From fcad5b2f1ba974bcc128f8761eb1b971de03b426 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Wed, 23 Feb 2022 15:46:06 +0100
Subject: [PATCH] Protocol SSL when insecure

---
 app/src/main/java/eu/faircode/email/EmailService.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/src/main/java/eu/faircode/email/EmailService.java b/app/src/main/java/eu/faircode/email/EmailService.java
index c0e747ae0b..d9fdc4f21e 100644
--- a/app/src/main/java/eu/faircode/email/EmailService.java
+++ b/app/src/main/java/eu/faircode/email/EmailService.java
@@ -948,6 +948,7 @@ public class EmailService implements AutoCloseable {
 
     private static class SSLSocketFactoryService extends SSLSocketFactory {
         // openssl s_client -connect host:port < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin
+        // nmap --script ssl-enum-ciphers -Pn -p port host
         private String server;
         private boolean secure;
         private boolean ssl_harden;
@@ -963,7 +964,7 @@ public class EmailService implements AutoCloseable {
             this.cert_strict = cert_strict;
             this.trustedFingerprint = fingerprint;
 
-            SSLContext sslContext = SSLContext.getInstance("TLS");
+            SSLContext sslContext = SSLContext.getInstance(insecure ? "SSL" : "TLS");
 
             TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
             tmf.init((KeyStore) null);