msb-public
/
FairEmail
mirror of https://github.com/M66B/FairEmail.git
1
0
Code Issues Projects Releases Wiki Activity

Revert protocol/cipher changes

Browse Source
pull/194/merge
M66B 3 years ago
parent d0fa70201b
commit 4ed6a330ba
2 changed files with 8 additions and 29 deletions
Show Stats Download Patch File Download Diff File

29
app/src/main/java/eu/faircode/email/EmailService.java
Unescape View File

@ -963,13 +963,7 @@ public class EmailService implements AutoCloseable {
this.cert_strict = cert_strict; this.cert_strict = cert_strict;
this.trustedFingerprint = fingerprint; this.trustedFingerprint = fingerprint;
SSLContext sslContext; SSLContext sslContext = SSLContext.getInstance("TLS");
try {
sslContext = SSLContext.getInstance("SSL");
} catch (Throwable ex) {
Log.e(ex);
sslContext = SSLContext.getInstance("TLS");
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init((KeyStore) null); tmf.init((KeyStore) null);
@ -1153,23 +1147,17 @@ public class EmailService implements AutoCloseable {
if (socket instanceof SSLSocket) { if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket; SSLSocket sslSocket = (SSLSocket) socket;
if (BuildConfig.TEST_RELEASE) {
List<String> protocols = new ArrayList<>(Arrays.asList(sslSocket.getEnabledProtocols()));
List<String> ciphers = new ArrayList<>(Arrays.asList(sslSocket.getEnabledCipherSuites()));
for (String protocol : sslSocket.getSupportedProtocols())
Log.e("SSL " + protocol + "=" + protocols.contains(protocol));
for (String cipher : sslSocket.getSupportedCipherSuites())
Log.e("SSL " + cipher + "=" + protocols.contains(cipher));
}
if (!secure) { if (!secure) {
// Protocols
sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols()); sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
// Ciphers
List<String> ciphers = new ArrayList<>(); List<String> ciphers = new ArrayList<>();
ciphers.addAll(Arrays.asList(sslSocket.getSupportedCipherSuites())); ciphers.addAll(Arrays.asList(sslSocket.getSupportedCipherSuites()));
ciphers.remove("TLS_FALLBACK_SCSV"); ciphers.remove("TLS_FALLBACK_SCSV");
sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0])); sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0]));
} else if (ssl_harden) { } else if (ssl_harden) {
// Protocols
List<String> protocols = new ArrayList<>(); List<String> protocols = new ArrayList<>();
for (String protocol : sslSocket.getEnabledProtocols()) for (String protocol : sslSocket.getEnabledProtocols())
if (SSL_PROTOCOL_BLACKLIST.contains(protocol)) if (SSL_PROTOCOL_BLACKLIST.contains(protocol))
@ -1178,6 +1166,7 @@ public class EmailService implements AutoCloseable {
protocols.add(protocol); protocols.add(protocol);
sslSocket.setEnabledProtocols(protocols.toArray(new String[0])); sslSocket.setEnabledProtocols(protocols.toArray(new String[0]));
// Ciphers
List<String> ciphers = new ArrayList<>(); List<String> ciphers = new ArrayList<>();
for (String cipher : sslSocket.getEnabledCipherSuites()) { for (String cipher : sslSocket.getEnabledCipherSuites()) {
if (SSL_CIPHER_BLACKLIST.matcher(cipher).matches()) if (SSL_CIPHER_BLACKLIST.matcher(cipher).matches())
@ -1187,15 +1176,11 @@ public class EmailService implements AutoCloseable {
} }
sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0])); sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0]));
} else { } else {
// Enable SSLv3 if available // Ciphers
sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
List<String> ciphers = new ArrayList<>(); List<String> ciphers = new ArrayList<>();
ciphers.addAll(Arrays.asList(sslSocket.getEnabledCipherSuites())); ciphers.addAll(Arrays.asList(sslSocket.getEnabledCipherSuites()));
ciphers.remove("TLS_FALLBACK_SCSV");
for (String cipher : sslSocket.getSupportedCipherSuites()) for (String cipher : sslSocket.getSupportedCipherSuites())
if (!ciphers.contains(cipher) && if (!ciphers.contains(cipher) && cipher.contains("3DES")) {
(cipher.contains("3DES") || cipher.contains("RC4"))) {
// Some servers support 3DES and RC4 only // Some servers support 3DES and RC4 only
Log.i("SSL enabling cipher=" + cipher); Log.i("SSL enabling cipher=" + cipher);
ciphers.add(cipher); ciphers.add(cipher);

8
app/src/main/java/eu/faircode/email/Log.java
Unescape View File

@ -2711,13 +2711,7 @@ public class Log {
for (TrustManager tm : tms) for (TrustManager tm : tms)
ssb.append("Manager: ").append(tm.getClass().getName()).append("\r\n"); ssb.append("Manager: ").append(tm.getClass().getName()).append("\r\n");
SSLContext sslContext; SSLContext sslContext = SSLContext.getInstance("TLS");
try {
sslContext = SSLContext.getInstance("SSL");
} catch (Throwable ex) {
Log.e(ex);
sslContext = SSLContext.getInstance("TLS");
}
ssb.append("Context: ").append(sslContext.getProtocol()).append("\r\n\r\n"); ssb.append("Context: ").append(sslContext.getProtocol()).append("\r\n\r\n");

Write Preview
Loading…
Cancel
Save