2 files changed, 23 insertions, 2 deletions

diff --git a/repackaged/common/src/main/java/com/android/org/conscrypt/SSLParametersImpl.java b/repackaged/common/src/main/java/com/android/org/conscrypt/SSLParametersImpl.java
index 93bdc4f8..9130380f 100644
--- a/repackaged/common/src/main/java/com/android/org/conscrypt/SSLParametersImpl.java
+++ b/repackaged/common/src/main/java/com/android/org/conscrypt/SSLParametersImpl.java
@@ -146,8 +146,19 @@ final class SSLParametersImpl implements Cloneable {
         }
 
         // initialize the list of cipher suites and protocols enabled by default
-        enabledProtocols = NativeCrypto.checkEnabledProtocols(
-                protocols == null ? NativeCrypto.getDefaultProtocols() : protocols).clone();
+        if (protocols == null) {
+          enabledProtocols = NativeCrypto.getDefaultProtocols().clone();
+        } else {
+            String[] filteredProtocols =
+                    filterFromProtocols(protocols, Arrays.asList(Platform.isTlsV1Supported()
+                        ? new String[0]
+                        : new String[] {
+                            NativeCrypto.DEPRECATED_PROTOCOL_TLSV1,
+                            NativeCrypto.DEPRECATED_PROTOCOL_TLSV1_1,
+                        }));
+            isEnabledProtocolsFiltered = protocols.length != filteredProtocols.length;
+            enabledProtocols = NativeCrypto.checkEnabledProtocols(filteredProtocols).clone();
+        }
         boolean x509CipherSuitesNeeded = (x509KeyManager != null) || (x509TrustManager != null);
         boolean pskCipherSuitesNeeded = pskKeyManager != null;
         enabledCipherSuites = getDefaultCipherSuites(
diff --git a/repackaged/common/src/test/java/com/android/org/conscrypt/javax/net/ssl/SSLContextTest.java b/repackaged/common/src/test/java/com/android/org/conscrypt/javax/net/ssl/SSLContextTest.java
index 5f382d19..fedae1f9 100644
--- a/repackaged/common/src/test/java/com/android/org/conscrypt/javax/net/ssl/SSLContextTest.java
+++ b/repackaged/common/src/test/java/com/android/org/conscrypt/javax/net/ssl/SSLContextTest.java
@@ -123,6 +123,16 @@ public class SSLContextTest {
     }
 
     @Test
+    public void test_SSLContext_allProtocols() throws Exception {
+        SSLConfigurationAsserts.assertSSLContextDefaultConfiguration(SSLContext.getDefault());
+
+        for (String protocol : StandardNames.SSL_CONTEXT_PROTOCOLS_ALL) {
+            SSLContext sslContext = SSLContext.getInstance(protocol);
+            sslContext.init(null, null, null);
+        }
+    }
+
+    @Test
     public void test_SSLContext_pskOnlyConfiguration_defaultProviderOnly() throws Exception {
         // Test the scenario where only a PSKKeyManager is provided and no TrustManagers are
         // provided.