Switched to TlsSSLSocketFactory from PaulBetts repo

anaisbetts#210

src/ModernHttpClient/Android/OkHttpNetworkHandler.cs

@@ -31,7 +31,6 @@ public class NativeMessageHandler : HttpClientHandler
         public bool DisableCaching { get; set; }
 
         public NativeMessageHandler() : this(false, false) {
-            client.SetSslSocketFactory(new ImprovedSSLSocketFactory());
         }
 
         public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null)
@@ -41,7 +40,11 @@ public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerificati
             if (customSSLVerification) client.SetHostnameVerifier(new HostnameVerifier());
             noCacheCacheControl = (new CacheControl.Builder()).NoCache().Build();
 
-            client.SetSslSocketFactory(new ImprovedSSLSocketFactory());
+            // If less than Android Lollipop
+            if (((int)Build.VERSION.SdkInt) < 21)
+            {
+                client.SetSslSocketFactory(new TlsSSLSocketFactory());
+            }
         }
 
         public void RegisterForProgress(HttpRequestMessage request, ProgressDelegate callback)
@@ -207,7 +210,7 @@ class HostnameVerifier : Java.Lang.Object, IHostnameVerifier
 
         public bool Verify(string hostname, ISSLSession session)
         {
-            return verifyServerCertificate(hostname, session) & verifyClientCiphers(hostname, session);
+            return verifyServerCertificate(hostname, session);
         }
 
         /// <summary>
@@ -270,23 +273,6 @@ static bool verifyServerCertificate(string hostname, ISSLSession session)
             // Call the delegate to validate
             return ServicePointManager.ServerCertificateValidationCallback(hostname, root, chain, errors);
         }
-
-        /// <summary>
-        /// Verifies client ciphers and is only available in Mono and Xamarin products.
-        /// </summary>
-        /// <returns><c>true</c>, if client ciphers was verifyed, <c>false</c> otherwise.</returns>
-        /// <param name="hostname"></param>
-        /// <param name="session"></param>
-        static bool verifyClientCiphers(string hostname, ISSLSession session)
-        {
-            return true;
-            //var callback = ServicePointManager.ClientCipherSuitesCallback;
-            //if (callback == null) return true;
-
-            //var protocol = session.Protocol.StartsWith("SSL", StringComparison.InvariantCulture) ? SecurityProtocolType.Ssl3 : SecurityProtocolType.Tls;
-            //var acceptedCiphers = callback(protocol, new[] { session.CipherSuite });
-
-            //return acceptedCiphers.Contains(session.CipherSuite);
-        }
+
     }
 }

src/ModernHttpClient/Android/ImprovedSSLSocketFactory.cs → src/ModernHttpClient/Android/TlsSSLSocketFactory.cs

@@ -13,70 +13,75 @@
 
 namespace ModernHttpClient
 {
-    internal class ImprovedSSLSocketFactory : SSLSocketFactory
+    public class TlsSSLSocketFactory : SSLSocketFactory
     {
-        SSLSocketFactory _factory = (SSLSocketFactory)Default;
+        readonly SSLSocketFactory factory = (SSLSocketFactory)Default;
 
         public override string[] GetDefaultCipherSuites()
         {
-            return _factory.GetDefaultCipherSuites();
+            return factory.GetDefaultCipherSuites();
         }
 
         public override string[] GetSupportedCipherSuites()
         {
-            return _factory.GetSupportedCipherSuites();
+            return factory.GetSupportedCipherSuites();
         }
-
         public override Java.Net.Socket CreateSocket(Java.Net.InetAddress address, int port, Java.Net.InetAddress localAddress, int localPort)
         {
-            SSLSocket socket = (SSLSocket)_factory.CreateSocket(address, port, localAddress, localPort);
+            SSLSocket socket = (SSLSocket)factory.CreateSocket(address, port, localAddress, localPort);
             socket.SetEnabledProtocols(socket.GetSupportedProtocols());
+            socket.SetEnabledCipherSuites(socket.GetSupportedCipherSuites());
 
