Merge pull request #3439 from orionlee/fix_ssl_on_android4_2814

Fix SSL issues on android 4.x
author: H. Lehmann <ByteHamster@users.noreply.github.com> 2019-09-23 23:36:54 +0200
committer: GitHub <noreply@github.com> 2019-09-23 23:36:54 +0200
commit: 4defa086a0b2837278e5066b08453da4df378194 (patch)
tree: d148748c3a1e38822b7f35c2ab08b1a57692ea45 /core/src
parent: 7e1cd39969efde7e3f1ae94a4cfc6782deddfdad (diff)
parent: c41c8765b691bed6a04bd262025cdde5f245535c (diff)
download: AntennaPod-4defa086a0b2837278e5066b08453da4df378194.zip
1 files changed, 20 insertions, 1 deletions
diff --git a/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java b/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java
index 97007a214..04a6d5882 100644
--- a/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java
+++ b/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java
@@ -16,7 +16,9 @@ import java.net.Socket;
 import java.net.SocketAddress;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
 import java.util.concurrent.TimeUnit;
 
 import javax.net.ssl.SSLContext;
@@ -28,6 +30,8 @@ import javax.net.ssl.X509TrustManager;
 
 import de.danoeh.antennapod.core.preferences.UserPreferences;
 import de.danoeh.antennapod.core.storage.DBWriter;
+import okhttp3.CipherSuite;
+import okhttp3.ConnectionSpec;
 import okhttp3.Credentials;
 import okhttp3.HttpUrl;
 import okhttp3.JavaNetCookieJar;
@@ -138,9 +142,24 @@ public class AntennapodHttpClient {
                 });
             }
         }
-        if(16 <= Build.VERSION.SDK_INT && Build.VERSION.SDK_INT < 21) {
+        if (16 <= Build.VERSION.SDK_INT && Build.VERSION.SDK_INT < 21) {
             builder.sslSocketFactory(new CustomSslSocketFactory(), trustManager());
         }
+
+        if (Build.VERSION.SDK_INT < 21) {
+            // workaround for Android 4.x for certain web sites.
+            // see: https://github.com/square/okhttp/issues/4053#issuecomment-402579554
+            List<CipherSuite> cipherSuites = new ArrayList<>();
+            cipherSuites.addAll(ConnectionSpec.MODERN_TLS.cipherSuites());
+            cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
+            cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
+
+            ConnectionSpec legacyTls = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
+                    .cipherSuites(cipherSuites.toArray(new CipherSuite[0]))
+                    .build();
+            builder.connectionSpecs(Arrays.asList(legacyTls, ConnectionSpec.CLEARTEXT));
+        }
+
         return builder;
     }
author	H. Lehmann <ByteHamster@users.noreply.github.com>	2019-09-23 23:36:54 +0200
committer	GitHub <noreply@github.com>	2019-09-23 23:36:54 +0200
commit	4defa086a0b2837278e5066b08453da4df378194 (patch)
tree	d148748c3a1e38822b7f35c2ab08b1a57692ea45 /core/src
parent	7e1cd39969efde7e3f1ae94a4cfc6782deddfdad (diff)
parent	c41c8765b691bed6a04bd262025cdde5f245535c (diff)
download	AntennaPod-4defa086a0b2837278e5066b08453da4df378194.zip