diff options
author | H. Lehmann <ByteHamster@users.noreply.github.com> | 2019-09-23 23:36:54 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-23 23:36:54 +0200 |
commit | 4defa086a0b2837278e5066b08453da4df378194 (patch) | |
tree | d148748c3a1e38822b7f35c2ab08b1a57692ea45 /core/src/main/java | |
parent | 7e1cd39969efde7e3f1ae94a4cfc6782deddfdad (diff) | |
parent | c41c8765b691bed6a04bd262025cdde5f245535c (diff) | |
download | AntennaPod-4defa086a0b2837278e5066b08453da4df378194.zip |
Merge pull request #3439 from orionlee/fix_ssl_on_android4_2814
Fix SSL issues on android 4.x
Diffstat (limited to 'core/src/main/java')
-rw-r--r-- | core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java b/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java index 97007a214..04a6d5882 100644 --- a/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java +++ b/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java @@ -16,7 +16,9 @@ import java.net.Socket; import java.net.SocketAddress; import java.security.GeneralSecurityException; import java.security.KeyStore; +import java.util.ArrayList; import java.util.Arrays; +import java.util.List; import java.util.concurrent.TimeUnit; import javax.net.ssl.SSLContext; @@ -28,6 +30,8 @@ import javax.net.ssl.X509TrustManager; import de.danoeh.antennapod.core.preferences.UserPreferences; import de.danoeh.antennapod.core.storage.DBWriter; +import okhttp3.CipherSuite; +import okhttp3.ConnectionSpec; import okhttp3.Credentials; import okhttp3.HttpUrl; import okhttp3.JavaNetCookieJar; @@ -138,9 +142,24 @@ public class AntennapodHttpClient { }); } } - if(16 <= Build.VERSION.SDK_INT && Build.VERSION.SDK_INT < 21) { + if (16 <= Build.VERSION.SDK_INT && Build.VERSION.SDK_INT < 21) { builder.sslSocketFactory(new CustomSslSocketFactory(), trustManager()); } + + if (Build.VERSION.SDK_INT < 21) { + // workaround for Android 4.x for certain web sites. + // see: https://github.com/square/okhttp/issues/4053#issuecomment-402579554 + List<CipherSuite> cipherSuites = new ArrayList<>(); + cipherSuites.addAll(ConnectionSpec.MODERN_TLS.cipherSuites()); + cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA); + cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); + + ConnectionSpec legacyTls = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .cipherSuites(cipherSuites.toArray(new CipherSuite[0])) + .build(); + builder.connectionSpecs(Arrays.asList(legacyTls, ConnectionSpec.CLEARTEXT)); + } + return builder; } |