include Conscrypt as the only TLS provider

defo-project · Nov 30, 2021 · 9a7e388 · 9a7e388
1 parent 6c1d8b0
commit 9a7e388
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 0 deletions.
diff --git a/app/build.gradle b/app/build.gradle
@@ -183,6 +183,8 @@ dependencies {
     fullImplementation 'org.jmdns:jmdns:3.5.5'
     fullImplementation 'org.nanohttpd:nanohttpd:2.3.1'
 
+    defoImplementation 'info.guardianproject.conscrypt:conscrypt-android:2.6.alpha1638179154.job1828169525'
+
     testImplementation 'androidx.test:core:1.3.0'
     testImplementation 'junit:junit:4.13.1'
     testImplementation 'org.robolectric:robolectric:4.3'
@@ -201,6 +203,8 @@ dependencies {
     androidTestImplementation 'androidx.work:work-testing:2.4.0'
 }
 
+android.packagingOptions.doNotStrip '**/*.so'
+
 checkstyle {
     toolVersion = '7.2'
 }

diff --git a/app/src/defo/java/org/fdroid/fdroid/ConscryptLoader.java b/app/src/defo/java/org/fdroid/fdroid/ConscryptLoader.java
@@ -0,0 +1,22 @@
+package org.fdroid.fdroid;
+
+import android.util.Log;
+
+import org.conscrypt.Conscrypt;
+
+import java.security.Provider;
+import java.security.Security;
+
+public class ConscryptLoader {
+    public static final String TAG = "ConscryptLoader";
+
+    public static void installConscrypt() {
+        Security.insertProviderAt(Conscrypt.newProviderBuilder().defaultTlsProtocol("TLSv1.3").build(), 1);
+
+        Security.removeProvider("AndroidOpenSSL");
+        for (Provider provider : Security.getProviders()) {
+            Log.i(TAG, "TLS Provider: " + provider);
+        }
+        Conscrypt.checkAvailability();
+    }
+}
diff --git a/app/src/main/java/org/fdroid/fdroid/FDroidApp.java b/app/src/main/java/org/fdroid/fdroid/FDroidApp.java
@@ -393,6 +393,7 @@ public void onCreate() {
 
         configureProxy(preferences);
 
+        ConscryptLoader.installConscrypt();
 
         // bug specific to exactly 5.0 makes it only work with the old index
         // which includes an ugly, hacky workaround