Merge pull request #737 from n8fr8/master

fixes #728 and #718 by disabling unsupport cipher suites

Author: n8fr8

src/info/guardianproject/otr/app/im/plugin/xmpp/XMPPCertPins.java

@@ -35,13 +35,13 @@ public class XMPPCertPins
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
      "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
      "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
-     "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
-     "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+//     "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", //not support in Android 6
+  //   "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
 
-     "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
-     "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
-     "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
-     "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+//     "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+ //    "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+//     "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+//     "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
      "TLS_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_RSA_WITH_AES_256_CBC_SHA256",
      "TLS_RSA_WITH_AES_128_CBC_SHA",
@@ -56,13 +56,13 @@ public class XMPPCertPins
     "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
     "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
     "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
-    "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
-    "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+   // "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+   // "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
 
-    "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
-    "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
-    "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
-    "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+ //   "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+  //  "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+    //"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+   // "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
 
     "TLS_RSA_WITH_AES_128_CBC_SHA",
     "TLS_RSA_WITH_AES_256_CBC_SHA",

src/info/guardianproject/otr/app/im/plugin/xmpp/XmppConnection.java

@@ -1183,16 +1183,24 @@ else if (domain.contains("google.com")||domain.contains("gmail.com")) //if not g
                 sslContext.init(null, new javax.net.ssl.TrustManager[] { trustManager },
                         secureRandom);
 
-                sslContext.getDefaultSSLParameters().getCipherSuites();
-
-                if (Build.VERSION.SDK_INT >= 20) {
-
-                    sslContext.getDefaultSSLParameters().setCipherSuites(XMPPCertPins.SSL_IDEAL_CIPHER_SUITES_API_20);
+                try
+                {
+                    sslContext.getDefaultSSLParameters().getCipherSuites();
 
+                    if (Build.VERSION.SDK_INT >= 20) {
+    
+                        sslContext.getDefaultSSLParameters().setCipherSuites(XMPPCertPins.SSL_IDEAL_CIPHER_SUITES_API_20);    
+                    }
+                    else
+                    {
+                        sslContext.getDefaultSSLParameters().setCipherSuites(XMPPCertPins.SSL_IDEAL_CIPHER_SUITES);
+                    }
                 }
-                else
+                catch (Exception e)
                 {
-                    sslContext.getDefaultSSLParameters().setCipherSuites(XMPPCertPins.SSL_IDEAL_CIPHER_SUITES);
+                    //this can happen if the cipher suites aren't available on the devices
+                    debug(TAG, "Error setting ideal cipher suites: " + e);
+                    
                 }