Closed Bug 722561 Opened 8 years ago Closed 8 years ago

TLSSocketFactory.java always returns that a socket is secure

Categories

(Firefox for Android :: Android Sync, defect, P3)

ARM
Android
defect

Tracking

()

RESOLVED FIXED
mozilla13

People

(Reporter: dchanm+bugzilla, Assigned: nalexander)

References

Details

(Whiteboard: [qa-])

Although the spec defines that TLS/SSL sockets are always secure [1], we may want to perform additional checks based on whether setEnabledCipherSuites() failed or not. [2]

[1] - http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html#isSecure%28java.net.Socket%29
[2] - https://github.com/mozilla-services/android-sync/blob/develop/src/main/java/org/mozilla/gecko/sync/net/TLSSocketFactory.java#L103
Priority: -- → P3
Blocks: 723230
Assignee: nobody → nalexander
Fixed in develop:

https://github.com/mozilla-services/android-sync/commit/ddae1852b022d27b6e30c8017df5ecd9e1274a86
Blocks: 724328
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
wrt the original direction of the bug: I'm pretty happy just allowing the default implementation to decide whether the negotiated connection was secure.

If setting the cipher suites failed, we'll just use a less-preferred one (which is probably the one we prefer, just under a different name). At no point will we negotiate a non-secure connection.
Whiteboard: [qa-]
Product: Mozilla Services → Android Background Services
Product: Android Background Services → Firefox for Android
You need to log in before you can comment on or make changes to this bug.