             return socket;
         }
 
         public override Java.Net.Socket CreateSocket(Java.Net.InetAddress host, int port)
         {
-            SSLSocket socket = (SSLSocket)_factory.CreateSocket(host, port);
+            SSLSocket socket = (SSLSocket)factory.CreateSocket(host, port);
             socket.SetEnabledProtocols(socket.GetSupportedProtocols());
+            socket.SetEnabledCipherSuites(socket.GetSupportedCipherSuites());
 
             return socket;
         }
 
         public override Java.Net.Socket CreateSocket(string host, int port, Java.Net.InetAddress localHost, int localPort)
         {
-            SSLSocket socket = (SSLSocket)_factory.CreateSocket(host, port, localHost, localPort);
+            SSLSocket socket = (SSLSocket)factory.CreateSocket(host, port, localHost, localPort);
             socket.SetEnabledProtocols(socket.GetSupportedProtocols());
+            socket.SetEnabledCipherSuites(socket.GetSupportedCipherSuites());
 
             return socket;
         }
 
         public override Java.Net.Socket CreateSocket(string host, int port)
         {
-            SSLSocket socket = (SSLSocket)_factory.CreateSocket(host, port);
+            SSLSocket socket = (SSLSocket)factory.CreateSocket(host, port);
             socket.SetEnabledProtocols(socket.GetSupportedProtocols());
+            socket.SetEnabledCipherSuites(socket.GetSupportedCipherSuites());
 
             return socket;
         }
 
         public override Java.Net.Socket CreateSocket(Java.Net.Socket s, string host, int port, bool autoClose)
         {
-            SSLSocket socket = (SSLSocket)_factory.CreateSocket(s, host, port, autoClose);
+            SSLSocket socket = (SSLSocket)factory.CreateSocket(s, host, port, autoClose);
             socket.SetEnabledProtocols(socket.GetSupportedProtocols());
+            socket.SetEnabledCipherSuites(socket.GetSupportedCipherSuites());
 
             return socket;
         }
 
         protected override void Dispose(bool disposing)
         {
-            _factory.Dispose();
+            factory.Dispose();
             base.Dispose(disposing);
         }
 
         public override Java.Net.Socket CreateSocket()
         {
-            SSLSocket socket = (SSLSocket)_factory.CreateSocket();
+            SSLSocket socket = (SSLSocket)factory.CreateSocket();
             socket.SetEnabledProtocols(socket.GetSupportedProtocols());
+            socket.SetEnabledCipherSuites(socket.GetSupportedCipherSuites());
 
             return socket;
         }

src/ModernHttpClient/ModernHttpClient.Android.csproj

@@ -53,7 +53,7 @@
     <Reference Include="System.Core" />
     <Reference Include="System.Net.Http" />
     <Reference Include="Mono.Android" />
-    <Compile Include="Android\ImprovedSSLSocketFactory.cs" />
+    <Compile Include="Android\TlsSSLSocketFactory.cs" />
     <Compile Include="Resources\Resource.designer.cs" />
     <Compile Include="Android\OkHttpNetworkHandler.cs" />
     <None Include="packages.config" />

src/Playground.Android/MainActivity.cs

@@ -125,9 +125,7 @@ protected override void OnCreate (Bundle bundle)
                     await stream.CopyToAsync(ms, 4096, currentToken.Token);
                     var bytes = ms.ToArray();
 
-                    var s = Encoding.UTF8.GetString(bytes);
-
-                    result.Text = String.Format("Read {0} bytes from {1}: {2}", bytes.Length, resp.Headers.Location, s);
+                    result.Text = String.Format("Read {0} bytes from {1}", bytes.Length, resp.Headers.Location);
 
                     var md5 = MD5.Create();
                     var hash = md5.ComputeHash(bytes);