Exception handling, verbose TLS logs

* handle IllegalArgumentException in Tasks provider (show LocalStorageException notification) (closes #601) * add more verbose TLS cipher logs (see #608)
2025-02-03 19:31:12 +00:00 · 2015-08-25 22:04:45 +02:00 · 2015-08-25 22:04:45 +02:00 · 97ae121331
commit 97ae121331
parent 31f5be01b4
2 changed files with 12 additions and 8 deletions
--- a/app/src/main/java/at/bitfire/davdroid/resource/LocalCollection.java
+++ b/app/src/main/java/at/bitfire/davdroid/resource/LocalCollection.java
@ -378,7 +378,7 @@ public abstract class LocalCollection<T extends Resource> {
 							affected = 1;
                Log.d(TAG, "... " + affected + " record(s) affected");
 				pendingOperations.clear();
-			} catch(OperationApplicationException | RemoteException ex) {
+			} catch(IllegalArgumentException|OperationApplicationException|RemoteException ex) {
 				throw new LocalStorageException(ex);
 			}
        return affected;
--- a/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
+++ b/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
@ -55,9 +55,9 @@ public class TlsSniSocketFactory extends SSLConnectionSocketFactory {
 			Log.v(TAG, "Setting allowed TLS protocols: " + StringUtils.join(protocols, ", "));
 			TlsSniSocketFactory.protocols = protocols.toArray(new String[protocols.size()]);

-			/* set reasonable cipher suites */
+			/* set up reasonable cipher suites */
 			if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
-				// choose secure cipher suites
+				// choose known secure cipher suites
 				List<String> allowedCiphers = Arrays.asList(
 				        // TLS 1.2
                        "TLS_RSA_WITH_AES_256_GCM_SHA384",
@ -78,19 +78,23 @@ public class TlsSniSocketFactory extends SSLConnectionSocketFactory {
                        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");

 				List<String> availableCiphers = Arrays.asList(socket.getSupportedCipherSuites());
+				Log.v(TAG, "Available cipher suites: " + StringUtils.join(availableCiphers, ", "));
+				Log.v(TAG, "Cipher suites enabled by default: " + StringUtils.join(socket.getEnabledCipherSuites(), ", "));

-				// preferred ciphers = allowed Ciphers \ availableCiphers
+				// take all allowed ciphers that are available and put them into preferredCiphers
 				HashSet<String> preferredCiphers = new HashSet<>(allowedCiphers);
 				preferredCiphers.retainAll(availableCiphers);

+				/* For maximum security, preferredCiphers should *replace* enabled ciphers (thus disabling
+				 * ciphers which are enabled by default, but have become unsecure), but I guess for
+				 * the security level of DAVdroid and maximum compatibility, disabling of insecure
+				 * ciphers should be a server-side task */
+
 				// add preferred ciphers to enabled ciphers
-				// for maximum security, preferred ciphers should *replace* enabled ciphers,
-				// but I guess for the security level of DAVdroid, disabling of insecure
-				// ciphers should be a server-side task
 				HashSet<String> enabledCiphers = preferredCiphers;
 				enabledCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites())));

-				Log.v(TAG, "Setting allowed TLS ciphers: " + StringUtils.join(enabledCiphers, ", "));
+				Log.v(TAG, "Enabling (only) those TLS ciphers: " + StringUtils.join(enabledCiphers, ", "));
 				TlsSniSocketFactory.cipherSuites = enabledCiphers.toArray(new String[enabledCiphers.size()]);
 			}
 		} catch (IOException e) {