Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0e3348c2 authored by Ricki Hirner's avatar Ricki Hirner
Browse files

Exception handling, verbose TLS logs 

* handle IllegalArgumentException in Tasks provider (show LocalStorageException notification) (closes #601)
* add more verbose TLS cipher logs (see #608)
parent 65307f9d

app/src/main/java/at/bitfire/davdroid/resource/LocalCollection.java

+1 −1
Original line number Diff line number Diff line
@@ -378,7 +378,7 @@ public abstract class LocalCollection<T extends Resource> { 
							affected = 1;

                Log.d(TAG, "... " + affected + " record(s) affected");

				pendingOperations.clear();

			} catch(OperationApplicationException | RemoteException ex) {

			} catch(IllegalArgumentException|OperationApplicationException|RemoteException ex) {

				throw new LocalStorageException(ex);

			}

        return affected;

app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java

+11 −7
Original line number Diff line number Diff line
@@ -55,9 +55,9 @@ public class TlsSniSocketFactory extends SSLConnectionSocketFactory { 
			Log.v(TAG, "Setting allowed TLS protocols: " + StringUtils.join(protocols, ", "));

			TlsSniSocketFactory.protocols = protocols.toArray(new String[protocols.size()]);



			/* set reasonable cipher suites */

			/* set up reasonable cipher suites */

			if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {

				// choose secure cipher suites

				// choose known secure cipher suites

				List<String> allowedCiphers = Arrays.asList(

				        // TLS 1.2

                        "TLS_RSA_WITH_AES_256_GCM_SHA384",
@@ -78,19 +78,23 @@ public class TlsSniSocketFactory extends SSLConnectionSocketFactory { 
                        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");



				List<String> availableCiphers = Arrays.asList(socket.getSupportedCipherSuites());

				Log.v(TAG, "Available cipher suites: " + StringUtils.join(availableCiphers, ", "));

				Log.v(TAG, "Cipher suites enabled by default: " + StringUtils.join(socket.getEnabledCipherSuites(), ", "));



				// preferred ciphers = allowed Ciphers \ availableCiphers

				// take all allowed ciphers that are available and put them into preferredCiphers

				HashSet<String> preferredCiphers = new HashSet<>(allowedCiphers);

				preferredCiphers.retainAll(availableCiphers);



				/* For maximum security, preferredCiphers should *replace* enabled ciphers (thus disabling

				 * ciphers which are enabled by default, but have become unsecure), but I guess for

				 * the security level of DAVdroid and maximum compatibility, disabling of insecure

				 * ciphers should be a server-side task */



				// add preferred ciphers to enabled ciphers

				// for maximum security, preferred ciphers should *replace* enabled ciphers,

				// but I guess for the security level of DAVdroid, disabling of insecure

				// ciphers should be a server-side task

				HashSet<String> enabledCiphers = preferredCiphers;

				enabledCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites())));



				Log.v(TAG, "Setting allowed TLS ciphers: " + StringUtils.join(enabledCiphers, ", "));

				Log.v(TAG, "Enabling (only) those TLS ciphers: " + StringUtils.join(enabledCiphers, ", "));

				TlsSniSocketFactory.cipherSuites = enabledCiphers.toArray(new String[enabledCiphers.size()]);

			}

		} catch (IOException e) {