1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 package org.mozilla.gecko.sync.net; 6 7 import java.io.IOException; 8 import java.net.Socket; 9 10 import javax.net.ssl.SSLContext; 11 import javax.net.ssl.SSLSocket; 12 13 import org.mozilla.gecko.background.common.GlobalConstants; 14 import org.mozilla.gecko.background.common.log.Logger; 15 16 import ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory; 17 import ch.boye.httpclientandroidlib.params.HttpParams; 18 19 public class TLSSocketFactory extends SSLSocketFactory { 20 private static final String LOG_TAG = "TLSSocketFactory"; 21 22 // Guarded by `this`. 23 private static String[] cipherSuites = GlobalConstants.DEFAULT_CIPHER_SUITES; 24 TLSSocketFactory(SSLContext sslContext)25 public TLSSocketFactory(SSLContext sslContext) { 26 super(sslContext); 27 } 28 29 /** 30 * Attempt to specify the cipher suites to use for a connection. If 31 * setting fails (as it will on Android 2.2, because the wrong names 32 * are in use to specify ciphers), attempt to set the defaults. 33 * 34 * We store the list of cipher suites in `cipherSuites`, which 35 * avoids this fallback handling having to be executed more than once. 36 * 37 * This method is synchronized to ensure correct use of that member. 38 * 39 * See Bug 717691 for more details. 40 * 41 * @param socket 42 * The SSLSocket on which to operate. 43 */ setEnabledCipherSuites(SSLSocket socket)44 public static synchronized void setEnabledCipherSuites(SSLSocket socket) { 45 try { 46 socket.setEnabledCipherSuites(cipherSuites); 47 } catch (IllegalArgumentException e) { 48 cipherSuites = socket.getSupportedCipherSuites(); 49 Logger.warn(LOG_TAG, "Setting enabled cipher suites failed: " + e.getMessage()); 50 Logger.warn(LOG_TAG, "Using " + cipherSuites.length + " supported suites."); 51 socket.setEnabledCipherSuites(cipherSuites); 52 } 53 } 54 55 @Override createSocket(HttpParams params)56 public Socket createSocket(HttpParams params) throws IOException { 57 SSLSocket socket = (SSLSocket) super.createSocket(params); 58 socket.setEnabledProtocols(GlobalConstants.DEFAULT_PROTOCOLS); 59 setEnabledCipherSuites(socket); 60 return socket; 61 } 62 } 63