diff --git a/android/app/src/main/java/com/paypal/developer/paypaltlscheck/TlsSocketFactory.java b/android/app/src/main/java/com/paypal/developer/paypaltlscheck/TlsSocketFactory.java index f3d5262..0eb2d75 100644 --- a/android/app/src/main/java/com/paypal/developer/paypaltlscheck/TlsSocketFactory.java +++ b/android/app/src/main/java/com/paypal/developer/paypaltlscheck/TlsSocketFactory.java @@ -1,13 +1,12 @@ package com.paypal.developer.paypaltlscheck; -import android.util.Log; - import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; import java.util.Arrays; import javax.net.ssl.SSLContext; @@ -60,13 +59,13 @@ public Socket createSocket(InetAddress address, int port, InetAddress localAddre } private Socket enableTLSOnSocket(Socket socket) { - if(socket != null && (socket instanceof SSLSocket)) { - SSLSocket sslSocket = (SSLSocket) socket; - Log.d("TEST-supportedProtocols", Arrays.asList(sslSocket.getSupportedProtocols()).toString()); - // We could enable TLSv1.2 only here, but we take a permissive approach for the client - // and leave it up to the server to require TLSv1.2 - sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols()); - Log.d("TEST-enabledProtocols", Arrays.asList(sslSocket.getEnabledProtocols()).toString()); + if(socket instanceof SSLSocket) { + ArrayList supportedProtocols = + new ArrayList<>(Arrays.asList(((SSLSocket) socket).getSupportedProtocols())); + supportedProtocols.retainAll(Arrays.asList("TLSv1.2", "TLSv1.1", "TLSv1")); + + ((SSLSocket)socket).setEnabledProtocols(supportedProtocols.toArray( + new String[supportedProtocols.size()])); } return socket; }