From d628a7e808c68682ed6fac33970659781129f511 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Fri, 30 Dec 2022 02:38:25 +0100 Subject: try tls 1.3 during bootstrapping --- .../providersetup/connectivity/TLSCompatSocketFactory.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity') diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java index cc68b5a8..1420d666 100644 --- a/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java +++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java @@ -28,8 +28,7 @@ import se.leap.bitmaskclient.base.utils.ConfigHelper; /** * Created by cyberta on 24.10.17. - * This class ensures that modern TLS algorithms will also be used on old devices (Android 4.1 - Android 4.4.4) in order to avoid - * attacks like POODLE. + * This class ensures that modern TLS algorithms will also be used on old devices */ public class TLSCompatSocketFactory extends SSLSocketFactory { @@ -150,9 +149,8 @@ public class TLSCompatSocketFactory extends SSLSocketFactory { } private Socket enableTLSOnSocket(Socket socket) throws IllegalArgumentException { - if(socket != null && (socket instanceof SSLSocket)) { - ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.2"}); - //TODO: add a android version check as soon as a new Android API or bcjsse supports TLSv1.3 + if((socket instanceof SSLSocket)) { + ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.3", "TLSv1.2"}); } return socket; -- cgit v1.2.3