From 245f5baaa8c78a677f48e6c7b54394c60d5501e8 Mon Sep 17 00:00:00 2001 From: Pierre Slamich Date: Fri, 11 Sep 2020 15:04:57 +0200 Subject: [PATCH] fix: ssl cipher not working for android 7 Closes https://github.com/openfoodfacts/openfoodfacts-androidapp/issues/3480 --- .../github/scrachx/openfood/utils/Utils.java | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/app/src/main/java/openfoodfacts/github/scrachx/openfood/utils/Utils.java b/app/src/main/java/openfoodfacts/github/scrachx/openfood/utils/Utils.java index accd3ba779a9..47a4d3d685be 100644 --- a/app/src/main/java/openfoodfacts/github/scrachx/openfood/utils/Utils.java +++ b/app/src/main/java/openfoodfacts/github/scrachx/openfood/utils/Utils.java @@ -33,6 +33,7 @@ import android.net.NetworkInfo; import android.net.Uri; import android.os.BatteryManager; +import android.os.Build; import android.os.Environment; import android.text.Spannable; import android.text.SpannableString; @@ -77,13 +78,16 @@ import java.io.OutputStream; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.List; import java.util.Locale; import java.util.Map; import java.util.concurrent.TimeUnit; +import okhttp3.CipherSuite; import okhttp3.ConnectionSpec; import okhttp3.OkHttpClient; +import okhttp3.TlsVersion; import okhttp3.logging.HttpLoggingInterceptor; import openfoodfacts.github.scrachx.openfood.BuildConfig; import openfoodfacts.github.scrachx.openfood.R; @@ -251,7 +255,6 @@ public static boolean isApplicationInstalled(Context context, String packageName } } - /** * Returns the Nutri-Score graphic asset given the grade */ @@ -335,7 +338,7 @@ public static List getViewsByType(ViewGroup root, Class t } return result; } - + /** * Returns the NOVA group graphic asset given the group */ @@ -504,12 +507,24 @@ public static synchronized void scheduleProductUploadJob(Context context) { isUploadJobInitialised = true; } + @NonNull public static OkHttpClient httpClientBuilder() { + OkHttpClient.Builder builder = new OkHttpClient.Builder() .connectTimeout(CONNECTION_TIMEOUT, TimeUnit.MILLISECONDS) .readTimeout(RW_TIMEOUT, TimeUnit.MILLISECONDS) - .writeTimeout(RW_TIMEOUT, TimeUnit.MILLISECONDS) - .connectionSpecs(Arrays.asList(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS)); + .writeTimeout(RW_TIMEOUT, TimeUnit.MILLISECONDS); + + if (Build.VERSION.SDK_INT == Build.VERSION_CODES.N) { + builder.connectionSpecs(Collections.singletonList( + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .cipherSuites(CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) + .build()) + ); + } else { + builder.connectionSpecs(Arrays.asList(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS)); + } if (BuildConfig.DEBUG) { builder.addInterceptor(new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BODY));