Don't try to use unsupported TLS versions. Closes #1458

F43nd1r · F43nd1r · commit 3d23ac7143fa · 2025-09-28T18:44:53.000+02:00
diff --git a/acra-http/src/main/java/org/acra/security/ProtocolSocketFactoryWrapper.kt b/acra-http/src/main/java/org/acra/security/ProtocolSocketFactoryWrapper.kt
@@ -24,34 +24,16 @@ import javax.net.ssl.SSLSocket
 import javax.net.ssl.SSLSocketFactory
 
 class ProtocolSocketFactoryWrapper(private val delegate: SSLSocketFactory, protocols: List<TLS>) : SSLSocketFactory() {
-    private val protocols: List<String>
-
-    init {
-        val list = protocols.toMutableList()
-        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.Q) {
-            list.remove(TLS.V1_3)
-            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.JELLY_BEAN) {
-                list.remove(TLS.V1_2)
-                list.remove(TLS.V1_1)
-            }
-        }
-        this.protocols = list.map { it.id }
-    }
+    private val protocols: List<String> = protocols.filter { Build.VERSION.SDK_INT >= it.minSdk }.map { it.id }
 
     private fun setProtocols(socket: Socket): Socket {
-        if (socket is SSLSocket && isTLSServerEnabled(socket)) {
-            socket.enabledProtocols = protocols.toTypedArray()
-        }
-        return socket
-    }
-
-    private fun isTLSServerEnabled(sslSocket: SSLSocket): Boolean {
-        for (protocol in sslSocket.supportedProtocols) {
-            if (protocols.contains(protocol)) {
-                return true
+        if (socket is SSLSocket) {
+            val wantedProtocols = protocols intersect socket.supportedProtocols.toSet()
+            if (wantedProtocols.isNotEmpty()) {
+                socket.enabledProtocols = wantedProtocols.toTypedArray()
             }
         }
-        return false
+        return socket
     }
 
     override fun getDefaultCipherSuites(): Array<String> = delegate.defaultCipherSuites
diff --git a/acra-http/src/main/java/org/acra/security/TLS.kt b/acra-http/src/main/java/org/acra/security/TLS.kt
@@ -15,6 +15,11 @@
  */
 package org.acra.security
 
-enum class TLS(val id: String) {
-    V1("TLSv1"), V1_1("TLSv1.1"), V1_2("TLSv1.2"), V1_3("TLSv1.3");
+import android.os.Build
+
+enum class TLS(val id: String, val minSdk: Int) {
+    V1("TLSv1", Build.VERSION_CODES.BASE),
+    V1_1("TLSv1.1", Build.VERSION_CODES.JELLY_BEAN),
+    V1_2("TLSv1.2", Build.VERSION_CODES.JELLY_BEAN),
+    V1_3("TLSv1.3", Build.VERSION_CODES.Q);
 }
