diff options
| author | Pete Bentley <prb@google.com> | 2023-07-04 17:41:17 +0100 |
|---|---|---|
| committer | Pete Bentley <prb@google.com> | 2023-11-15 09:16:14 +0000 |
| commit | b05d9c427b2dca37f8d7ee455d4f35b525af60cf (patch) | |
| tree | 31ffee6e4c377b355d14186c6c2aeaa6d2c74cc7 | |
| parent | fbc842a7a8a732813608a5f46d5ebada0576573e (diff) | |
| download | okhttp-b05d9c427b2dca37f8d7ee455d4f35b525af60cf.tar.gz | |
Make okhttp tests ambivalent about TLS 1.x.
This is intended as a test-only change suitable for backporting
to historic CTS branches where vendors may have disabled TLS 1.x.
It does add the TLS 1.3 protocol and its ciphers to the relevant
enums, which ship in the platform but are not actually used
on Android.
All Android HttpsURLConnections use a predefined ConnectionSpec
defined in HttpsHandler which enables all cipher suites and
protocols, i.e. on Android, URL connections are intended to
pick up the correct parameters from their socket factory,
rather than using the ConnectionSpec API to set them.
tl;dr much of the changes are to tests for APIs which are not
reachable on Android, but which we should continue to test.
Bug: 288058606
Test: atest CtsLibcoreOkHttpTestcases (with and without TLS 1.0/1.1 disabled)
Change-Id: I57bd878f25a83763933a453dc6e18c349ed28028
Merged-In: I57bd878f25a83763933a453dc6e18c349ed28028
(cherry picked from commit 77e54e8fb179433aa506b1109127b333bc7a3710)
(cherry picked from commit 575eec286b9f1c05eaf2998038f89d60644ededd)
8 files changed, 129 insertions, 37 deletions
diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java index 3d48658..1e82608 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java @@ -90,6 +90,20 @@ public final class CallTest { @Rule public final MockWebServer server2 = new MockWebServer(); @Rule public final InMemoryFileSystem fileSystem = new InMemoryFileSystem(); + // Android-added: Use TLS 1.3 and 1.2 for testing + private static final ConnectionSpec TLS_SPEC_1_3 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_3) + .build(); + + private static final ConnectionSpec TLS_SPEC_1_2 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .build(); + + private static final List<ConnectionSpec> TLS_SPEC_NO_V1 + = Arrays.asList(TLS_SPEC_1_3, TLS_SPEC_1_2); + private SSLContext sslContext = SslContextBuilder.localhost(); private OkHttpClient client = new OkHttpClient(); private RecordingCallback callback = new RecordingCallback(); @@ -915,6 +929,8 @@ public final class CallTest { server.enqueue(new MockResponse().setBody("abc")); suppressTlsFallbackScsv(client); + // Android-added: Use TLS 1.3 and 1.2 for testing + client.setConnectionSpecs(TLS_SPEC_NO_V1); client.setHostnameVerifier(new RecordingHostnameVerifier()); client.setDns(new SingleInetAddressDns()); @@ -933,12 +949,18 @@ public final class CallTest { server.useHttps(sslContext.getSocketFactory(), false); server.enqueue(new MockResponse().setSocketPolicy(SocketPolicy.FAIL_HANDSHAKE)); + // Android-added: Need an extra handshake fail when using TLS 1.3 and 1.2 for testing. + // Seems to be a testing quirk due to adding two ConnectionSpecs and has no impact + // on the logic being tested or the expected outcomes, so not gonna dig too deep. + server.enqueue(new MockResponse().setSocketPolicy(SocketPolicy.FAIL_HANDSHAKE)); RecordingSSLSocketFactory clientSocketFactory = new RecordingSSLSocketFactory(sslContext.getSocketFactory()); client.setSslSocketFactory(clientSocketFactory); client.setHostnameVerifier(new RecordingHostnameVerifier()); client.setDns(new SingleInetAddressDns()); + // Android-added: Use TLS 1.3 and 1.2 for testing + client.setConnectionSpecs(TLS_SPEC_NO_V1); Request request = new Request.Builder().url(server.url("/")).build(); try { @@ -961,6 +983,8 @@ public final class CallTest { suppressTlsFallbackScsv(client); client.setHostnameVerifier(new RecordingHostnameVerifier()); + // Android-added: Use TLS 1.3 and 1.2 for testing + client.setConnectionSpecs(TLS_SPEC_NO_V1); Request request = new Request.Builder() .url(server.url("/")) diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java index 2318a68..adb6160 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java @@ -21,6 +21,7 @@ import