diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-12-14 16:27:40 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-12-14 16:27:40 +0000 |
| commit | 197ae404b7b2925a36fde46bc553edc4b1b3537f (patch) | |
| tree | 8e3a23916169a31fb5c6230b8ad766120c0e0c83 | |
| parent | 6e0ab64bfeadbfc7a67417398673e9525eaf7149 (diff) | |
| parent | 43969c8699bb8b0befc7fd27a45f201c71cbb6b7 (diff) | |
| download | okhttp-aml_tz4_332714010.tar.gz | |
Snap for 11219529 from 43969c8699bb8b0befc7fd27a45f201c71cbb6b7 to mainline-tzdata4-releaseaml_tz4_332714070aml_tz4_332714050aml_tz4_332714010aml_tz4_332714010
Change-Id: I3207525c8840009cba28f03a0cf3a24a9188d6e7
8 files changed, 129 insertions, 37 deletions
diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java index 0b18783..605ca68 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java @@ -90,6 +90,20 @@ public final class CallTest { @Rule public final MockWebServer server2 = new MockWebServer(); @Rule public final InMemoryFileSystem fileSystem = new InMemoryFileSystem(); + // Android-added: Use TLS 1.3 and 1.2 for testing + private static final ConnectionSpec TLS_SPEC_1_3 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_3) + .build(); + + private static final ConnectionSpec TLS_SPEC_1_2 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .build(); + + private static final List<ConnectionSpec> TLS_SPEC_NO_V1 + = Arrays.asList(TLS_SPEC_1_3, TLS_SPEC_1_2); + private SSLContext sslContext = SslContextBuilder.localhost(); private OkHttpClient client = new OkHttpClient(); private RecordingCallback callback = new RecordingCallback(); @@ -915,6 +929,8 @@ public final class CallTest { server.enqueue(new MockResponse().setBody("abc")); suppressTlsFallbackScsv(client); + // Android-added: Use TLS 1.3 and 1.2 for testing + client.setConnectionSpecs(TLS_SPEC_NO_V1); client.setHostnameVerifier(new RecordingHostnameVerifier()); client.setDns(new SingleInetAddressDns()); @@ -933,12 +949,18 @@ public final class CallTest { server.useHttps(sslContext.getSocketFactory(), false); server.enqueue(new MockResponse().setSocketPolicy(SocketPolicy.FAIL_HANDSHAKE)); + // Android-added: Need an extra handshake fail when using TLS 1.3 and 1.2 for testing. + // Seems to be a testing quirk due to adding two ConnectionSpecs and has no impact + // on the logic being tested or the expected outcomes, so not gonna dig too deep. + server.enqueue(new MockResponse().setSocketPolicy(SocketPolicy.FAIL_HANDSHAKE)); RecordingSSLSocketFactory clientSocketFactory = new RecordingSSLSocketFactory(sslContext.getSocketFactory()); client.setSslSocketFactory(clientSocketFactory); client.setHostnameVerifier(new RecordingHostnameVerifier()); client.setDns(new SingleInetAddressDns()); + // Android-added: Use TLS 1.3 and 1.2 for testing + client.setConnectionSpecs(TLS_SPEC_NO_V1); Request request = new Request.Builder().url(server.url("/")).build(); try { @@ -961,6 +983,8 @@ public final class CallTest { suppressTlsFallbackScsv(client); client.setHostnameVerifier(new RecordingHostnameVerifier()); + // Android-added: Use TLS 1.3 and 1.2 for testing + client.setConnectionSpecs(TLS_SPEC_NO_V1); Request request = new Request.Builder() .url(server.url("/")) diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java index 2318a68..adb6160 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java @@ -21,6 +21,7 @@ import java.util.Set; import java.util.concurrent.CopyOnWriteArraySet; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import org.junit.Assume; import org.junit.Test; import static org.junit.Assert.assertEquals; @@ -80,65 +81,75 @@ public final class ConnectionSpecTest { @Test public void tls_defaultCiphers_noFallbackIndicator() throws Exception { ConnectionSpec tlsSpec = new ConnectionSpec.Builder(true) - .tlsVersions(TlsVersion.TLS_1_2) + // Android-changed: Use TLS 1.3 and 1.2 for testing + .tlsVersions(TlsVersion.TLS_1_3) .supportsTlsExtensions(false) .build(); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + // CipherSuite.TLS_AES_128_GCM_SHA384.javaName, }); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); assertTrue(tlsSpec.isCompatible(socket)); tlsSpec.apply(socket, false /* isFallback */); - assertEquals(set(TlsVersion.TLS_1_2.javaName), set(socket.getEnabledProtocols())); + // Android-changed: Use TLS 1.3 and 1.2 for testing + assertEquals(set(TlsVersion.TLS_1_3.javaName), set(socket.getEnabledProtocols())); Set<String> expectedCipherSet = set( CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName); - assertEquals(expectedCipherSet, expectedCipherSet); + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + CipherSuite.TLS_AES_128_GCM_SHA256.javaName, + CipherSuite.TLS_AES_256_GCM_SHA384.javaName, + CipherSuite.TLS_CHACHA20_POLY1305_SHA256.javaName); + assertEquals(expectedCipherSet, set(socket.getEnabledCipherSuites())); } @Test public void tls_defaultCiphers_withFallbackIndicator() throws Exception { ConnectionSpec tlsSpec = new ConnectionSpec.Builder(true) - .tlsVersions(TlsVersion.TLS_1_2) + // Android-changed: Use TLS 1.3 and 1.2 for testing + .tlsVersions(TlsVersion.TLS_1_3) .supportsTlsExtensions(false) .build(); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + // CipherSuite.TLS_AES_128_GCM_SHA384.javaName, }); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); assertTrue(tlsSpec.isCompatible(socket)); tlsSpec.apply(socket, true /* isFallback */); - assertEquals(set(TlsVersion.TLS_1_2.javaName), set(socket.getEnabledProtocols())); + // Android-changed: Use TLS 1.3 and 1.2 for testing + assertEquals(set(TlsVersion.TLS_1_3.javaName), set(socket.getEnabledProtocols())); Set<String> expectedCipherSet = set( CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName); + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + CipherSuite.TLS_AES_128_GCM_SHA256.javaName, + CipherSuite.TLS_AES_256_GCM_SHA384.javaName, + CipherSuite.TLS_CHACHA20_POLY1305_SHA256.javaName); if (Arrays.asList(socket.getSupportedCipherSuites()).contains("TLS_FALLBACK_SCSV")) { expectedCipherSet.add("TLS_FALLBACK_SCSV"); } - assertEquals(expectedCipherSet, expectedCipherSet); + assertEquals(expectedCipherSet, set(socket.getEnabledCipherSuites())); } @Test public void tls_explicitCiphers() throws Exception { @@ -151,12 +162,13 @@ public final class ConnectionSpecTest { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + // CipherSuite.TLS_AES_128_GCM_SHA384.javaName, }); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); assertTrue(tlsSpec.isCompatible(socket)); @@ -189,8 +201,9 @@ public final class ConnectionSpecTest { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); socket.setEnabledCipherSuites(new String[] { @@ -236,12 +249,14 @@ public final class ConnectionSpecTest { SSLSocket sslSocket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); sslSocket.setEnabledProtocols(new String[] { - TlsVersion.TLS_1_0.javaName(), - TlsVersion.TLS_1_1.javaName() + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_2.javaName, + TlsVersion.TLS_1_3.javaName, }); tlsSpec.apply(sslSocket, false); - assertEquals(Arrays.asList(TlsVersion.TLS_1_0.javaName(), TlsVersion.TLS_1_1.javaName()), + // Android-changed: Use TLS 1.3 and 1.2 for testing + assertEquals(Arrays.asList(TlsVersion.TLS_1_2.javaName(), TlsVersion.TLS_1_3.javaName()), Arrays.asList(sslSocket.getEnabledProtocols())); } @@ -253,6 +268,11 @@ public final class ConnectionSpecTest { .build(); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); + // Android-changed: Only testable if TLS v1.1 is available as TLS 1.3 ciphers are + // not changeable on Android. + Assume.assumeTrue( + Arrays.asList(socket.getEnabledProtocols()).contains(TlsVersion.TLS_1_1.javaName)); + socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, }); diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java index a3e1450..613a995 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java @@ -105,6 +105,20 @@ public final class URLConnectionTest { @Rule public final MockWebServer server2 = new MockWebServer(); @Rule public final TemporaryFolder tempDir = new TemporaryFolder(); + // Android-added: Use TLS 1.3 and 1.2 for testing + private static final ConnectionSpec TLS_SPEC_1_3 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_3) + .build(); + + private static final ConnectionSpec TLS_SPEC_1_2 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .build(); + + private static final List<ConnectionSpec> TLS_SPEC_NO_V1 + = Arrays.asList(TLS_SPEC_1_3, TLS_SPEC_1_2); + private SSLContext sslContext = SslContextBuilder.localhost(); private OkUrlFactory client; private HttpURLConnection connection; @@ -605,6 +619,7 @@ public final class URLConnectionTest { server.enqueue(new