From 6cae7df9bdf0d233d0c35b021cbc43dfa5e4a4b5 Mon Sep 17 00:00:00 2001 From: orionlee Date: Mon, 23 Sep 2019 14:13:20 -0700 Subject: [PATCH 1/3] SSL fix On Android 4.4 for certain web sites. --- .../download/AntennapodHttpClient.java | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java b/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java index 97007a2146..e6886c6557 100644 --- a/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java +++ b/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java @@ -16,7 +16,9 @@ import java.net.SocketAddress; import java.security.GeneralSecurityException; import java.security.KeyStore; +import java.util.ArrayList; import java.util.Arrays; +import java.util.List; import java.util.concurrent.TimeUnit; import javax.net.ssl.SSLContext; @@ -28,6 +30,8 @@ import de.danoeh.antennapod.core.preferences.UserPreferences; import de.danoeh.antennapod.core.storage.DBWriter; +import okhttp3.CipherSuite; +import okhttp3.ConnectionSpec; import okhttp3.Credentials; import okhttp3.HttpUrl; import okhttp3.JavaNetCookieJar; @@ -141,6 +145,21 @@ public static OkHttpClient.Builder newBuilder() { if(16 <= Build.VERSION.SDK_INT && Build.VERSION.SDK_INT < 21) { builder.sslSocketFactory(new CustomSslSocketFactory(), trustManager()); } + + if(Build.VERSION.SDK_INT < 21) { + // workaround for Android 4.x for certain web sites. + // see: https://github.com/square/okhttp/issues/4053#issuecomment-402579554 + List cipherSuites = new ArrayList<>(); + cipherSuites.addAll(ConnectionSpec.MODERN_TLS.cipherSuites()); + cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA); + cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); + + ConnectionSpec legacyTls = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .cipherSuites(cipherSuites.toArray(new CipherSuite[0])) + .build(); + builder.connectionSpecs(Arrays.asList(legacyTls, ConnectionSpec.CLEARTEXT)); + } + return builder; } From e8be5cb8ec18d49c66abd6898a6a55d9f246c7e4 Mon Sep 17 00:00:00 2001 From: orionlee Date: Mon, 23 Sep 2019 14:15:24 -0700 Subject: [PATCH 2/3] Upgrade OkHttp (to the latest that still support Android 4.x) --- build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 2ca680ccb0..b04637b782 100644 --- a/build.gradle +++ b/build.gradle @@ -57,8 +57,8 @@ project.ext { iconifyVersion = "2.2.2" jsoupVersion = "1.11.2" materialDialogsVersion = "0.9.0.2" - okhttpVersion = "3.9.0" - okioVersion = "1.14.0" + okhttpVersion = "3.12.5" + okioVersion = "1.17.4" recyclerviewFlexibledividerVersion = "1.4.0" robotiumSoloVersion = "5.6.3" rxAndroidVersion = "2.1.0" From c41c8765b691bed6a04bd262025cdde5f245535c Mon Sep 17 00:00:00 2001 From: orionlee Date: Mon, 23 Sep 2019 14:22:16 -0700 Subject: [PATCH 3/3] SSL android 4 fix - fix code styles --- .../core/service/download/AntennapodHttpClient.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java b/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java index e6886c6557..04a6d58820 100644 --- a/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java +++ b/core/src/main/java/de/danoeh/antennapod/core/service/download/AntennapodHttpClient.java @@ -142,11 +142,11 @@ public static OkHttpClient.Builder newBuilder() { }); } } - if(16 <= Build.VERSION.SDK_INT && Build.VERSION.SDK_INT < 21) { + if (16 <= Build.VERSION.SDK_INT && Build.VERSION.SDK_INT < 21) { builder.sslSocketFactory(new CustomSslSocketFactory(), trustManager()); } - if(Build.VERSION.SDK_INT < 21) { + if (Build.VERSION.SDK_INT < 21) { // workaround for Android 4.x for certain web sites. // see: https://github.com/square/okhttp/issues/4053#issuecomment-402579554 List cipherSuites = new ArrayList<>();