Mercurial > 510Connectbot

changeset 509:2eb4fa13b9ef

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
update 5250 encryption to allow TLS1.3, remove old SSLv2 and SSLv3 methods
author Carl Byington <carl@five-ten-sg.com>
date Sun, 29 Jan 2023 10:25:21 -0700
parents d6c107dedb04
children 7953570e5210
files TODO app/src/main/AndroidManifest.xml app/src/main/java/org/tn5250j/TN5250jConstants.java app/src/main/java/org/tn5250j/framework/transport/SSLInterface.java app/src/main/res/values/arrays.xml deployment.connections help/About.html.in xml/510connectbot.in
diffstat 8 files changed, 25 insertions(+), 23 deletions(-) [+]
line wrap: on
line diff
--- a/TODO	Thu Nov 17 10:56:48 2022 -0700
+++ b/TODO	Sun Jan 29 10:25:21 2023 -0700
@@ -82,6 +82,15 @@
 ==================================
 
 TODO:
+
+5250 ssl uses javax.net.ssl with security providers, so that
+automatically gets better with modern android releases. Remove
+SSLv2 and SSLv3, change to TLSv1.2 and TLSv1.3
+
+ssh uses encryption and signature algorithms from bouncycastle.
+Verify those.
+
+
 change all System.*.println -> android Log.d(TAG, "") calls
 
 possible move to https://github.com/hierynomus/sshj
--- a/app/src/main/AndroidManifest.xml	Thu Nov 17 10:56:48 2022 -0700
+++ b/app/src/main/AndroidManifest.xml	Sun Jan 29 10:25:21 2023 -0700
@@ -17,8 +17,8 @@
 -->
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
     package="com.five_ten_sg.connectbot"
-    android:versionName="1.9.4-5"
-    android:versionCode="1945"
+    android:versionName="1.9.4-6"
+    android:versionCode="1946"
     android:installLocation="auto">
     <queries>
         <package android:name="com.five_ten_sg.connectbot.monitor" />
--- a/app/src/main/java/org/tn5250j/TN5250jConstants.java	Thu Nov 17 10:56:48 2022 -0700
+++ b/app/src/main/java/org/tn5250j/TN5250jConstants.java	Sun Jan 29 10:25:21 2023 -0700
@@ -63,17 +63,14 @@
     public static final String NO_CHECK_RUNNING = "NO_CHECK_RUNNING";
     public static final String START_MONITOR_THREAD = "START_MONITOR_THREAD";
 
-//   public static final String SSL_TYPE = "TN5250J_SSL_TYPE";
     public static final String SSL_TYPE = "-sslType";
     public static final String SSL_TYPE_NONE = "NONE";
-    public static final String SSL_TYPE_SSLv2 = "SSLv2";
-    public static final String SSL_TYPE_SSLv3 = "SSLv3";
-    public static final String SSL_TYPE_TLS = "TLS";
+    public static final String SSL_TYPE_TLSv12 = "TLSv1.2";
+    public static final String SSL_TYPE_TLSv13 = "TLSv1.3";
 
     public static final String[] SSL_TYPES = {SSL_TYPE_NONE,
-                                              SSL_TYPE_SSLv2,
-                                              SSL_TYPE_SSLv3,
-                                              SSL_TYPE_TLS
+                                              SSL_TYPE_TLSv12,
+                                              SSL_TYPE_TLSv13,
                                              };
 
     // Session JUMP Directions
--- a/app/src/main/java/org/tn5250j/framework/transport/SSLInterface.java	Thu Nov 17 10:56:48 2022 -0700
+++ b/app/src/main/java/org/tn5250j/framework/transport/SSLInterface.java	Sun Jan 29 10:25:21 2023 -0700
@@ -28,7 +28,7 @@
     /**
      * Initialize the components required to create a new client socket
      * when createSSLSocket is called.
-     * @param sslType  The ssl socket type (NONE, SSLv2, SSLv3, TLS)
+     * @param sslType  The ssl socket type (NONE, TLSv1.2, TLSv1.3)
      * @param homeDirectory  location of the .tn5250j subdirectory containing
      *                       the keystore
      * @see org.tn5250j.framework.transport.SSLConstants
@@ -43,4 +43,4 @@
      */
     public abstract Socket createSSLSocket(String destination, int port);
 
