mirror of
https://github.com/accelforce/Yuito
synced 2024-12-31 18:17:27 +01:00
Possible fix to ECDH secp256r1-only cipher suite issue.
This commit is contained in:
parent
b7eb5b3271
commit
692dc0e527
@ -19,6 +19,9 @@ android {
|
|||||||
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
|
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
lintOptions {
|
||||||
|
disable 'MissingTranslation'
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dependencies {
|
dependencies {
|
||||||
|
@ -49,10 +49,14 @@ class OkHttpUtils {
|
|||||||
* ConnectionSpec.MODERN_TLS) and if that doesn't work falls back to the set of ALL enabled,
|
* ConnectionSpec.MODERN_TLS) and if that doesn't work falls back to the set of ALL enabled,
|
||||||
* then falls back to plain http.
|
* then falls back to plain http.
|
||||||
*
|
*
|
||||||
|
* API level 24 has a regression in elliptic curves where it only supports secp256r1, so this
|
||||||
|
* first tries a fallback without elliptic curves at all, and then tries them after.
|
||||||
|
*
|
||||||
* TLS 1.1 and 1.2 have to be manually enabled on API levels 16-20.
|
* TLS 1.1 and 1.2 have to be manually enabled on API levels 16-20.
|
||||||
*/
|
*/
|
||||||
@NonNull
|
@NonNull
|
||||||
static OkHttpClient.Builder getCompatibleClientBuilder() {
|
static OkHttpClient.Builder getCompatibleClientBuilder() {
|
||||||
|
|
||||||
ConnectionSpec fallback = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
|
ConnectionSpec fallback = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
|
||||||
.allEnabledCipherSuites()
|
.allEnabledCipherSuites()
|
||||||
.supportsTlsExtensions(true)
|
.supportsTlsExtensions(true)
|
||||||
@ -60,6 +64,7 @@ class OkHttpUtils {
|
|||||||
|
|
||||||
List<ConnectionSpec> specList = new ArrayList<>();
|
List<ConnectionSpec> specList = new ArrayList<>();
|
||||||
specList.add(ConnectionSpec.MODERN_TLS);
|
specList.add(ConnectionSpec.MODERN_TLS);
|
||||||
|
addNougatFixConnectionSpec(specList);
|
||||||
specList.add(fallback);
|
specList.add(fallback);
|
||||||
specList.add(ConnectionSpec.CLEARTEXT);
|
specList.add(ConnectionSpec.CLEARTEXT);
|
||||||
|
|
||||||
@ -74,6 +79,36 @@ class OkHttpUtils {
|
|||||||
return getCompatibleClientBuilder().build();
|
return getCompatibleClientBuilder().build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Android version Nougat has a regression where elliptic curve cipher suites are supported, but
|
||||||
|
* only the curve secp256r1 is allowed. So, first it's best to just disable all elliptic
|
||||||
|
* ciphers, try the connection, and fall back to the all cipher suites enabled list after.
|
||||||
|
*/
|
||||||
|
private static void addNougatFixConnectionSpec(List<ConnectionSpec> specList) {
|
||||||
|
if (Build.VERSION.SDK_INT != Build.VERSION_CODES.N) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
SSLContext sslContext;
|
||||||
|
try {
|
||||||
|
sslContext = SSLContext.getInstance("TLS");
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
Log.e(TAG, "Failed obtaining TLS Context.");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
String[] cipherSuites = sslContext.getSocketFactory().getDefaultCipherSuites();
|
||||||
|
ArrayList<String> allowedList = new ArrayList<>();
|
||||||
|
for (String suite : cipherSuites) {
|
||||||
|
if (!suite.contains("ECDH")) {
|
||||||
|
allowedList.add(suite);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
|
||||||
|
.cipherSuites(allowedList.toArray(new String[0]))
|
||||||
|
.supportsTlsExtensions(true)
|
||||||
|
.build();
|
||||||
|
specList.add(spec);
|
||||||
|
}
|
||||||
|
|
||||||
private static OkHttpClient.Builder enableHigherTlsOnPreLollipop(OkHttpClient.Builder builder) {
|
private static OkHttpClient.Builder enableHigherTlsOnPreLollipop(OkHttpClient.Builder builder) {
|
||||||
if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22) {
|
if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22) {
|
||||||
try {
|
try {
|
||||||
|
@ -20,7 +20,6 @@
|
|||||||
<string name="title_notifications">Notifications</string>
|
<string name="title_notifications">Notifications</string>
|
||||||
<string name="title_public_local">Local</string>
|
<string name="title_public_local">Local</string>
|
||||||
<string name="title_public_federated">Federated</string>
|
<string name="title_public_federated">Federated</string>
|
||||||
<string name="title_compose">Compose</string>
|
|
||||||
<string name="title_thread">Thread</string>
|
<string name="title_thread">Thread</string>
|
||||||
<string name="title_tag">#%s</string>
|
<string name="title_tag">#%s</string>
|
||||||
<string name="title_statuses">Posts</string>
|
<string name="title_statuses">Posts</string>
|
||||||
|
Loading…
Reference in New Issue
Block a user