Do not enable TLSv1 if it is not a supported protocol

facebook · Dec 21, 2017 · 6a935aa · 6a935aa
1 parent 5ea5683
commit 6a935aa
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/ReactAndroid/src/main/java/com/facebook/react/modules/network/TLSSocketFactory.java b/ReactAndroid/src/main/java/com/facebook/react/modules/network/TLSSocketFactory.java
@@ -14,6 +14,7 @@
 import java.net.UnknownHostException;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
@@ -71,7 +72,14 @@ public Socket createSocket(InetAddress address, int port, InetAddress localAddre
 
     private Socket enableTLSOnSocket(Socket socket) {
         if(socket != null && (socket instanceof SSLSocket)) {
-            ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"});
+            SSLSocket sslSocket = ((SSLSocket)socket);
+            String[] supportedProtocols = sslSocket.getSupportedProtocols();
+
+            if (Arrays.asList(supportedProtocols).contains("TLSv1")) {
+              sslSocket.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"});
+            } else {
+              sslSocket.setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
+            }
         }
         return socket;
     }