Bug 1365865 - Update set of default ciphers for API26+ r=nalexander

TLS_DHE_RSA_WITH_AES_128_CBC_SHA is no longer supported in API26+.

MozReview-Commit-ID: AtNf2xZh2Bz

--HG--
extra : rebase_source : fef7d2018e77a4a4a7594bf32de750c8fa39e2ea
This commit is contained in:
Grigory Kruglov 2017-06-27 17:36:21 -04:00
Родитель 788b4add8d
Коммит 933d747314
2 изменённых файлов: 17 добавлений и 2 удалений

Просмотреть файл

@ -53,6 +53,7 @@ public class AppConstants {
public static final boolean feature20Plus = MIN_SDK_VERSION >= 20 || (MAX_SDK_VERSION >= 20 && Build.VERSION.SDK_INT >= 20);
public static final boolean feature21Plus = MIN_SDK_VERSION >= 21 || (MAX_SDK_VERSION >= 21 && Build.VERSION.SDK_INT >= 21);
public static final boolean feature24Plus = MIN_SDK_VERSION >= 24 || (MAX_SDK_VERSION >= 24 && Build.VERSION.SDK_INT >= 24);
public static final boolean feature26Plus = MIN_SDK_VERSION >= 26 || (MAX_SDK_VERSION >= 26 && Build.VERSION.SDK_INT >= 26);
/*
* If our MIN_SDK_VERSION is 14 or higher, we must be an ICS device.

Просмотреть файл

@ -44,7 +44,7 @@ public class GlobalConstants {
static {
// Prioritize 128 over 256 as a tradeoff between device CPU/battery and the minor
// increase in strength.
if (Versions.feature20Plus) {
if (Versions.feature26Plus) {
DEFAULT_CIPHER_SUITES = new String[]
{
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", // 20+
@ -56,7 +56,21 @@ public class GlobalConstants {
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", // 11+
// For Sync 1.1.
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA", // 9+
"TLS_RSA_WITH_AES_128_CBC_SHA", // 9+
};
} else if (Versions.feature20Plus) {
DEFAULT_CIPHER_SUITES = new String[]
{
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", // 20+
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", // 20+
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", // 20+
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", // 11+
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", // 20+
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", // 20+
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", // 11+
// For Sync 1.1.
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA", // 9-25
"TLS_RSA_WITH_AES_128_CBC_SHA", // 9+
};
} else {