From 933d747314499da3ef5e48d29b7ac5bd43271e6e Mon Sep 17 00:00:00 2001
From: Grigory Kruglov <gkruglov@mozilla.com>
Date: Tue, 27 Jun 2017 17:36:21 -0400
Subject: [PATCH] Bug 1365865 - Update set of default ciphers for API26+
 r=nalexander

TLS_DHE_RSA_WITH_AES_128_CBC_SHA is no longer supported in API26+.

MozReview-Commit-ID: AtNf2xZh2Bz

--HG--
extra : rebase_source : fef7d2018e77a4a4a7594bf32de750c8fa39e2ea
---
 mobile/android/base/AppConstants.java.in       |  1 +
 .../background/common/GlobalConstants.java     | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/mobile/android/base/AppConstants.java.in b/mobile/android/base/AppConstants.java.in
index 07ccd6e9a786..41acdde9eb57 100644
--- a/mobile/android/base/AppConstants.java.in
+++ b/mobile/android/base/AppConstants.java.in
@@ -53,6 +53,7 @@ public class AppConstants {
         public static final boolean feature20Plus = MIN_SDK_VERSION >= 20 || (MAX_SDK_VERSION >= 20 && Build.VERSION.SDK_INT >= 20);
         public static final boolean feature21Plus = MIN_SDK_VERSION >= 21 || (MAX_SDK_VERSION >= 21 && Build.VERSION.SDK_INT >= 21);
         public static final boolean feature24Plus = MIN_SDK_VERSION >= 24 || (MAX_SDK_VERSION >= 24 && Build.VERSION.SDK_INT >= 24);
+        public static final boolean feature26Plus = MIN_SDK_VERSION >= 26 || (MAX_SDK_VERSION >= 26 && Build.VERSION.SDK_INT >= 26);
 
         /*
          * If our MIN_SDK_VERSION is 14 or higher, we must be an ICS device.
diff --git a/mobile/android/services/src/main/java/org/mozilla/gecko/background/common/GlobalConstants.java b/mobile/android/services/src/main/java/org/mozilla/gecko/background/common/GlobalConstants.java
index d661e62dc7d0..6dab3ef7f054 100644
--- a/mobile/android/services/src/main/java/org/mozilla/gecko/background/common/GlobalConstants.java
+++ b/mobile/android/services/src/main/java/org/mozilla/gecko/background/common/GlobalConstants.java
@@ -44,7 +44,7 @@ public class GlobalConstants {
   static {
     // Prioritize 128 over 256 as a tradeoff between device CPU/battery and the minor
     // increase in strength.
-    if (Versions.feature20Plus) {
+    if (Versions.feature26Plus) {
       DEFAULT_CIPHER_SUITES = new String[]
           {
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",   // 20+
@@ -56,7 +56,21 @@ public class GlobalConstants {
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",        // 11+
 
            // For Sync 1.1.
-           "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",  // 9+
+           "TLS_RSA_WITH_AES_128_CBC_SHA",      // 9+
+          };
+    } else if (Versions.feature20Plus) {
+      DEFAULT_CIPHER_SUITES = new String[]
+          {
+           "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",   // 20+
+           "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",     // 20+
+           "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",     // 20+
+           "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",        // 11+
+           "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",     // 20+
+           "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",     // 20+
+           "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",        // 11+
+
+           // For Sync 1.1.
+           "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",  // 9-25
            "TLS_RSA_WITH_AES_128_CBC_SHA",      // 9+
           };
     } else {