mirror
/
FairEmail
mirror of https://github.com/M66B/FairEmail.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove fallback cipher

This commit is contained in:
M66B 2022-02-23 11:31:00 +01:00
parent 625bb0dfa8
commit 34627add38
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/src/main/java/eu/faircode/email/EmailService.java
View File

@ -966,7 +966,7 @@ public class EmailService implements AutoCloseable {
SSLContext sslContext; SSLContext sslContext;
try { try {
sslContext = SSLContext.getInstance("SSL"); sslContext = SSLContext.getInstance("SSL");
}catch (Throwable ex){ } catch (Throwable ex) {
Log.e(ex); Log.e(ex);
sslContext = SSLContext.getInstance("TLS"); sslContext = SSLContext.getInstance("TLS");
} }
@ -1157,9 +1157,8 @@ public class EmailService implements AutoCloseable {
sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols()); sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
List<String> ciphers = new ArrayList<>(); List<String> ciphers = new ArrayList<>();
for (String cipher : sslSocket.getSupportedCipherSuites()) ciphers.addAll(Arrays.asList(sslSocket.getSupportedCipherSuites()));
if (!cipher.endsWith("_SCSV")) ciphers.remove("TLS_FALLBACK_SCSV");
ciphers.add(cipher);
sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0])); sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0]));
} else if (ssl_harden) { } else if (ssl_harden) {
List<String> protocols = new ArrayList<>(); List<String> protocols = new ArrayList<>();
@ -1184,6 +1183,7 @@ public class EmailService implements AutoCloseable {
List<String> ciphers = new ArrayList<>(); List<String> ciphers = new ArrayList<>();
ciphers.addAll(Arrays.asList(sslSocket.getEnabledCipherSuites())); ciphers.addAll(Arrays.asList(sslSocket.getEnabledCipherSuites()));
ciphers.remove("TLS_FALLBACK_SCSV");
for (String cipher : sslSocket.getSupportedCipherSuites()) for (String cipher : sslSocket.getSupportedCipherSuites())
if (!ciphers.contains(cipher) && if (!ciphers.contains(cipher) &&
(cipher.contains("3DES") || cipher.contains("RC4"))) { (cipher.contains("3DES") || cipher.contains("RC4"))) {