TBA - httpclientandroidlib leaks information about Android version

Closed (moved) Issue created 6 years ago by Matthew Finkel

While reviewing #22170 (moved), I noticed Fennec decides which TLS ciphers it supports[0] based on a lower-bound of the Android SDK version, and it chooses a TLS cipher within that list. This is another example of why we should use Necko (via GeckoView) instead of the Android SDK for networking.

This is used by the Java networking in the Sync code[1].

In the short term, we can always return the else clause:

    } else {
      DEFAULT_CIPHER_SUITES = new String[]
          {
           "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",        // 11+
           "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",      // 11+
           "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",        // 11+

           // For Sync 1.1.
           "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",  // 9+
           "TLS_RSA_WITH_AES_128_CBC_SHA",      // 9+
          };
    }

But that sure is sad. We need ciphers for 16+.

[0] https://gitweb.torproject.org/tor-browser.git/tree/mobile/android/services/src/main/java/org/mozilla/gecko/background/common/GlobalConstants.java?h=tor-browser-60.1.0esr-8.0-1#n47 [1] https://gitweb.torproject.org/tor-browser.git/tree/mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java?h=tor-browser-60.1.0esr-8.0-1#n261

TBA - httpclientandroidlib leaks information about Android version

Linked items ... 0

Activity