From 4ea8965db5477294308fa098a8739e53b907eb91 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Sun, 24 May 2020 17:36:26 +0200
Subject: [PATCH] Allow insecure protocols and ciphers when insecure
 connections are enabled (default disabled)

---
 .../main/java/eu/faircode/email/EmailService.java    | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/src/main/java/eu/faircode/email/EmailService.java b/app/src/main/java/eu/faircode/email/EmailService.java
index 74d851d517..4994e123a8 100644
--- a/app/src/main/java/eu/faircode/email/EmailService.java
+++ b/app/src/main/java/eu/faircode/email/EmailService.java
@@ -769,13 +769,14 @@ public class EmailService implements AutoCloseable {
         }
 
         private Socket configure(Socket socket) {
-            if (harden && socket instanceof SSLSocket) {
+            if (socket instanceof SSLSocket) {
                 // https://developer.android.com/reference/javax/net/ssl/SSLSocket.html
                 SSLSocket sslSocket = (SSLSocket) socket;
 
                 List<String> protocols = new ArrayList<>();
-                for (String protocol : sslSocket.getEnabledProtocols())
-                    if (SSL_PROTOCOL_BLACKLIST.contains(protocol))
+                for (String protocol :
+                        secure ? sslSocket.getEnabledProtocols() : sslSocket.getSupportedProtocols())
+                    if (secure && harden && SSL_PROTOCOL_BLACKLIST.contains(protocol))
                         Log.i("SSL disabling protocol=" + protocol);
                     else
                         protocols.add(protocol);
@@ -783,8 +784,9 @@ public class EmailService implements AutoCloseable {
                 sslSocket.setEnabledProtocols(protocols.toArray(new String[0]));
 
                 ArrayList<String> ciphers = new ArrayList<>();
-                for (String cipher : sslSocket.getEnabledCipherSuites()) {
-                    if (SSL_CIPHER_BLACKLIST.matcher(cipher).matches())
+                for (String cipher :
+                        secure ? sslSocket.getEnabledCipherSuites() : sslSocket.getSupportedCipherSuites()) {
+                    if (secure && harden && SSL_CIPHER_BLACKLIST.matcher(cipher).matches())
                         Log.i("SSL disabling cipher=" + cipher);
                     else
                         ciphers.add(cipher);