Skip to content

okhttp / okhttp3 / ConnectionSpec


class ConnectionSpec

Specifies configuration for the socket connection that HTTP traffic travels through. For https: URLs, this includes the TLS version and cipher suites to use when negotiating a secure connection.

The TLS versions configured in a connection spec are only be used if they are also enabled in the SSL socket. For example, if an SSL socket does not have TLS 1.3 enabled, it will not be used even if it is present on the connection spec. The same policy also applies to cipher suites.

Use Builder.allEnabledTlsVersions and Builder.allEnabledCipherSuites to defer all feature selection to the underlying SSL socket.

The configuration of each spec changes with each OkHttp release. This is annoying: upgrading your OkHttp library can break connectivity to certain web servers! But it’s a necessary annoyance because the TLS ecosystem is dynamic and staying up to date is necessary to stay secure. See OkHttp’s TLS Configuration History to track these changes.


Name Summary
Builder class Builder


Name Summary
cipherSuites Returns the cipher suites to use for a connection. Returns null if all of the SSL socket’s enabled cipher suites should be used.val cipherSuites:List<CipherSuite>?
isTls val isTls:Boolean
supportsTlsExtensions val supportsTlsExtensions:Boolean
tlsVersions Returns the TLS versions to use when negotiating a connection. Returns null if all of the SSL socket’s enabled TLS versions should be used.val tlsVersions:List<TlsVersion>?


Name Summary
equals fun equals(other:Any?):Boolean
hashCode fun hashCode():Int
isCompatible Returns true if the socket, as currently configured, supports this connection spec. In order for a socket to be compatible the enabled cipher suites and protocols must isCompatible(socket:SSLSocket):Boolean
toString fun toString():String

Companion Object Properties

Name Summary
CLEARTEXT Unencrypted, unauthenticated connections for http: URLs.val CLEARTEXT:ConnectionSpec
COMPATIBLE_TLS A backwards-compatible fallback configuration that works on obsolete client platforms and can connect to obsolete servers. When possible, prefer to upgrade your client platform or server rather than using this configuration.val COMPATIBLE_TLS:ConnectionSpec
MODERN_TLS A modern TLS configuration that works on most client platforms and can connect to most servers. This is OkHttp’s default configuration.val MODERN_TLS:ConnectionSpec
RESTRICTED_TLS A secure TLS connection that requires a recent client platform and a recent server.val RESTRICTED_TLS:ConnectionSpec