MockResponse().setBody("this response comes via SSL")); suppressTlsFallbackScsv(client.client()); + client.client().setConnectionSpecs(TLS_SPEC_NO_V1); client.client().setHostnameVerifier(new RecordingHostnameVerifier()); connection = client.open(server.getUrl("/foo")); @@ -612,7 +627,7 @@ public final class URLConnectionTest { RecordedRequest request = server.takeRequest(); assertEquals("GET /foo HTTP/1.1", request.getRequestLine()); - assertEquals(TlsVersion.TLS_1_0, request.getTlsVersion()); + assertEquals(TlsVersion.TLS_1_2, request.getTlsVersion()); } @Test public void connectViaHttpsWithSSLFallbackFailuresRecorded() throws Exception { @@ -621,6 +636,7 @@ public final class URLConnectionTest { server.enqueue(new MockResponse().setSocketPolicy(SocketPolicy.FAIL_HANDSHAKE)); suppressTlsFallbackScsv(client.client()); + client.client().setConnectionSpecs(TLS_SPEC_NO_V1); client.client().setDns(new SingleInetAddressDns()); client.client().setHostnameVerifier(new RecordingHostnameVerifier()); @@ -648,6 +664,7 @@ public final class URLConnectionTest { server.enqueue(new MockResponse().setBody("def")); suppressTlsFallbackScsv(client.client()); + client.client().setConnectionSpecs(TLS_SPEC_NO_V1); client.client().setHostnameVerifier(new RecordingHostnameVerifier()); assertContent("abc", client.open(server.getUrl("/"))); @@ -658,7 +675,7 @@ public final class URLConnectionTest { assertContent("def", client.open(server.getUrl("/"))); Set<TlsVersion> tlsVersions = - EnumSet.of(TlsVersion.TLS_1_0, TlsVersion.TLS_1_2); // v1.2 on OpenJDK 8. + EnumSet.of(TlsVersion.TLS_1_3); RecordedRequest request1 = server.takeRequest(); assertTrue(tlsVersions.contains(request1.getTlsVersion())); diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java index c94cc23..b96c328 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java @@ -41,11 +41,24 @@ public class ConnectionSpecSelectorTest { private SSLContext sslContext = SslContextBuilder.localhost(); + // Android-changed: Use TLS 1.3 and 1.2 for testing + private static final ConnectionSpec TLS_SPEC_1_3 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_3) + .build(); + + private static final ConnectionSpec TLS_SPEC_1_2 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .build(); + + @Test public void nonRetryableIOException() throws Exception { ConnectionSpecSelector connectionSpecSelector = - createConnectionSpecSelector(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS); - SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + // Android-changed: Use TLS 1.3 and 1.2 for testing + createConnectionSpecSelector(TLS_SPEC_1_3, TLS_SPEC_1_2); + SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2); connectionSpecSelector.configureSecureSocket(socket); boolean retry = connectionSpecSelector.connectionFailed( @@ -57,8 +70,9 @@ public class ConnectionSpecSelectorTest { @Test public void nonRetryableSSLHandshakeException() throws Exception { ConnectionSpecSelector connectionSpecSelector = - createConnectionSpecSelector(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS); - SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + // Android-changed: Use TLS 1.3 and 1.2 + createConnectionSpecSelector(TLS_SPEC_1_3, TLS_SPEC_1_2); + SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2); connectionSpecSelector.configureSecureSocket(socket); SSLHandshakeException trustIssueException = @@ -72,8 +86,9 @@ public class ConnectionSpecSelectorTest { @Test public void retryableSSLHandshakeException() throws Exception { ConnectionSpecSelector connectionSpecSelector = - createConnectionSpecSelector(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS); - SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + // Android-changed: Use TLS 1.3 and 1.2 + createConnectionSpecSelector(TLS_SPEC_1_3, TLS_SPEC_1_2); + SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2); connectionSpecSelector.configureSecureSocket(socket); boolean retry = connectionSpecSelector.connectionFailed(RETRYABLE_EXCEPTION); @@ -88,24 +103,28 @@ public class ConnectionSpecSelectorTest { .tlsVersions(TlsVersion.SSL_3_0) .build(); + // Android-changed: Use TLS 1.3 and 1.2 for testing ConnectionSpecSelector connectionSpecSelector = createConnectionSpecSelector( - ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS, sslV3); + TLS_SPEC_1_3, TLS_SPEC_1_2, sslV3); - TlsVersion[] enabledSocketTlsVersions = { TlsVersion.TLS_1_1, TlsVersion.TLS_1_0 }; + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion[] enabledSocketTlsVersions = { TlsVersion.TLS_1_3, TlsVersion.TLS_1_2 }; SSLSocket socket = createSocketWithEnabledProtocols(enabledSocketTlsVersions); - // MODERN_TLS is used here. + // Android-changed: Use TLS 1.3 and 1.2 for testing + // TLS_SPEC_1_3 is used here. connectionSpecSelector.configureSecureSocket(socket); - assertEnabledProtocols(socket, TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + assertEnabledProtocols(socket, TlsVersion.TLS_1_3); boolean retry = connectionSpecSelector.connectionFailed(RETRYABLE_EXCEPTION); assertTrue(retry); socket.close(); - // COMPATIBLE_TLS is used here. + // Android-changed: Use TLS 1.3 and 1.2 for testing + // TLS_SPEC_1_2 is used here. socket = createSocketWithEnabledProtocols(enabledSocketTlsVersions); connectionSpecSelector.configureSecureSocket(socket); - assertEnabledProtocols(socket, TlsVersion.TLS_1_0); + assertEnabledProtocols(socket, TlsVersion.TLS_1_2); retry = connectionSpecSelector.connectionFailed(RETRYABLE_EXCEPTION); assertFalse(retry); diff --git a/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java b/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java index 1334457..210f394 100644 --- a/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java +++ b/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java @@ -225,6 +225,10 @@ public enum CipherSuite { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, 5289, 8, 21), + // Android-added: Android supported TLS 1.3 suites. + TLS_AES_128_GCM_SHA256("TLS_AES_128_GCM_SHA256", 0x1301, 8446, 11, 29), + TLS_AES_256_GCM_SHA384("TLS_AES_256_GCM_SHA384", 0x1302, 8446, 11, 29), + TLS_CHACHA20_POLY1305_SHA256("TLS_CHACHA20_POLY1305_SHA256", 0x1303, 8446, 11, 29), // TLS_ECDHE_PSK_WITH_RC4_128_SHA("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035, 5489, MAX_VALUE, MAX_VALUE), diff --git a/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java b/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java index 512aa0d..8c72dc0 100644 --- a/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java +++ b/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java @@ -22,6 +22,7 @@ import javax.net.ssl.SSLSocket; * {@link SSLSocket#setEnabledProtocols}. */ public enum TlsVersion { + TLS_1_3("TLSv1.3"), // 2019. TLS_1_2("TLSv1.2"), // 2008. TLS_1_1("TLSv1.1"), // 2006. TLS_1_0("TLSv1"), // 1999. @@ -36,6 +37,7 @@ public enum TlsVersion { public static TlsVersion forJavaName(String javaName) { switch (javaName) { + case "TLSv1.3": return TLS_1_3; case "TLSv1.2": return TLS_1_2; case "TLSv1.1": return TLS_1_1; case "TLSv1": return TLS_1_0; diff --git a/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java b/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java index bc15fb7..644c59f 100644 --- a/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java +++ b/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java @@ -227,6 +227,10 @@ public enum CipherSuite { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, 5289, 8, 21), + // Android-added: Android supported TLS 1.3 suites. + TLS_AES_128_GCM_SHA256("TLS_AES_128_GCM_SHA256", 0x1301, 8446, 11, 29), + TLS_AES_256_GCM_SHA384("TLS_AES_256_GCM_SHA384", 0x1302, 8446, 11, 29), + TLS_CHACHA20_POLY1305_SHA256("TLS_CHACHA20_POLY1305_SHA256", 0x1303, 8446, 11, 29), // TLS_ECDHE_PSK_WITH_RC4_128_SHA("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035, 5489, MAX_VALUE, MAX_VALUE), diff --git a/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java b/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java index c8cd1e3..d9a6d9a 100644 --- a/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java +++ b/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java @@ -24,6 +24,7 @@ import javax.net.ssl.SSLSocket; * @hide This class is not part of the Android public SDK API */ public enum TlsVersion { + TLS_1_3("TLSv1.3"), // 2019. TLS_1_2("TLSv1.2"), // 2008. TLS_1_1("TLSv1.1"), // 2006. TLS_1_0("TLSv1"), // 1999. @@ -38,6 +39,7 @@ public enum TlsVersion { public static TlsVersion forJavaName(String javaName) { switch (javaName) { + case "TLSv1.3": return TLS_1_3; case "TLSv1.2": return TLS_1_2; case "TLSv1.1": return TLS_1_1; case "TLSv1": return TLS_1_0; |