arno/etesync-android
1
0
Fork 0
mirror of https://github.com/etesync/android synced 2025-03-06 18:27:05 +00:00
Code Issues Releases Wiki Activity

Various fixes

Browse Source 
* fix minor translation issue that caused DAVdroid to crash when showing an I/O error
* don't select TLS ciphers for Android 5.0+ (it has more secure default settings); closes #344
This commit is contained in:
rfc2822 2014-11-09 19:58:07 +01:00
parent 487509cb0c
commit cfc71542f5
5 changed files with 50 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
AndroidManifest.xml
View File

@ -1,8 +1,8 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" <manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="at.bitfire.davdroid" package="at.bitfire.davdroid"
android:versionCode="45" android:versionCode="46"
android:versionName="0.6.7" android:installLocation="internalOnly"> android:versionName="0.6.7.1" android:installLocation="internalOnly">
<uses-sdk <uses-sdk
android:minSdkVersion="14" android:minSdkVersion="14"

2
res/layout/login_email.xml
View File

@ -29,7 +29,7 @@
android:layout_width="0dp" android:layout_width="0dp"
android:scrollHorizontally="true" android:scrollHorizontally="true"
android:scrollbars="horizontal" android:scrollbars="horizontal"
android:hint="myaccount@icloud.com"> android:hint="myaccount@myservice.com">
<requestFocus /> <requestFocus />
</EditText> </EditText>

2
src/at/bitfire/davdroid/Constants.java
View File

@ -9,7 +9,7 @@ package at.bitfire.davdroid;
public class Constants { public class Constants {
public static final String public static final String
APP_VERSION = "0.6.7", APP_VERSION = "0.6.7.1",
ACCOUNT_TYPE = "bitfire.at.davdroid", ACCOUNT_TYPE = "bitfire.at.davdroid",
WEB_URL_HELP = "http://davdroid.bitfire.at/configuration?pk_campaign=davdroid-app", WEB_URL_HELP = "http://davdroid.bitfire.at/configuration?pk_campaign=davdroid-app",

2
src/at/bitfire/davdroid/syncadapter/QueryServerDialogFragment.java
View File

@ -113,7 +113,7 @@ public class QueryServerDialogFragment extends DialogFragment implements LoaderC
} catch (URISyntaxException e) { } catch (URISyntaxException e) {
serverInfo.setErrorMessage(getContext().getString(R.string.exception_uri_syntax, e.getMessage())); serverInfo.setErrorMessage(getContext().getString(R.string.exception_uri_syntax, e.getMessage()));
} catch (IOException e) { } catch (IOException e) {
serverInfo.setErrorMessage(getContext().getString(R.string.login_exception_io, e.getLocalizedMessage())); serverInfo.setErrorMessage(getContext().getString(R.string.exception_io, e.getLocalizedMessage()));
} catch (HttpException e) { } catch (HttpException e) {
Log.e(TAG, "HTTP error while querying server info", e); Log.e(TAG, "HTTP error while querying server info", e);
serverInfo.setErrorMessage(getContext().getString(R.string.exception_http, e.getLocalizedMessage())); serverInfo.setErrorMessage(getContext().getString(R.string.exception_http, e.getLocalizedMessage()));

84
src/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
View File

@ -127,9 +127,13 @@ public class TlsSniSocketFactory implements LayeredConnectionSocketFactory {
@SuppressLint("DefaultLocale") @SuppressLint("DefaultLocale")
private void setReasonableEncryption(SSLSocket ssl) { private void setReasonableEncryption(SSLSocket ssl) {
// set reasonable SSL/TLS settings before the handshake: // set reasonable SSL/TLS settings before the handshake
// - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <4.4.3, if available) // Android 5.0+ (API level21) provides reasonable default settings
// but it still allows SSLv3
// https://developer.android.com/about/versions/android-5.0-changes.html#ssl
// - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <5.0, if available)
// - remove all SSL versions (especially SSLv3) because they're insecure now // - remove all SSL versions (especially SSLv3) because they're insecure now
List<String> protocols = new LinkedList<String>(); List<String> protocols = new LinkedList<String>();
for (String protocol : ssl.getSupportedProtocols()) for (String protocol : ssl.getSupportedProtocols())
@ -138,43 +142,45 @@ public class TlsSniSocketFactory implements LayeredConnectionSocketFactory {
Log.v(TAG, "Setting allowed TLS protocols: " + StringUtils.join(protocols, ", ")); Log.v(TAG, "Setting allowed TLS protocols: " + StringUtils.join(protocols, ", "));
ssl.setEnabledProtocols(protocols.toArray(new String[0])); ssl.setEnabledProtocols(protocols.toArray(new String[0]));
// choose secure cipher suites if (android.os.Build.VERSION.SDK_INT < 21) {
List<String> allowedCiphers = Arrays.asList(new String[] { // choose secure cipher suites
// allowed secure ciphers according to NIST.SP.800-52r1.pdf Section 3.3.1 (see docs directory) List<String> allowedCiphers = Arrays.asList(new String[] {
// TLS 1.2 // allowed secure ciphers according to NIST.SP.800-52r1.pdf Section 3.3.1 (see docs directory)
"TLS_RSA_WITH_AES_256_GCM_SHA384", // TLS 1.2
"TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
// maximum interoperability "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA", // maximum interoperability
"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
// additionally "TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA", // additionally
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
}); "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
});
List<String> availableCiphers = Arrays.asList(ssl.getSupportedCipherSuites());
List<String> availableCiphers = Arrays.asList(ssl.getSupportedCipherSuites());
// preferred ciphers = allowed Ciphers \ availableCiphers
HashSet<String> preferredCiphers = new HashSet<String>(allowedCiphers); // preferred ciphers = allowed Ciphers \ availableCiphers
preferredCiphers.retainAll(availableCiphers); HashSet<String> preferredCiphers = new HashSet<String>(allowedCiphers);
preferredCiphers.retainAll(availableCiphers);
// add preferred ciphers to enabled ciphers
// for maximum security, preferred ciphers should *replace* enabled ciphers, // add preferred ciphers to enabled ciphers
// but I guess for the security level of DAVdroid, disabling of insecure // for maximum security, preferred ciphers should *replace* enabled ciphers,
// ciphers should be a server-side task // but I guess for the security level of DAVdroid, disabling of insecure
HashSet<String> enabledCiphers = new HashSet<String>(Arrays.asList(ssl.getEnabledCipherSuites())); // ciphers should be a server-side task
enabledCiphers.addAll(preferredCiphers); HashSet<String> enabledCiphers = preferredCiphers;
enabledCiphers.addAll(new HashSet<String>(Arrays.asList(ssl.getEnabledCipherSuites())));
Log.v(TAG, "Setting allowed TLS ciphers: " + StringUtils.join(enabledCiphers, ", "));
ssl.setEnabledCipherSuites(enabledCiphers.toArray(new String[0])); Log.v(TAG, "Setting allowed TLS ciphers: " + StringUtils.join(enabledCiphers, ", "));
ssl.setEnabledCipherSuites(enabledCiphers.toArray(new String[0]));
}
} }
} }