SCSV support

This adds the TLS fallback SCSV token.

Bug: 17750026
(cherry-picked from commit e256f2c51cf406843a7ed0364399f79a63a085f6)

Change-Id: I9ca3e12a8a430e647bd5421fb6fee32dba360a8c

Author: nfuller

android/main/java/com/squareup/okhttp/internal/Platform.java

@@ -72,6 +72,27 @@ public void enableTlsExtensions(SSLSocket socket, String uriHost) {
     }
 
     public void supportTlsIntolerantServer(SSLSocket socket) {
+        // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
+        // the SCSV cipher is added to signal that a protocol fallback has taken place.
+        final String fallbackScsv = "TLS_FALLBACK_SCSV";
+        boolean socketSupportsFallbackScsv = false;
+        String[] supportedCipherSuites = socket.getSupportedCipherSuites();
+        for (int i = supportedCipherSuites.length - 1; i >= 0; i--) {
+            String supportedCipherSuite = supportedCipherSuites[i];
+            if (fallbackScsv.equals(supportedCipherSuite)) {
+                socketSupportsFallbackScsv = true;
+                break;
+            }
+        }
+        if (socketSupportsFallbackScsv) {
+            // Add the SCSV cipher to the set of enabled ciphers.
+            String[] enabledCipherSuites = socket.getEnabledCipherSuites();
+            String[] newEnabledCipherSuites = new String[enabledCipherSuites.length + 1];
+            System.arraycopy(enabledCipherSuites, 0,
+                    newEnabledCipherSuites, 0, enabledCipherSuites.length);
+            newEnabledCipherSuites[newEnabledCipherSuites.length - 1] = fallbackScsv;
+            socket.setEnabledCipherSuites(newEnabledCipherSuites);
+        }
         socket.setEnabledProtocols(new String[]{"SSLv3"});
     }