Skip to content



[jvm]\ class ConnectionSpec

Specifies configuration for the socket connection that HTTP traffic travels through. For https: URLs, this includes the TLS version and cipher suites to use when negotiating a secure connection.

The TLS versions configured in a connection spec are only be used if they are also enabled in the SSL socket. For example, if an SSL socket does not have TLS 1.3 enabled, it will not be used even if it is present on the connection spec. The same policy also applies to cipher suites.

Use Builder.allEnabledTlsVersions and Builder.allEnabledCipherSuites to defer all feature selection to the underlying SSL socket.

The configuration of each spec changes with each OkHttp release. This is annoying: upgrading your OkHttp library can break connectivity to certain web servers! But it’s a necessary annoyance because the TLS ecosystem is dynamic and staying up to date is necessary to stay secure. See OkHttp’s TLS Configuration History to track these changes.


Name Summary
Builder [jvm]
class Builder
Companion [jvm]
object Companion


Name Summary
equals [jvm]
open operator override fun equals(other: Any?): Boolean
hashCode [jvm]
open override fun hashCode(): Int
isCompatible [jvm]
fun isCompatible(socket: SSLSocket): Boolean
Returns true if the socket, as currently configured, supports this connection spec. In order for a socket to be compatible the enabled cipher suites and protocols must intersect.
toString [jvm]
open override fun toString(): String


Name Summary
cipherSuites [jvm]
@get:JvmName(name = "cipherSuites")
val cipherSuites: List<CipherSuite>?
Returns the cipher suites to use for a connection. Returns null if all of the SSL socket’s enabled cipher suites should be used.
isTls [jvm]
@get:JvmName(name = "isTls")
val isTls: Boolean
supportsTlsExtensions [jvm]
@get:JvmName(name = "supportsTlsExtensions")
val supportsTlsExtensions: Boolean
tlsVersions [jvm]
@get:JvmName(name = "tlsVersions")
val tlsVersions: List<TlsVersion>?
Returns the TLS versions to use when negotiating a connection. Returns null if all of the SSL socket’s enabled TLS versions should be used.