public final class ConnectionSpec extends Object
https:
URLs, this includes the TLS version and cipher suites to use when negotiating a secure
connection.
The TLS versions configured in a connection spec are only be used if they are also enabled in the SSL socket. For example, if an SSL socket does not have TLS 1.3 enabled, it will not be used even if it is present on the connection spec. The same policy also applies to cipher suites.
Use ConnectionSpec.Builder.allEnabledTlsVersions()
and ConnectionSpec.Builder.allEnabledCipherSuites()
to
defer all feature selection to the underlying SSL socket.
The configuration of each spec changes with each OkHttp release. This is annoying: upgrading your OkHttp library can break connectivity to certain web servers! But it’s a necessary annoyance because the TLS ecosystem is dynamic and staying up to date is necessary to stay secure. See OkHttp's TLS Configuration History to track these changes.
Modifier and Type | Class and Description |
---|---|
static class |
ConnectionSpec.Builder |
Modifier and Type | Field and Description |
---|---|
static ConnectionSpec |
CLEARTEXT
Unencrypted, unauthenticated connections for
http: URLs. |
static ConnectionSpec |
COMPATIBLE_TLS
A backwards-compatible fallback configuration that works on obsolete client platforms and can
connect to obsolete servers.
|
static ConnectionSpec |
MODERN_TLS
A modern TLS configuration that works on most client platforms and can connect to most servers.
|
static ConnectionSpec |
RESTRICTED_TLS
A secure TLS connection that requires a recent client platform and a recent server.
|
Modifier and Type | Method and Description |
---|---|
List<CipherSuite> |
cipherSuites()
Returns the cipher suites to use for a connection.
|
boolean |
equals(Object other) |
int |
hashCode() |
boolean |
isCompatible(SSLSocket socket)
Returns
true if the socket, as currently configured, supports this connection spec. |
boolean |
isTls() |
boolean |
supportsTlsExtensions() |
List<TlsVersion> |
tlsVersions()
Returns the TLS versions to use when negotiating a connection.
|
String |
toString() |
public static final ConnectionSpec RESTRICTED_TLS
public static final ConnectionSpec MODERN_TLS
public static final ConnectionSpec COMPATIBLE_TLS
public static final ConnectionSpec CLEARTEXT
http:
URLs.public boolean isTls()
@Nullable public List<CipherSuite> cipherSuites()
@Nullable public List<TlsVersion> tlsVersions()
public boolean supportsTlsExtensions()
public boolean isCompatible(SSLSocket socket)
true
if the socket, as currently configured, supports this connection spec. In
order for a socket to be compatible the enabled cipher suites and protocols must intersect.
For cipher suites, at least one of the required cipher suites
must
match the socket's enabled cipher suites. If there are no required cipher suites the socket
must have at least one cipher suite enabled.
For protocols, at least one of the required protocols
must match the
socket's enabled protocols.
Copyright © 2019. All rights reserved.