWarnings("cast")
public Socket createSocket(final HttpParams params) throws IOException {
// the cast makes sure that the factory is working as expected
- SSLSocket sslsocket = (SSLSocket) this.socketfactory.createSocket();
- sslsocket.setEnabledProtocols(sslsocket.getSupportedProtocols());
- return sslsocket;
+ SSLSocket sslSocket = (SSLSocket) this.socketfactory.createSocket();
+ sslSocket.setEnabledProtocols(getProtocols(sslSocket));
+ sslSocket.setEnabledCipherSuites(getCiphers(sslSocket));
+ return sslSocket;
}
@SuppressWarnings("cast")
public Socket createSocket() throws IOException {
// the cast makes sure that the factory is working as expected
SSLSocket sslSocket = (SSLSocket) this.socketfactory.createSocket();
- sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
+ sslSocket.setEnabledProtocols(getProtocols(sslSocket));
+ sslSocket.setEnabledCipherSuites(getCiphers(sslSocket));
return sslSocket;
}
@@ -444,7 +450,8 @@ public class SSLSocketFactory implements LayeredSocketFactory {
port,
autoClose
);
- sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
+ sslSocket.setEnabledProtocols(getProtocols(sslSocket));
+ sslSocket.setEnabledCipherSuites(getCiphers(sslSocket));
if (this.hostnameVerifier != null) {
this.hostnameVerifier.verify(host, sslSocket);
}
@@ -500,7 +507,8 @@ public class SSLSocketFactory implements LayeredSocketFactory {
final String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
SSLSocket sslSocket = (SSLSocket) this.socketfactory.createSocket(socket, host, port, autoClose);
- sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
+ sslSocket.setEnabledProtocols(getProtocols(sslSocket));
+ sslSocket.setEnabledCipherSuites(getCiphers(sslSocket));
setHostName(sslSocket, host);
return sslSocket;
}
@@ -513,4 +521,29 @@ public class SSLSocketFactory implements LayeredSocketFactory {
Log.w(TAG, "SNI not useable", e);
}
}
+
+ private String[] getProtocols(SSLSocket sslSocket) {
+ String[] protocols = sslSocket.getEnabledProtocols();
+
+ // Remove SSLv3 if it is not the only option
+ if(protocols.length > 1) {
+ List<String> protocolList = new ArrayList(Arrays.asList(protocols));
+ protocolList.remove("SSLv3");
+ protocols = protocolList.toArray(new String[protocolList.size()]);
+ }
+
+ return protocols;
+ }
+
+ private String[] getCiphers(SSLSocket sslSocket) {
+ String[] ciphers = sslSocket.getEnabledCipherSuites();
+
+ List<String> enabledCiphers = new ArrayList(Arrays.asList(ciphers));
+ // On Android 5.0 release, Jetty doesn't seem to play nice with these ciphers
+ enabledCiphers.remove("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
+ enabledCiphers.remove("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
+
+ ciphers = enabledCiphers.toArray(new String[enabledCiphers.size()]);
+ return ciphers;
+ }
}