Commit 3b59cf18 authored by Andreas Schildbach's avatar Andreas Schildbach

Use restricted TLS connection spec for all endpoints we're at least in indirect control of.

parent 8c55a262
......@@ -26,6 +26,7 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
......@@ -47,6 +48,7 @@ import android.content.res.AssetManager;
import android.os.AsyncTask;
import androidx.lifecycle.LiveData;
import okhttp3.Call;
import okhttp3.ConnectionSpec;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient;
import okhttp3.Request;
......@@ -171,6 +173,7 @@ public class DynamicFeeLiveData extends LiveData<Map<FeeCategory, Coin>> {
request.header("If-Modified-Since", HttpDate.format(new Date(targetFile.lastModified())));
final OkHttpClient.Builder httpClientBuilder = Constants.HTTP_CLIENT.newBuilder();
httpClientBuilder.connectionSpecs(Arrays.asList(ConnectionSpec.RESTRICTED_TLS));
httpClientBuilder.connectTimeout(5, TimeUnit.SECONDS);
httpClientBuilder.writeTimeout(5, TimeUnit.SECONDS);
httpClientBuilder.readTimeout(5, TimeUnit.SECONDS);
......
......@@ -18,6 +18,7 @@
package de.schildbach.wallet.data;
import java.math.BigDecimal;
import java.util.Arrays;
import java.util.Currency;
import java.util.Iterator;
import java.util.Locale;
......@@ -49,7 +50,9 @@ import android.provider.BaseColumns;
import android.text.format.DateUtils;
import androidx.annotation.Nullable;
import okhttp3.Call;
import okhttp3.ConnectionSpec;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient.Builder;
import okhttp3.Request;
import okhttp3.Response;
......@@ -235,7 +238,9 @@ public class ExchangeRatesProvider extends ContentProvider {
request.url(BITCOINAVERAGE_URL);
request.header("User-Agent", userAgent);
final Call call = Constants.HTTP_CLIENT.newCall(request.build());
final Builder httpClientBuilder = Constants.HTTP_CLIENT.newBuilder();
httpClientBuilder.connectionSpecs(Arrays.asList(ConnectionSpec.RESTRICTED_TLS));
final Call call = httpClientBuilder.build().newCall(request.build());
try {
final Response response = call.execute();
if (response.isSuccessful()) {
......
......@@ -21,6 +21,7 @@ import java.io.BufferedReader;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Iterator;
import org.slf4j.Logger;
......@@ -52,7 +53,9 @@ import android.text.format.DateUtils;
import androidx.fragment.app.Fragment;
import androidx.fragment.app.FragmentManager;
import okhttp3.Call;
import okhttp3.ConnectionSpec;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient.Builder;
import okhttp3.Request;
import okhttp3.Response;
......@@ -125,7 +128,9 @@ public class AlertDialogsFragment extends Fragment {
if (userAgent != null)
request.header("User-Agent", userAgent);
final Call call = Constants.HTTP_CLIENT.newCall(request.build());
final Builder httpClientBuilder = Constants.HTTP_CLIENT.newBuilder();
httpClientBuilder.connectionSpecs(Arrays.asList(ConnectionSpec.RESTRICTED_TLS));
final Call call = httpClientBuilder.build().newCall(request.build());
backgroundHandler.post(new Runnable() {
@Override
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment