From 4fac719eeab93ccfb3627054b4bcf740699dd5d0 Mon Sep 17 00:00:00 2001
From: pm47 <pm.padiou@gmail.com>
Date: Thu, 3 Oct 2019 13:39:14 +0200
Subject: [PATCH 1/4] bump netty version to 4.1.32

---
 eclair-core/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eclair-core/pom.xml b/eclair-core/pom.xml
index 21478aa0ea..8655ac291d 100644
--- a/eclair-core/pom.xml
+++ b/eclair-core/pom.xml
@@ -147,7 +147,7 @@
         <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-all</artifactId>
-            <version>4.1.32.Final</version>
+            <version>4.1.42.Final</version>
         </dependency>
         <!-- BITCOIN -->
         <dependency>

From 527c0921cadaf2d4bc99d9b91eb59ebcade0bd22 Mon Sep 17 00:00:00 2001
From: pm47 <pm.padiou@gmail.com>
Date: Thu, 3 Oct 2019 13:40:03 +0200
Subject: [PATCH 2/4] explicitely set endpoint identification algorithm in
 strict mode

---
 .../acinq/eclair/blockchain/electrum/ElectrumClient.scala   | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala b/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
index b60662583d..88b11745c3 100644
--- a/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
+++ b/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
@@ -67,7 +67,11 @@ class ElectrumClient(serverAddress: InetSocketAddress, ssl: SSL)(implicit val ec
         case SSL.OFF => ()
         case SSL.STRICT =>
           val sslCtx = SslContextBuilder.forClient.build
-          ch.pipeline.addLast(sslCtx.newHandler(ch.alloc(), serverAddress.getHostName, serverAddress.getPort))
+          val handler = sslCtx.newHandler(ch.alloc(), serverAddress.getHostName, serverAddress.getPort)
+          val sslParameters = handler.engine().getSSLParameters
+          sslParameters.setEndpointIdentificationAlgorithm("HTTPS")
+          handler.engine().setSSLParameters(sslParameters)
+          ch.pipeline.addLast(handler)
         case SSL.LOOSE =>
           // INSECURE VERSION THAT DOESN'T CHECK CERTIFICATE
           val sslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build()

From bf21f0fcdad8ce53168257a54380c5122c8dc9f5 Mon Sep 17 00:00:00 2001
From: pm47 <pm.padiou@gmail.com>
Date: Thu, 3 Oct 2019 14:13:09 +0200
Subject: [PATCH 3/4] force TLS protocols 1.2/1.3 in strict mode

---
 .../fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala b/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
index 88b11745c3..8b9c913783 100644
--- a/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
+++ b/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
@@ -71,6 +71,7 @@ class ElectrumClient(serverAddress: InetSocketAddress, ssl: SSL)(implicit val ec
           val sslParameters = handler.engine().getSSLParameters
           sslParameters.setEndpointIdentificationAlgorithm("HTTPS")
           handler.engine().setSSLParameters(sslParameters)
+          handler.engine.setEnabledProtocols(Array[String]("TLSv1.2", "TLSv1.3"))
           ch.pipeline.addLast(handler)
         case SSL.LOOSE =>
           // INSECURE VERSION THAT DOESN'T CHECK CERTIFICATE

From 4bb7218e97b176797a34755011626a018ae627fb Mon Sep 17 00:00:00 2001
From: Pierre-Marie Padiou <pm47@users.noreply.github.com>
Date: Thu, 3 Oct 2019 14:43:41 +0200
Subject: [PATCH 4/4] consistency with use of parentheses

Co-Authored-By: Bastien Teinturier <31281497+t-bast@users.noreply.github.com>
---
 .../fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala b/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
index 8b9c913783..2da34e01f0 100644
--- a/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
+++ b/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
@@ -71,7 +71,7 @@ class ElectrumClient(serverAddress: InetSocketAddress, ssl: SSL)(implicit val ec
           val sslParameters = handler.engine().getSSLParameters
           sslParameters.setEndpointIdentificationAlgorithm("HTTPS")
           handler.engine().setSSLParameters(sslParameters)
-          handler.engine.setEnabledProtocols(Array[String]("TLSv1.2", "TLSv1.3"))
+          handler.engine().setEnabledProtocols(Array[String]("TLSv1.2", "TLSv1.3"))
           ch.pipeline.addLast(handler)
         case SSL.LOOSE =>
           // INSECURE VERSION THAT DOESN'T CHECK CERTIFICATE