Bug #3094
update NetCipher
| Status: | New | Start date: | 03/17/2014 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | vitriolix | % Done: | 0% | |
| Category: | - | |||
| Target version: | 0.0.8 | |||
| Component: |
Description
Josh,
NetCipher master has been updated with a number of important fixes:
- - Name rebrand from OnionKit is mostly complete (except for package name)
- - better SOCKS4a/5 support, including ensuring DNS does not leak for
site name resolution
- - hardeneded SSL socket to ensure TLS is used and cipher suite order
is optimal
- - updated HTTPClient code which has some performance improvement
- - updated SpongyCastle to 1.50 which fixes some not critical but
important security fixes
What is NOT in is StrongTrustManager, as we have deprecated it for now
due to some concerns about SSL certificate verification... since
#GOTOFAIL I am even more concerned about being responsible for cert
verification misstep and so will leave that up to Android OS for now.
The other improvements we provide do still help make the connection
stronger, and we will be integrating both Pinning and Tofu/POP
(MemTrustMgr) shortly, for even more options there.
Here ya go:
https://github.com/guardianproject/NetCipher
We should update the main app and the secure uploader projects to this
as part of the next iteration of work.
Happy to help debug, answer questions, etc.
+n