diff --git a/FAQ.md b/FAQ.md
index 7f7ee6c269..7cd1afc4c5 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -6284,6 +6284,7 @@ visible as a short delay between tapping on a link and the link confirmation dia
🌎 [Google Translate](https://translate.google.com/translate?sl=en&u=https%3A%2F%2Fm66b.github.io%2FFairEmail%2F%23faq201)
+**Unfortunately, the Certificate Transparency library isn't maintained anymore, and therefore Certificate Transparency has been disabled in version 1.2320.**
Please see [this article](https://certificate.transparency.dev/howctworks/) about what certificate transparency is.
Alternatively, see [this Wikipedia article](https://en.wikipedia.org/wiki/Certificate_Transparency).
diff --git a/app/src/main/java/eu/faircode/email/DebugHelper.java b/app/src/main/java/eu/faircode/email/DebugHelper.java
index 2dce531998..c8e69aef14 100644
--- a/app/src/main/java/eu/faircode/email/DebugHelper.java
+++ b/app/src/main/java/eu/faircode/email/DebugHelper.java
@@ -1211,7 +1211,7 @@ public class DebugHelper {
boolean ssl_harden = prefs.getBoolean("ssl_harden", false);
boolean ssl_harden_strict = (ssl_harden && prefs.getBoolean("ssl_harden_strict", false));
boolean cert_strict = prefs.getBoolean("cert_strict", true);
- boolean cert_transparency = prefs.getBoolean("cert_transparency", false);
+ boolean cert_transparency = (prefs.getBoolean("cert_transparency", false) && false);
boolean open_safe = prefs.getBoolean("open_safe", false);
size += write(os, "timeout=" + timeout + "s" + (timeout == EmailService.DEFAULT_CONNECT_TIMEOUT ? "" : " !!!") + "\r\n");
diff --git a/app/src/main/java/eu/faircode/email/EmailService.java b/app/src/main/java/eu/faircode/email/EmailService.java
index 4405be4a67..cc0f45d127 100644
--- a/app/src/main/java/eu/faircode/email/EmailService.java
+++ b/app/src/main/java/eu/faircode/email/EmailService.java
@@ -216,7 +216,7 @@ public class EmailService implements AutoCloseable {
this.ssl_harden = prefs.getBoolean("ssl_harden", false);
this.ssl_harden_strict = prefs.getBoolean("ssl_harden_strict", false);
this.cert_strict = prefs.getBoolean("cert_strict", true);
- this.cert_transparency = prefs.getBoolean("cert_transparency", false);
+ this.cert_transparency = (prefs.getBoolean("cert_transparency", false) && false);
this.check_names = prefs.getBoolean("check_names", !BuildConfig.PLAY_STORE_RELEASE);
boolean imap_compress = prefs.getBoolean("imap_compress", true);
diff --git a/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java b/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java
index 7a6ba0761a..b2310d0a34 100644
--- a/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java
+++ b/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java
@@ -455,6 +455,7 @@ public class FragmentOptionsConnection extends FragmentBase implements SharedPre
}
});
+ swCertTransparency.setEnabled(false);
swCertTransparency.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener() {
@Override
public void onCheckedChanged(CompoundButton compoundButton, boolean checked) {
@@ -602,7 +603,7 @@ public class FragmentOptionsConnection extends FragmentBase implements SharedPre
boolean ssl_harden = prefs.getBoolean("ssl_harden", false);
boolean ssl_harden_strict = prefs.getBoolean("ssl_harden_strict", false);
boolean cert_strict = prefs.getBoolean("cert_strict", true);
- boolean cert_transparency = prefs.getBoolean("cert_transparency", false);
+ boolean cert_transparency = (prefs.getBoolean("cert_transparency", false) && false);
boolean check_names = prefs.getBoolean("check_names", !BuildConfig.PLAY_STORE_RELEASE);
boolean bc = prefs.getBoolean("bouncy_castle", false);
boolean fips = prefs.getBoolean("bc_fips", false);
@@ -838,7 +839,7 @@ public class FragmentOptionsConnection extends FragmentBase implements SharedPre
swSslHardenStrict.setChecked(prefs.getBoolean("ssl_harden_strict", false));
swSslHardenStrict.setEnabled(swSslHarden.isChecked());
swCertStrict.setChecked(prefs.getBoolean("cert_strict", true));
- swCertTransparency.setChecked(prefs.getBoolean("cert_transparency", false));
+ swCertTransparency.setChecked(prefs.getBoolean("cert_transparency", false) && false);
swCheckNames.setChecked(prefs.getBoolean("check_names", !BuildConfig.PLAY_STORE_RELEASE));
swOpenSafe.setChecked(prefs.getBoolean("open_safe", false));
swHttpRedirect.setChecked(prefs.getBoolean("http_redirect", true));
diff --git a/index.html b/index.html
index a3e452d46e..3ae955de9d 100644
--- a/index.html
+++ b/index.html
@@ -3139,6 +3139,7 @@ adb install /path/to/FairEmail-xxx.apk
(201) What is certificate transparency?
🌎 Google Translate
+Unfortunately, the Certificate Transparency library isn’t maintained anymore, and therefore Certificate Transparency has been disabled in version 1.2320.
Please see this article about what certificate transparency is. Alternatively, see this Wikipedia article.
When certificate transparency is enabled in the connection-settings tab page of the app, the Chrome Certificate Transparency Policy will be applied. The CT log will be downloaded from https://www.gstatic.com/.
FairEmail uses this library to implement certificate transparency via a custom trust manager.