GitLab

RC4 has been deprecated for a while. It's now time to no longer use it
by default. Mozilla Firefox and Chrome web browsers have already made
the leap.

Bug: 24898327

(cherry picked from commit 751965bd)

Change-Id: I63fb45fe62b594ba6311d42be26e214adbab5c20

The default is changing to v52 (1.8).

The build for this package uses jarjar to repackage .class files.

The version of jarjar in the Android tree does not currently
support v52 .class files.

Bug: 26753820
Change-Id: Id15d7a9b7dc7e32d516b259b34f96430e34a44fc

am: 024b696e

* commit '024b696e':
  Fix OID for SHA224WithRSA

am: 8ed5338f

* commit '8ed5338f':
  Fix OID for SHA224WithRSA

Bug: 26390415
Change-Id: I0cdcb75ba1459c747e5c88452d41a573aada4c7e

am: 3439131b

* commit '3439131b':
  Add support for honoring cipher list order

am: 5666bf8f

* commit '5666bf8f':
  Add support for honoring cipher list order

am: 16b26ebf

* commit '16b26ebf':
  Add support for SNI API

am: 6f4ce164

* commit '6f4ce164':
  Add support for SNI API

This allows to specify that a server's cipher suite list order should be
respected and preserved over the client's cipher suite list order.

Change-Id: I7f760e9b5fbc8ab6e4c9d29221c64b510498e95f

This adds support for retrieving SNI name as a server and setting SNI name
as a client. It currently doesn't implement use of the SNIMatcher API.

Change-Id: I4f76fcbd96bd7c3398532f3858bbdd0d06103082

am: 5d827183

* commit '5d827183':
  X509 certificates: exception for no Signature provider found

am: 3892ccde

* commit '3892ccde':
  X509 certificates: exception for no Signature provider found

If the X.509 certificate's signature algorithm OID is not satisfied by
any provider registered, a NoSuchAlgorithmException should be thrown.
The previous behavior was an unchecked NullPointerException was thrown
during the attempt to set up the (actually null) signature instance.

Bug: 26954162
Change-Id: Iac3e27c823580738a54d75a45d39411456934dd5

Change-Id: Ibf746a1c9d459e87aca1a63b7aef54e6ab262445

am: 50dcd032

* commit '50dcd032':
  Add handshake session and ExtendedX509TrustManager support

This enables the new API to specify when a host should be verified by
hostname. Before there was no public API that was capable of indicating
to the TrustManager which DNS hostname you were intending to connect
with.

Change-Id: Ic5845d1e93f02b54d971673a280d0a3571739fbf

am: 84ea487b

* commit '84ea487b':
  Add getFileDescriptor$ call for compat

am: 346d38ac

* commit '346d38ac':
  Add getFileDescriptor$ call for compat

Newer Android versions have implemented getFileDescriptor$ to fix a bug
in Conscrypt since libcore commit
5d3f5200f3511c9a7107bcc0a996c7afa1b39aaf which has continued to do the
right thing. Use this method instead since newer versions don't
necessarily set the "impl" field on Socket instances.

Bug: 25857624
Change-Id: I64fbda844ea3b632023822f1436bd674852e327a

am: 84fa713b

* commit '84fa713b':
  Revert "Revert "Add ExtendedSSLSession, et al.""

am: ce18fe69

* commit 'ce18fe69':
  Revert "Revert "Add ExtendedSSLSession, et al.""

This reverts commit 132c311d.

Some stubs were neded to allow building on unbundled builds.

Change-Id: I713d00923eecac7e323d53e561cf509794cc4fd4

am: 85ef1e25

* commit '85ef1e25':
  Revert "Add ExtendedSSLSession, et al."

am: 132c311d

* commit '132c311d':
  Revert "Add ExtendedSSLSession, et al."

This reverts commit 38d12ed4.

This breaks the unbundled build because of OpenSSLExtendedSessionImpl.

Change-Id: I73951a6f1d5cb14c70cd807c2c895bbbdc4c8e40

am: b12cf067

* commit 'b12cf067':
  Add ExtendedSSLSession, et al.

am: 38d12ed4

* commit '38d12ed4':
  Add ExtendedSSLSession, et al.

In order to support SNI certificate selection of the server-side and
enhanced certificate verification on the client side, we add
ExtendedSSLSession and the getHandshakeSession support.

This is just to set up for future implementations of SNI and
ExtendedX509TrustManager and doesn't actually implement the logic needed
to fully support the new features.

Change-Id: I300d3134d8ab9c184d6473183612dc53658a8221

am: 0278b99b

* commit '0278b99b':
  Add ChaCha20-Poly1305 as an enabled cipher suite

am: 6f9dffd8

* commit '6f9dffd8':
  Add ChaCha20-Poly1305 as an enabled cipher suite

Change-Id: Idc143d37c63cf3436ccdddc22abcb11802fc6615