From 113b7d17361a7da7ae08b0845011070e0c005fc5 Mon Sep 17 00:00:00 2001 From: Sam Whited Date: Sat, 18 Oct 2014 15:56:59 -0400 Subject: [PATCH] Remove support for legacy SSL --- src/eu/siacs/conversations/xmpp/XmppConnection.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/eu/siacs/conversations/xmpp/XmppConnection.java b/src/eu/siacs/conversations/xmpp/XmppConnection.java index 0162af9ea..1ac6cb2b5 100644 --- a/src/eu/siacs/conversations/xmpp/XmppConnection.java +++ b/src/eu/siacs/conversations/xmpp/XmppConnection.java @@ -10,6 +10,7 @@ import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.ArrayList; +import java.util.Arrays; import java.util.HashMap; import java.util.Hashtable; import java.util.List; @@ -519,7 +520,14 @@ public class XmppConnection implements Runnable { SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true); - sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols()); + + // Support all protocols except legacy SSL. + // The min SDK version prevents us having to worry about SSLv2. In future, this may be + // true of SSLv3 as well. + final List supportedProtocols = new LinkedList(Arrays.asList( + sslSocket.getSupportedProtocols())); + supportedProtocols.remove("SSLv3"); + sslSocket.setEnabledProtocols(supportedProtocols.toArray(new String[supportedProtocols.size()])); if (verifier != null && !verifier.verify(account.getServer(),