diff options
Diffstat (limited to 'app/src')
-rw-r--r-- | app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java | 5 | ||||
-rw-r--r-- | app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java | 8 |
2 files changed, 8 insertions, 5 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java b/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java index 828ef27d..0ccef0ae 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java @@ -34,6 +34,10 @@ import androidx.appcompat.app.AppCompatDelegate; import androidx.localbroadcastmanager.content.LocalBroadcastManager; import androidx.multidex.MultiDexApplication; +import org.conscrypt.Conscrypt; + +import java.security.Security; + import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.appUpdate.DownloadBroadcastReceiver; import se.leap.bitmaskclient.base.models.ProviderObservable; @@ -59,6 +63,7 @@ public class BitmaskApp extends MultiDexApplication { super.onCreate(); // Normal app init code...*/ PRNGFixes.apply(); + Security.insertProviderAt(Conscrypt.newProvider(), 1); SharedPreferences preferences = getSharedPreferences(SHARED_PREFERENCES, MODE_PRIVATE); providerObservable = ProviderObservable.getInstance(); providerObservable.updateProvider(getSavedProviderFromSharedPreferences(preferences)); diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java index cc68b5a8..1420d666 100644 --- a/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java +++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java @@ -28,8 +28,7 @@ import se.leap.bitmaskclient.base.utils.ConfigHelper; /** * Created by cyberta on 24.10.17. - * This class ensures that modern TLS algorithms will also be used on old devices (Android 4.1 - Android 4.4.4) in order to avoid - * attacks like POODLE. + * This class ensures that modern TLS algorithms will also be used on old devices */ public class TLSCompatSocketFactory extends SSLSocketFactory { @@ -150,9 +149,8 @@ public class TLSCompatSocketFactory extends SSLSocketFactory { } private Socket enableTLSOnSocket(Socket socket) throws IllegalArgumentException { - if(socket != null && (socket instanceof SSLSocket)) { - ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.2"}); - //TODO: add a android version check as soon as a new Android API or bcjsse supports TLSv1.3 + if((socket instanceof SSLSocket)) { + ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.3", "TLSv1.2"}); } return socket; |