summaryrefslogtreecommitdiff
path: root/app/src/main
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2022-12-30 02:38:25 +0100
committercyBerta <cyberta@riseup.net>2023-04-18 00:52:47 +0200
commitd628a7e808c68682ed6fac33970659781129f511 (patch)
treecdc50942096fd070d9c27a8c163907ff021a03e2 /app/src/main
parent36d2ce3d1c02f3a2e522203b92cc6e98b562650f (diff)
try tls 1.3 during bootstrapping
Diffstat (limited to 'app/src/main')
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java5
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java8
2 files changed, 8 insertions, 5 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java b/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java
index 828ef27d..0ccef0ae 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java
@@ -34,6 +34,10 @@ import androidx.appcompat.app.AppCompatDelegate;
import androidx.localbroadcastmanager.content.LocalBroadcastManager;
import androidx.multidex.MultiDexApplication;
+import org.conscrypt.Conscrypt;
+
+import java.security.Security;
+
import se.leap.bitmaskclient.BuildConfig;
import se.leap.bitmaskclient.appUpdate.DownloadBroadcastReceiver;
import se.leap.bitmaskclient.base.models.ProviderObservable;
@@ -59,6 +63,7 @@ public class BitmaskApp extends MultiDexApplication {
super.onCreate();
// Normal app init code...*/
PRNGFixes.apply();
+ Security.insertProviderAt(Conscrypt.newProvider(), 1);
SharedPreferences preferences = getSharedPreferences(SHARED_PREFERENCES, MODE_PRIVATE);
providerObservable = ProviderObservable.getInstance();
providerObservable.updateProvider(getSavedProviderFromSharedPreferences(preferences));
diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java
index cc68b5a8..1420d666 100644
--- a/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java
+++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java
@@ -28,8 +28,7 @@ import se.leap.bitmaskclient.base.utils.ConfigHelper;
/**
* Created by cyberta on 24.10.17.
- * This class ensures that modern TLS algorithms will also be used on old devices (Android 4.1 - Android 4.4.4) in order to avoid
- * attacks like POODLE.
+ * This class ensures that modern TLS algorithms will also be used on old devices
*/
public class TLSCompatSocketFactory extends SSLSocketFactory {
@@ -150,9 +149,8 @@ public class TLSCompatSocketFactory extends SSLSocketFactory {
}
private Socket enableTLSOnSocket(Socket socket) throws IllegalArgumentException {
- if(socket != null && (socket instanceof SSLSocket)) {
- ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.2"});
- //TODO: add a android version check as soon as a new Android API or bcjsse supports TLSv1.3
+ if((socket instanceof SSLSocket)) {
+ ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.3", "TLSv1.2"});
}
return socket;