klemens/default-protocols.diff Secret

## default-protocols.diff
diff --git a/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java b/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
index 0eedf6f..d4b9c5e 100644
--- a/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
+++ b/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
@@ -48,10 +48,7 @@ public class TlsSniSocketFactory extends SSLConnectionSocketFactory {
 			/* set reasonable protocol versions */
 			// - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <5.0)
 			// - remove all SSL versions (especially SSLv3) because they're insecure now
-			List<String> protocols = new LinkedList<>();
-			for (String protocol : socket.getSupportedProtocols())
-				if (!protocol.toUpperCase().contains("SSL"))
-					protocols.add(protocol);
+			List<String> protocols = Arrays.asList(socket.getEnabledProtocols());
 			Log.v(TAG, "Setting allowed TLS protocols: " + StringUtils.join(protocols, ", "));
 			TlsSniSocketFactory.protocols = protocols.toArray(new String[protocols.size()]);


## tls1-tls1.1-protocols.diff
diff --git a/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java b/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
index 0eedf6f..6b50292 100644
--- a/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
+++ b/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
@@ -50,7 +50,7 @@ public class TlsSniSocketFactory extends SSLConnectionSocketFactory {
 			// - remove all SSL versions (especially SSLv3) because they're insecure now
 			List<String> protocols = new LinkedList<>();
 			for (String protocol : socket.getSupportedProtocols())
-				if (!protocol.toUpperCase().contains("SSL"))
+				if (!protocol.toUpperCase().contains("SSL") && !protocol.equals("TLSv1.2"))
 					protocols.add(protocol);
 			Log.v(TAG, "Setting allowed TLS protocols: " + StringUtils.join(protocols, ", "));
 			TlsSniSocketFactory.protocols = protocols.toArray(new String[protocols.size()]);
	diff --git a/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java b/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
	index 0eedf6f..d4b9c5e 100644
	--- a/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
	+++ b/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
	@@ -48,10 +48,7 @@ public class TlsSniSocketFactory extends SSLConnectionSocketFactory {
	/* set reasonable protocol versions */
	// - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <5.0)
	// - remove all SSL versions (especially SSLv3) because they're insecure now
	- List<String> protocols = new LinkedList<>();
	- for (String protocol : socket.getSupportedProtocols())
	- if (!protocol.toUpperCase().contains("SSL"))
	- protocols.add(protocol);
	+ List<String> protocols = Arrays.asList(socket.getEnabledProtocols());
	Log.v(TAG, "Setting allowed TLS protocols: " + StringUtils.join(protocols, ", "));
	TlsSniSocketFactory.protocols = protocols.toArray(new String[protocols.size()]);
	diff --git a/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java b/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
	index 0eedf6f..6b50292 100644
	--- a/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
	+++ b/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
	@@ -50,7 +50,7 @@ public class TlsSniSocketFactory extends SSLConnectionSocketFactory {
	// - remove all SSL versions (especially SSLv3) because they're insecure now
	List<String> protocols = new LinkedList<>();
	for (String protocol : socket.getSupportedProtocols())
	- if (!protocol.toUpperCase().contains("SSL"))
	+ if (!protocol.toUpperCase().contains("SSL") && !protocol.equals("TLSv1.2"))
	protocols.add(protocol);
	Log.v(TAG, "Setting allowed TLS protocols: " + StringUtils.join(protocols, ", "));
	TlsSniSocketFactory.protocols = protocols.toArray(new String[protocols.size()]);