From cf3024668e77c9df38dfb8451c8386cf3921c456 Mon Sep 17 00:00:00 2001 From: Tomas Nosek Date: Mon, 8 Feb 2016 10:07:14 +0100 Subject: [PATCH] Fix XMPPTCPConnection.setEnabledSSL(Protocols|Ciphers) The problem caused by opening input/ output stream before setting ssl parameters to SSLSession and fixed by changing order of this operations. Fixes SMACK-712. Minor-Modifications-By: Florian Schmaus --- .../org/jivesoftware/smack/tcp/XMPPTCPConnection.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java b/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java index 20d9e4495..8a1d6e5a1 100644 --- a/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java +++ b/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java @@ -751,12 +751,16 @@ public class XMPPTCPConnection extends AbstractXMPPConnection { // Secure the plain connection socket = context.getSocketFactory().createSocket(plain, host, plain.getPort(), true); - // Initialize the reader and writer with the new secured version - initReaderAndWriter(); final SSLSocket sslSocket = (SSLSocket) socket; + // Immediately set the enabled SSL protocols and ciphers. See SMACK-712 why this is + // important (at least on certain platforms) and it seems to be a good idea anyways to + // prevent an accidental implicit handshake. TLSUtils.setEnabledProtocolsAndCiphers(sslSocket, config.getEnabledSSLProtocols(), config.getEnabledSSLCiphers()); + // Initialize the reader and writer with the new secured version + initReaderAndWriter(); + // Proceed to do the handshake sslSocket.startHandshake();