Closed Bug 722561 Opened 13 years ago Closed 13 years ago

TLSSocketFactory.java always returns that a socket is secure

Categories

(Firefox for Android Graveyard :: Android Sync, defect, P3)

Product:
Firefox for Android Graveyard
Component:
Android Sync
Platform:
ARM
Android
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla13

People

(Reporter: dchanm+bugzilla, Assigned: nalexander)

References

Details

(Whiteboard: [qa-])

Although the spec defines that TLS/SSL sockets are always secure [1], we may want to perform additional checks based on whether setEnabledCipherSuites() failed or not. [2] [1] - http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html#isSecure%28java.net.Socket%29 [2] - https://github.com/mozilla-services/android-sync/blob/develop/src/main/java/org/mozilla/gecko/sync/net/TLSSocketFactory.java#L103
Priority: -- → P3
Blocks: 723230
Assignee: nobody → nalexander
Fixed in develop: https://github.com/mozilla-services/android-sync/commit/ddae1852b022d27b6e30c8017df5ecd9e1274a86
Blocks: 724328
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
wrt the original direction of the bug: I'm pretty happy just allowing the default implementation to decide whether the negotiated connection was secure. If setting the cipher suites failed, we'll just use a less-preferred one (which is probably the one we prefer, just under a different name). At no point will we negotiate a non-secure connection.
Whiteboard: [qa-]
Product: Mozilla Services → Android Background Services
Product: Android Background Services → Firefox for Android
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.