Enable all supported TLS protocols (enables TLSv1.1/1.2 if supported by Android version on device, see #229)

10 years ago · f69f449b44
parent 0965c8d3a3
commit f69f449b44
2 changed files with 8 additions and 7 deletions
--- a/src/at/bitfire/davdroid/syncadapter/SyncManager.java
+++ b/src/at/bitfire/davdroid/syncadapter/SyncManager.java
@ -83,8 +83,6 @@ public class SyncManager {
 			}
 		}

-		try { Thread.sleep(2000); } catch (InterruptedException e) { }
-
 		// PHASE 3: pull remote changes from server
 		syncResult.stats.numInserts = pullNew(remotelyAdded.toArray(new Resource[0]));
 		syncResult.stats.numUpdates = pullChanged(remotelyUpdated.toArray(new Resource[0]));
--- a/src/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
+++ b/src/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
@ -29,13 +29,12 @@ import ch.boye.httpclientandroidlib.conn.socket.LayeredConnectionSocketFactory;
 import ch.boye.httpclientandroidlib.conn.ssl.BrowserCompatHostnameVerifier;
 import ch.boye.httpclientandroidlib.protocol.HttpContext;

-@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1)
 public class TlsSniSocketFactory implements LayeredConnectionSocketFactory {
 	private static final String TAG = "davdroid.SNISocketFactory";
 	
 	final static TlsSniSocketFactory INSTANCE = new TlsSniSocketFactory();
 	
-	private final static SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0);
+	private final static SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory)SSLCertificateSocketFactory.getDefault(0);
 	private final static HostnameVerifier hostnameVerifier = new BrowserCompatHostnameVerifier();
 	

@ -44,6 +43,7 @@ public class TlsSniSocketFactory implements LayeredConnectionSocketFactory {
 		return sslSocketFactory.createSocket();
 	}

+	@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1)
 	@Override
 	public Socket connectSocket(int timeout, Socket socket, HttpHost host, InetSocketAddress remoteAddr, InetSocketAddress localAddr, HttpContext context) throws IOException {
 		// we'll rather create a new socket
@ -52,11 +52,14 @@ public class TlsSniSocketFactory implements LayeredConnectionSocketFactory {
 		// create and connect SSL socket, but don't do hostname/certificate verification yet
 		SSLSocket ssl = (SSLSocket)sslSocketFactory.createSocket(remoteAddr.getAddress(), host.getPort());
 		
-		// set up SNI before the handshake
+		// set reasonable SSL/TLS settings before the handshake:
+		// - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <4.4.3, if available)
+		ssl.setEnabledProtocols(ssl.getSupportedProtocols());
+		
+		// - set SNI host name
 		if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-			// Android 4.2+, use documented way to set SNI host name
-			Log.d(TAG, "Setting SNI hostname");
 			sslSocketFactory.setHostname(ssl, host.getHostName());
+			// TODO sslSocketFactory.setUseSessionTickets(ssl, true);
 		} else {
 			Log.d(TAG, "No documented SNI support on Android <4.2, trying with reflection");
 			try {