From d628a7e808c68682ed6fac33970659781129f511 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Fri, 30 Dec 2022 02:38:25 +0100 Subject: try tls 1.3 during bootstrapping --- app/build.gradle | 1 + app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java | 5 +++++ .../providersetup/connectivity/TLSCompatSocketFactory.java | 8 +++----- 3 files changed, 9 insertions(+), 5 deletions(-) (limited to 'app') diff --git a/app/build.gradle b/app/build.gradle index 0a4591d2..07cf4ca5 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -428,6 +428,7 @@ dependencies { implementation 'com.google.code.gson:gson:2.8.6' implementation 'com.squareup.okhttp3:okhttp:4.10.0' implementation 'com.squareup.okhttp3:okhttp-dnsoverhttps:4.10.0' + implementation 'org.conscrypt:conscrypt-android:2.5.2' implementation 'androidx.legacy:legacy-support-core-utils:1.0.0' implementation 'androidx.annotation:annotation:1.4.0' implementation 'androidx.legacy:legacy-support-v4:1.0.0' diff --git a/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java b/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java index 828ef27d..0ccef0ae 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java @@ -34,6 +34,10 @@ import androidx.appcompat.app.AppCompatDelegate; import androidx.localbroadcastmanager.content.LocalBroadcastManager; import androidx.multidex.MultiDexApplication; +import org.conscrypt.Conscrypt; + +import java.security.Security; + import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.appUpdate.DownloadBroadcastReceiver; import se.leap.bitmaskclient.base.models.ProviderObservable; @@ -59,6 +63,7 @@ public class BitmaskApp extends MultiDexApplication { super.onCreate(); // Normal app init code...*/ PRNGFixes.apply(); + Security.insertProviderAt(Conscrypt.newProvider(), 1); SharedPreferences preferences = getSharedPreferences(SHARED_PREFERENCES, MODE_PRIVATE); providerObservable = ProviderObservable.getInstance(); providerObservable.updateProvider(getSavedProviderFromSharedPreferences(preferences)); diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java index cc68b5a8..1420d666 100644 --- a/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java +++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/TLSCompatSocketFactory.java @@ -28,8 +28,7 @@ import se.leap.bitmaskclient.base.utils.ConfigHelper; /** * Created by cyberta on 24.10.17. - * This class ensures that modern TLS algorithms will also be used on old devices (Android 4.1 - Android 4.4.4) in order to avoid - * attacks like POODLE. + * This class ensures that modern TLS algorithms will also be used on old devices */ public class TLSCompatSocketFactory extends SSLSocketFactory { @@ -150,9 +149,8 @@ public class TLSCompatSocketFactory extends SSLSocketFactory { } private Socket enableTLSOnSocket(Socket socket) throws IllegalArgumentException { - if(socket != null && (socket instanceof SSLSocket)) { - ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.2"}); - //TODO: add a android version check as soon as a new Android API or bcjsse supports TLSv1.3 + if((socket instanceof SSLSocket)) { + ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.3", "TLSv1.2"}); } return socket; -- cgit v1.2.3