Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set application protocols on Android does not actually do the configuration #832

Open
voidzcy opened this issue Apr 15, 2020 · 2 comments
Open

Set application protocols on Android does not actually do the configuration #832

voidzcy opened this issue Apr 15, 2020 · 2 comments
Assignees
@prbprbprb
Labels
bug

Comments

@voidzcy
Copy link

voidzcy commented Apr 15, 2020

On Android platform (with FileDescriptorSocket), setting application protocols (via SSLParameters#setApplicationProtocols(...)) does not actually do the configuration. Looking at how it is implemented at

conscrypt/android/src/main/java/org/conscrypt/Platform.java

Lines 224 to 233 in 8e79804

private static void setSSLParametersOnImpl(SSLParameters params, SSLParametersImpl impl)
throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
Method m_getEndpointIdentificationAlgorithm =
params.getClass().getMethod("getEndpointIdentificationAlgorithm");
impl.setEndpointIdentificationAlgorithm(
(String) m_getEndpointIdentificationAlgorithm.invoke(params));
Method m_getUseCipherSuitesOrder = params.getClass().getMethod("getUseCipherSuitesOrder");
impl.setUseCipherSuitesOrder((boolean) m_getUseCipherSuitesOrder.invoke(params));
}

application protocols are never put into SSLParametersImpl. This causes protocol configuration using SSLParameters API fail on Android.
@voidzcy voidzcy changed the title setSSLParameters does not setApplicationProtocols on Android Set application protocols on Android does not actually do the configuration Apr 15, 2020
@ejona86
Copy link

ejona86 commented Apr 15, 2020

Note that this is especially a problem because SSLSocket.getApplicationProtocols() does not throw UnsupportedOperationException. That exception is the way for callers to determine if the particular SSLSocket supports the Java 9 ALPN API. So Conscrypt "claims" to support the Java 9 ALPN API but then doesn't actually support the setter.

@ejona86 ejona86 mentioned this issue Apr 15, 2020
Merged
@prbprbprb prbprbprb self-assigned this Apr 15, 2020
@prbprbprb prbprbprb added the bug label Apr 15, 2020
@prbprbprb
Copy link
Collaborator

Good catch, thanks! It looks there are other inconsistencies around SNI between the three implementations (Android, Android Platform and OpenJDK).

This was referenced Feb 2, 2021
Merged
Closed
Open
Closed
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Feb 9, 2021
Open
Closed
Closed
Closed
Open
Closed
Closed
Closed
Open
fixmebot bot referenced this issue in aomsw13/develop_test Apr 12, 2021
@testfixme
Update readme.md
70b8890
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prbprbprb prbprbprb

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@voidzcy @ejona86 @prbprbprb