mirror/FairEmail
1
0
Fork 0
mirror of https://github.com/M66B/FairEmail.git synced 2025-02-23 14:41:08 +00:00
Code Issues Releases Wiki Activity

Enable TLSv1.3 by default

Browse source
This commit is contained in:
M66B 2023-12-13 16:15:33 +01:00
parent 61bcf1bb75
commit 2e4bc7a305
1 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
app/src/main/java/eu/faircode/email/EmailService.java
View file

@ -139,6 +139,10 @@ public class EmailService implements AutoCloseable {
private static final int APPEND_BUFFER_SIZE = 4 * 1024 * 1024; // bytes
private static final List<String> SSL_PROTOCOL_INSECURE = Collections.unmodifiableList(Arrays.asList(
"SSLv2", "SSLv3"
));
// https://developer.android.com/reference/javax/net/ssl/SSLSocket.html#protocols
private static final List<String> SSL_PROTOCOL_BLACKLIST = Collections.unmodifiableList(Arrays.asList(
"SSLv2", "SSLv3", "TLSv1", "TLSv1.1"
@ -1128,6 +1132,8 @@ public class EmailService implements AutoCloseable {
SSLSocket sslSocket = (SSLSocket) socket;
if (!secure) {
Log.i("SSL insecure");
// Protocols
sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
@ -1139,6 +1145,8 @@ public class EmailService implements AutoCloseable {
} else if (ssl_harden && ssl_harden_strict &&
!BuildConfig.PLAY_STORE_RELEASE &&
Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
Log.i("SSL harden strict");
// Protocols
List<String> protocols = new ArrayList<>();
for (String protocol : sslSocket.getSupportedProtocols())
@ -1158,6 +1166,8 @@ public class EmailService implements AutoCloseable {
}
sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0]));
} else if (ssl_harden) {
Log.i("SSL harden");
// Protocols
List<String> protocols = new ArrayList<>();
for (String protocol : sslSocket.getSupportedProtocols())
@ -1177,6 +1187,17 @@ public class EmailService implements AutoCloseable {
}
sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0]));
} else {
Log.i("SSL default");
// Protocols
List<String> protocols = new ArrayList<>();
for (String protocol : sslSocket.getSupportedProtocols())
if (SSL_PROTOCOL_INSECURE.contains(protocol))
Log.i("SSL disabling protocol=" + protocol);
else
protocols.add(protocol);
sslSocket.setEnabledProtocols(protocols.toArray(new String[0]));
// Ciphers
List<String> ciphers = new ArrayList<>();
ciphers.addAll(Arrays.asList(sslSocket.getEnabledCipherSuites()));