SSL fix On Android 4.4 for certain web sites.

core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java

@@ -16,7 +16,9 @@ import java.net.Socket;
 import java.net.SocketAddress;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
 import java.util.concurrent.TimeUnit;
 
 import javax.net.ssl.SSLContext;
@@ -28,6 +30,8 @@ import javax.net.ssl.X509TrustManager;
 
 import de.danoeh.antennapod.core.preferences.UserPreferences;
 import de.danoeh.antennapod.core.storage.DBWriter;
+import okhttp3.CipherSuite;
+import okhttp3.ConnectionSpec;
 import okhttp3.Credentials;
 import okhttp3.HttpUrl;
 import okhttp3.JavaNetCookieJar;
@@ -141,6 +145,21 @@ public class AntennapodHttpClient {
         if(16 <= Build.VERSION.SDK_INT && Build.VERSION.SDK_INT < 21) {
             builder.sslSocketFactory(new CustomSslSocketFactory(), trustManager());
         }
+
+        if(Build.VERSION.SDK_INT < 21) {
+            // workaround for Android 4.x for certain web sites.
+            // see: https://github.com/square/okhttp/issues/4053#issuecomment-402579554
+            List<CipherSuite> cipherSuites = new ArrayList<>();
+            cipherSuites.addAll(ConnectionSpec.MODERN_TLS.cipherSuites());
+            cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
+            cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
+
+            ConnectionSpec legacyTls = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
+                    .cipherSuites(cipherSuites.toArray(new CipherSuite[0]))
+                    .build();
+            builder.connectionSpecs(Arrays.asList(legacyTls, ConnectionSpec.CLEARTEXT));
+        }
+
         return builder;
     }