Closed Bug 722561 Opened 10 years ago Closed 10 years ago
Factory .java always returns that a socket is secure
Although the spec defines that TLS/SSL sockets are always secure , we may want to perform additional checks based on whether setEnabledCipherSuites() failed or not.   - http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html#isSecure%28java.net.Socket%29  - https://github.com/mozilla-services/android-sync/blob/develop/src/main/java/org/mozilla/gecko/sync/net/TLSSocketFactory.java#L103
Fixed in develop: https://github.com/mozilla-services/android-sync/commit/ddae1852b022d27b6e30c8017df5ecd9e1274a86
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
wrt the original direction of the bug: I'm pretty happy just allowing the default implementation to decide whether the negotiated connection was secure. If setting the cipher suites failed, we'll just use a less-preferred one (which is probably the one we prefer, just under a different name). At no point will we negotiate a non-secure connection.
Target Milestone: --- → mozilla13
Product: Mozilla Services → Android Background Services
You need to log in before you can comment on or make changes to this bug.