# HG changeset patch # User Carl Byington # Date 1675013121 25200 # Node ID 2eb4fa13b9efbfa5b935d6441bb392ea8c72ad27 # Parent d6c107dedb04f39ed6f6b2797b14ffc7709bebd9 update 5250 encryption to allow TLS1.3, remove old SSLv2 and SSLv3 methods diff -r d6c107dedb04 -r 2eb4fa13b9ef TODO --- a/TODO Thu Nov 17 10:56:48 2022 -0700 +++ b/TODO Sun Jan 29 10:25:21 2023 -0700 @@ -82,6 +82,15 @@ ================================== TODO: + +5250 ssl uses javax.net.ssl with security providers, so that +automatically gets better with modern android releases. Remove +SSLv2 and SSLv3, change to TLSv1.2 and TLSv1.3 + +ssh uses encryption and signature algorithms from bouncycastle. +Verify those. + + change all System.*.println -> android Log.d(TAG, "") calls possible move to https://github.com/hierynomus/sshj diff -r d6c107dedb04 -r 2eb4fa13b9ef app/src/main/AndroidManifest.xml --- a/app/src/main/AndroidManifest.xml Thu Nov 17 10:56:48 2022 -0700 +++ b/app/src/main/AndroidManifest.xml Sun Jan 29 10:25:21 2023 -0700 @@ -17,8 +17,8 @@ --> diff -r d6c107dedb04 -r 2eb4fa13b9ef app/src/main/java/org/tn5250j/TN5250jConstants.java --- a/app/src/main/java/org/tn5250j/TN5250jConstants.java Thu Nov 17 10:56:48 2022 -0700 +++ b/app/src/main/java/org/tn5250j/TN5250jConstants.java Sun Jan 29 10:25:21 2023 -0700 @@ -63,17 +63,14 @@ public static final String NO_CHECK_RUNNING = "NO_CHECK_RUNNING"; public static final String START_MONITOR_THREAD = "START_MONITOR_THREAD"; -// public static final String SSL_TYPE = "TN5250J_SSL_TYPE"; public static final String SSL_TYPE = "-sslType"; public static final String SSL_TYPE_NONE = "NONE"; - public static final String SSL_TYPE_SSLv2 = "SSLv2"; - public static final String SSL_TYPE_SSLv3 = "SSLv3"; - public static final String SSL_TYPE_TLS = "TLS"; + public static final String SSL_TYPE_TLSv12 = "TLSv1.2"; + public static final String SSL_TYPE_TLSv13 = "TLSv1.3"; public static final String[] SSL_TYPES = {SSL_TYPE_NONE, - SSL_TYPE_SSLv2, - SSL_TYPE_SSLv3, - SSL_TYPE_TLS + SSL_TYPE_TLSv12, + SSL_TYPE_TLSv13, }; // Session JUMP Directions diff -r d6c107dedb04 -r 2eb4fa13b9ef app/src/main/java/org/tn5250j/framework/transport/SSLInterface.java --- a/app/src/main/java/org/tn5250j/framework/transport/SSLInterface.java Thu Nov 17 10:56:48 2022 -0700 +++ b/app/src/main/java/org/tn5250j/framework/transport/SSLInterface.java Sun Jan 29 10:25:21 2023 -0700 @@ -28,7 +28,7 @@ /** * Initialize the components required to create a new client socket * when createSSLSocket is called. - * @param sslType The ssl socket type (NONE, SSLv2, SSLv3, TLS) + * @param sslType The ssl socket type (NONE, TLSv1.2, TLSv1.3) * @param homeDirectory location of the .tn5250j subdirectory containing * the keystore * @see org.tn5250j.framework.transport.SSLConstants @@ -43,4 +43,4 @@ */ public abstract Socket createSSLSocket(String destination, int port); -} \ No newline at end of file +} diff -r d6c107dedb04 -r 2eb4fa13b9ef app/src/main/res/values/arrays.xml --- a/app/src/main/res/values/arrays.xml Thu Nov 17 10:56:48 2022 -0700 +++ b/app/src/main/res/values/arrays.xml Sun Jan 29 10:25:21 2023 -0700 @@ -29,9 +29,8 @@ NONE - SSLv2 - SSLv3 - TLS + TLSv1.2 + TLSv1.3

diff -r d6c107dedb04 -r 2eb4fa13b9ef deployment.connections --- a/deployment.connections Thu Nov 17 10:56:48 2022 -0700 +++ b/deployment.connections Sun Jan 29 10:25:21 2023 -0700 @@ -21,7 +21,7 @@ # port (integer) # monitor (string) # emulation (string) ("xterm-color", "xterm-256color", "xterm", "vt100", "ansi", "screen", or other answerback string) -# encryption5250 (string) ("NONE", "SSLv2", "SSLv3", "TLS") +# encryption5250 (string) ("NONE", "TLSv1.2", "TLSv1.3") # library5250 (string) # menu5250 (string) # program5250 (string) diff -r d6c107dedb04 -r 2eb4fa13b9ef help/About.html.in --- a/help/About.html.in Thu Nov 17 10:56:48 2022 -0700 +++ b/help/About.html.in Sun Jan 29 10:25:21 2023 -0700 @@ -1,6 +1,6 @@

510ConnectBot

This is an enhanced version of the popular open-source telnet and @@ -13,9 +13,6 @@

The complete source code for this application is available at http://www.five-ten-sg.com/510Connectbot

Bitcoin donations for this project may be sent to -bitcoin:1EkbpYhcbAwmU3L7xXPisHQdwWSyjdaY2A -

Credits

@@ -38,15 +35,15 @@

Based on the Ganymed SSH2 client provided under a BSD-style -license. Copyright © 2005 - 2006 Swiss Federal Institute of +license. Copyright © 2005-2006 Swiss Federal Institute of Technology (ETH Zurich), Department of Computer Science http://www.inf.ethz.ch, -Christian Plattner. Copyright © 2006 - 2013 Christian Plattner. +Christian Plattner. Copyright © 2006-2013 Christian Plattner. http://code.google.com/p/ganymed-ssh-2/ The Java implementations of the AES, Blowfish and 3DES ciphers have been taken (and slightly modified) from the cryptography package released by "The Legion Of The Bouncy Castle". -Copyright © 2000 - 2004 The Legion Of The Bouncy Castle +Copyright © 2000-2004 The Legion Of The Bouncy Castle http://www.bouncycastle.org The following disclaimer applies:

diff -r d6c107dedb04 -r 2eb4fa13b9ef xml/510connectbot.in --- a/xml/510connectbot.in Thu Nov 17 10:56:48 2022 -0700 +++ b/xml/510connectbot.in Sun Jan 29 10:25:21 2023 -0700 @@ -420,7 +420,7 @@ # port (integer) # monitor (string) # emulation (string) ("xterm-color", "xterm-256color", "xterm", "vt100", "ansi", "screen", or other answerback string) -# encryption5250 (string) ("NONE", "SSLv2", "SSLv3", "TLS") +# encryption5250 (string) ("NONE", "TLSv1.2", "TLSv1.3") # library5250 (string) # menu5250 (string) # program5250 (string)