-}
\ No newline at end of file
+}
--- a/app/src/main/res/values/arrays.xml	Thu Nov 17 10:56:48 2022 -0700
+++ b/app/src/main/res/values/arrays.xml	Sun Jan 29 10:25:21 2023 -0700
@@ -29,9 +29,8 @@
 
 	<string-array name="list_5250_encryption_modes" translatable="false">
 		<item>NONE</item>
-		<item>SSLv2</item>
-		<item>SSLv3</item>
-		<item>TLS</item>
+		<item>TLSv1.2</item>
+		<item>TLSv1.3</item>
 	</string-array>
 
 	<string-array name="list_rotation" translatable="false">
--- a/deployment.connections	Thu Nov 17 10:56:48 2022 -0700
+++ b/deployment.connections	Sun Jan 29 10:25:21 2023 -0700
@@ -21,7 +21,7 @@
 # port              (integer)
 # monitor           (string)
 # emulation         (string)    ("xterm-color", "xterm-256color", "xterm", "vt100", "ansi", "screen", or other answerback string)
-# encryption5250    (string)    ("NONE", "SSLv2", "SSLv3", "TLS")
+# encryption5250    (string)    ("NONE", "TLSv1.2", "TLSv1.3")
 # library5250       (string)
 # menu5250          (string)
 # program5250       (string)
--- a/help/About.html.in	Thu Nov 17 10:56:48 2022 -0700
+++ b/help/About.html.in	Sun Jan 29 10:25:21 2023 -0700
@@ -1,6 +1,6 @@
 <h2>510ConnectBot</h2>
 
-<p>Copyright &copy; 2015 Carl Byington
+<p>Copyright &copy; 2015-2023 Carl Byington
 &lt;carl@five-ten-sg.com&gt;</p>
 
 <p>This is an enhanced version of the popular open-source telnet and
@@ -13,9 +13,6 @@
 <p>The complete source code for this application is available at
 <a href="http://www.five-ten-sg.com/510Connectbot">http://www.five-ten-sg.com/510Connectbot</a></p>
 
-<p>Bitcoin donations for this project may be sent to
-<a href="bitcoin:1EkbpYhcbAwmU3L7xXPisHQdwWSyjdaY2A">bitcoin:1EkbpYhcbAwmU3L7xXPisHQdwWSyjdaY2A</a>
-
 <h2>Credits</h2>
 
 <p>
@@ -38,15 +35,15 @@
 
 <p>
 Based on the Ganymed SSH2 client provided under a BSD-style
-license. Copyright &copy; 2005 - 2006 Swiss Federal Institute of
+license. Copyright &copy; 2005-2006 Swiss Federal Institute of
 Technology (ETH Zurich), Department of Computer
 Science <a href="http://www.inf.ethz.ch">http://www.inf.ethz.ch</a>,
-Christian Plattner.  Copyright &copy; 2006 - 2013 Christian Plattner.
+Christian Plattner.  Copyright &copy; 2006-2013 Christian Plattner.
 <a href="http://code.google.com/p/ganymed-ssh-2/">http://code.google.com/p/ganymed-ssh-2/</a>
 The Java implementations of the AES, Blowfish and 3DES ciphers have been
 taken (and slightly modified) from the cryptography package released by
 "The Legion Of The Bouncy Castle".
-Copyright &copy; 2000 - 2004 The Legion Of The Bouncy Castle
+Copyright &copy; 2000-2004 The Legion Of The Bouncy Castle
 <a href="http://www.bouncycastle.org">http://www.bouncycastle.org</a>
 The following disclaimer applies:
 </p>
--- a/xml/510connectbot.in	Thu Nov 17 10:56:48 2022 -0700
+++ b/xml/510connectbot.in	Sun Jan 29 10:25:21 2023 -0700
@@ -420,7 +420,7 @@
 # port              (integer)
 # monitor           (string)
 # emulation         (string)    ("xterm-color", "xterm-256color", "xterm", "vt100", "ansi", "screen", or other answerback string)
-# encryption5250    (string)    ("NONE", "SSLv2", "SSLv3", "TLS")
+# encryption5250    (string)    ("NONE", "TLSv1.2", "TLSv1.3")
 # library5250       (string)
 # menu5250          (string)
 # program5250       (string)