From 34627add3844b3412a42f5e695dfe7fffe4ad005 Mon Sep 17 00:00:00 2001 From: M66B Date: Wed, 23 Feb 2022 11:31:00 +0100 Subject: [PATCH] Remove fallback cipher --- app/src/main/java/eu/faircode/email/EmailService.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/src/main/java/eu/faircode/email/EmailService.java b/app/src/main/java/eu/faircode/email/EmailService.java index 7bac54a587..528a8e4e06 100644 --- a/app/src/main/java/eu/faircode/email/EmailService.java +++ b/app/src/main/java/eu/faircode/email/EmailService.java @@ -966,7 +966,7 @@ public class EmailService implements AutoCloseable { SSLContext sslContext; try { sslContext = SSLContext.getInstance("SSL"); - }catch (Throwable ex){ + } catch (Throwable ex) { Log.e(ex); sslContext = SSLContext.getInstance("TLS"); } @@ -1157,9 +1157,8 @@ public class EmailService implements AutoCloseable { sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols()); List ciphers = new ArrayList<>(); - for (String cipher : sslSocket.getSupportedCipherSuites()) - if (!cipher.endsWith("_SCSV")) - ciphers.add(cipher); + ciphers.addAll(Arrays.asList(sslSocket.getSupportedCipherSuites())); + ciphers.remove("TLS_FALLBACK_SCSV"); sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0])); } else if (ssl_harden) { List protocols = new ArrayList<>(); @@ -1184,6 +1183,7 @@ public class EmailService implements AutoCloseable { List ciphers = new ArrayList<>(); ciphers.addAll(Arrays.asList(sslSocket.getEnabledCipherSuites())); + ciphers.remove("TLS_FALLBACK_SCSV"); for (String cipher : sslSocket.getSupportedCipherSuites()) if (!ciphers.contains(cipher) && (cipher.contains("3DES") || cipher.contains("RC4"))) {