java.util.Set; import java.util.concurrent.CopyOnWriteArraySet; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import org.junit.Assume; import org.junit.Test; import static org.junit.Assert.assertEquals; @@ -80,65 +81,75 @@ public final class ConnectionSpecTest { @Test public void tls_defaultCiphers_noFallbackIndicator() throws Exception { ConnectionSpec tlsSpec = new ConnectionSpec.Builder(true) - .tlsVersions(TlsVersion.TLS_1_2) + // Android-changed: Use TLS 1.3 and 1.2 for testing + .tlsVersions(TlsVersion.TLS_1_3) .supportsTlsExtensions(false) .build(); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + // CipherSuite.TLS_AES_128_GCM_SHA384.javaName, }); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); assertTrue(tlsSpec.isCompatible(socket)); tlsSpec.apply(socket, false /* isFallback */); - assertEquals(set(TlsVersion.TLS_1_2.javaName), set(socket.getEnabledProtocols())); + // Android-changed: Use TLS 1.3 and 1.2 for testing + assertEquals(set(TlsVersion.TLS_1_3.javaName), set(socket.getEnabledProtocols())); Set<String> expectedCipherSet = set( CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName); - assertEquals(expectedCipherSet, expectedCipherSet); + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + CipherSuite.TLS_AES_128_GCM_SHA256.javaName, + CipherSuite.TLS_AES_256_GCM_SHA384.javaName, + CipherSuite.TLS_CHACHA20_POLY1305_SHA256.javaName); + assertEquals(expectedCipherSet, set(socket.getEnabledCipherSuites())); } @Test public void tls_defaultCiphers_withFallbackIndicator() throws Exception { ConnectionSpec tlsSpec = new ConnectionSpec.Builder(true) - .tlsVersions(TlsVersion.TLS_1_2) + // Android-changed: Use TLS 1.3 and 1.2 for testing + .tlsVersions(TlsVersion.TLS_1_3) .supportsTlsExtensions(false) .build(); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + // CipherSuite.TLS_AES_128_GCM_SHA384.javaName, }); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); assertTrue(tlsSpec.isCompatible(socket)); tlsSpec.apply(socket, true /* isFallback */); - assertEquals(set(TlsVersion.TLS_1_2.javaName), set(socket.getEnabledProtocols())); + // Android-changed: Use TLS 1.3 and 1.2 for testing + assertEquals(set(TlsVersion.TLS_1_3.javaName), set(socket.getEnabledProtocols())); Set<String> expectedCipherSet = set( CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName); + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + CipherSuite.TLS_AES_128_GCM_SHA256.javaName, + CipherSuite.TLS_AES_256_GCM_SHA384.javaName, + CipherSuite.TLS_CHACHA20_POLY1305_SHA256.javaName); if (Arrays.asList(socket.getSupportedCipherSuites()).contains("TLS_FALLBACK_SCSV")) { expectedCipherSet.add("TLS_FALLBACK_SCSV"); } - assertEquals(expectedCipherSet, expectedCipherSet); + assertEquals(expectedCipherSet, set(socket.getEnabledCipherSuites())); } @Test public void tls_explicitCiphers() throws Exception { @@ -151,12 +162,13 @@ public final class ConnectionSpecTest { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + // CipherSuite.TLS_AES_128_GCM_SHA384.javaName, }); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); assertTrue(tlsSpec.isCompatible(socket)); @@ -189,8 +201,9 @@ public final class ConnectionSpecTest { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); socket.setEnabledCipherSuites(new String[] { @@ -236,12 +249,14 @@ public final class ConnectionSpecTest { SSLSocket sslSocket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); sslSocket.setEnabledProtocols(new String[] { - TlsVersion.TLS_1_0.javaName(), - TlsVersion.TLS_1_1.javaName() + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_2.javaName, + TlsVersion.TLS_1_3.javaName, }); tlsSpec.apply(sslSocket, false); - assertEquals(Arrays.asList(TlsVersion.TLS_1_0.javaName(), TlsVersion.TLS_1_1.javaName()), + // Android-changed: Use TLS 1.3 and 1.2 for testing + assertEquals(Arrays.asList(TlsVersion.TLS_1_2.javaName(), TlsVersion.TLS_1_3.javaName()), Arrays.asList(sslSocket.getEnabledProtocols())); } @@ -253,6 +268,11 @@ public final class ConnectionSpecTest { .build(); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); + // Android-changed: Only testable if TLS v1.1 is available as TLS 1.3 ciphers are + // not changeable on Android. + Assume.assumeTrue( + Arrays.asList(socket.getEnabledProtocols()).contains(TlsVersion.TLS_1_1.javaName)); + socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, }); diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java index a3e1450..613a995 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java @@ -105,6 +105,20 @@ public final class URLConnectionTest { @Rule public final MockWebServer server2 = new MockWebServer(); @Rule public final TemporaryFolder tempDir = new TemporaryFolder(); + // Android-added: Use TLS 1.3 and 1.2 for testing + private static final ConnectionSpec TLS_SPEC_1_3 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_3) + .build(); + + private static final ConnectionSpec TLS_SPEC_1_2 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .build(); + + private static final List<ConnectionSpec> TLS_SPEC_NO_V1 + = Arrays.asList(TLS_SPEC_1_3, TLS_SPEC_1_2); + private SSLContext sslContext = SslContextBuilder.localhost(); private OkUrlFactory client; private HttpURLConnection connection; @@ -605,6 +619,7 @@ public final class URLConnectionTest { server.enqueue(new MockResponse().setBody("this response comes via SSL")); suppressTlsFallbackScsv(client.client()); + client.client().setConnectionSpecs(TLS_SPEC_NO_V1); client.client().setHostnameVerifier(new RecordingHostnameVerifier()); connection = client.open(server.getUrl("/foo")); @@ -612,7 +627,7 @@ public final class URLConnectionTest { RecordedRequest request = server.takeRequest(); assertEquals("GET /foo HTTP/1.1", request.getRequestLine()); - assertEquals(TlsVersion.TLS_1_0, request.getTlsVersion()); + assertEquals(TlsVersion.TLS_1_2, request.getTlsVersion()); } @Test public void connectViaHttpsWithSSLFallbackFailuresRecorded() throws Exception { @@ -621,6 +636,7 @@ public final class URLConnectionTest { server.enqueue(new MockResponse().setSocketPolicy(SocketPolicy.FAIL_HANDSHAKE)); suppressTlsFallbackScsv(client.client()); + client.client().setConnectionSpecs(TLS_SPEC_NO_V1); client.client().setDns(new SingleInetAddressDns()); client.client().setHostnameVerifier(new RecordingHostnameVerifier()); @@ -648,6 +664,7 @@ public final class URLConnectionTest { server.enqueue(new MockResponse().setBody("def")); suppressTlsFallbackScsv(client.client()); + client.client().setConnectionSpecs(TLS_SPEC_NO_V1); client.client().setHostnameVerifier(new RecordingHostnameVerifier()); assertContent("abc", client.open(server.getUrl("/"))); @@ -658,7 +675,7 @@ public final class URLConnectionTest { assertContent("def", client.open(server.getUrl("/"))); Set<TlsVersion> tlsVersions = - EnumSet.of(TlsVersion.TLS_1_0, TlsVersion.TLS_1_2); // v1.2 on OpenJDK 8. + EnumSet.of(TlsVersion.TLS_1_3); RecordedRequest request1 = server.takeRequest(); assertTrue(tlsVersions.contains(request1.getTlsVersion())); diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java index c94cc23..b96c328 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java @@ -41,11 +41,24 @@ public class ConnectionSpecSelectorTest { private SSLContext sslContext = SslContextBuilder.localhost(); + // Android-changed: Use TLS 1.3 and 1.2 for testing + private static final ConnectionSpec TLS_SPEC_1_3 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_3) + .build(); + + private static final ConnectionSpec TLS_SPEC_1_2 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .build(); + + @Test public void nonRetryableIOException() throws Exception { ConnectionSpecSelector connectionSpecSelector = - createConnectionSpecSelector(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS); - SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + // Android-changed: Use TLS 1.3 and 1.2 for testing + createConnectionSpecSelector(TLS_SPEC_1_3, TLS_SPEC_1_2); + SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2); connectionSpecSelector.configureSecureSocket(socket); boolean retry = connectionSpecSelector.connectionFailed( @@ -57,8 +70,9 @@ public class ConnectionSpecSelectorTest { @Test public void nonRetryableSSLHandshakeException() throws Exception { ConnectionSpecSelector connectionSpecSelector = - createConnectionSpecSelector(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS); - SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + // Android-changed: Use TLS 1.3 and 1.2 + createConnectionSpecSelector(TLS_SPEC_1_3, TLS_SPEC_1_2); + SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2); connectionSpecSelector.configureSecureSocket(socket); SSLHandshakeException trustIssueException = @@ -72,8 +86,9 @@ public class ConnectionSpecSelectorTest { @Test public void retryableSSLHandshakeException() throws Exception { ConnectionSpecSelector connectionSpecSelector = - createConnectionSpecSelector(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS); - SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + // Android-changed: Use TLS 1.3 and 1.2 + createConnectionSpecSelector(TLS_SPEC_1_3, TLS_SPEC_1_2); + SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2); connectionSpecSelector.configureSecureSocket(socket); boolean retry = connectionSpecSelector.connectionFailed(RETRYABLE_EXCEPTION); @@ -88,24 +103,28 @@ public class ConnectionSpecSelectorTest { .tlsVersions(TlsVersion.SSL_3_0) .build(); + // Android-changed: Use TLS 1.3 and 1.2 for testing ConnectionSpecSelector connectionSpecSelector = createConnectionSpecSelector( - ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS, sslV3); + TLS_SPEC_1_3, TLS_SPEC_1_2, sslV3); - TlsVersion[] enabledSocketTlsVersions = { TlsVersion.TLS_1_1, TlsVersion.TLS_1_0 }; + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion[] enabledSocketTlsVersions = { TlsVersion.TLS_1_3, TlsVersion.TLS_1_2 }; SSLSocket socket = createSocketWithEnabledProtocols(enabledSocketTlsVersions); - // MODERN_TLS is used here. + // Android-changed: Use TLS 1.3 and 1.2 for testing + // TLS_SPEC_1_3 is used here. connectionSpecSelector.configureSecureSocket(socket); - assertEnabledProtocols(socket, TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + assertEnabledProtocols(socket, TlsVersion.TLS_1_3); boolean retry = connectionSpecSelector.connectionFailed(RETRYABLE_EXCEPTION); assertTrue(retry); socket.close(); - // COMPATIBLE_TLS is used here. + // Android-changed: Use TLS 1.3 and 1.2 for testing + // TLS_SPEC_1_2 is used here. socket = createSocketWithEnabledProtocols(enabledSocketTlsVersions); connectionSpecSelector.configureSecureSocket(socket); - assertEnabledProtocols(socket, TlsVersion.TLS_1_0); + assertEnabledProtocols(socket, TlsVersion.TLS_1_2); retry = connectionSpecSelector.connectionFailed(RETRYABLE_EXCEPTION); assertFalse(retry); diff --git a/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java b/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java index 1334457..210f394 100644 --- a/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java +++ b/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java @@ -225,6 +225,10 @@ public enum CipherSuite { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, 5289, 8, 21), + // Android-added: Android supported TLS 1.3 suites. + TLS_AES_128_GCM_SHA256("TLS_AES_128_GCM_SHA256", 0x1301, 8446, 11, 29), + TLS_AES_256_GCM_SHA384("TLS_AES_256_GCM_SHA384", 0x1302, 8446, 11, 29), + TLS_CHACHA20_POLY1305_SHA256("TLS_CHACHA20_POLY1305_SHA256", 0x1303, 8446, 11, 29), // TLS_ECDHE_PSK_WITH_RC4_128_SHA("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035, 5489, MAX_VALUE, MAX_VALUE), diff --git a/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java b/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java index 512aa0d..8c72dc0 100644 --- a/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java +++ b/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java @@ -22,6 +22,7 @@ import javax.net.ssl.SSLSocket; * {@link SSLSocket#setEnabledProtocols}. */ public enum TlsVersion { + TLS_1_3("TLSv1.3"), // 2019. TLS_1_2("TLSv1.2"), // 2008. TLS_1_1("TLSv1.1"), // 2006. TLS_1_0("TLSv1"), // 1999. @@ -36,6 +37,7 @@ public enum TlsVersion { public static TlsVersion forJavaName(String javaName) { switch (javaName) { + case "TLSv1.3": return TLS_1_3; case "TLSv1.2": return TLS_1_2; case "TLSv1.1": return TLS_1_1; case "TLSv1": return TLS_1_0; diff --git a/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java b/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java index bc15fb7..644c59f 100644 --- a/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java +++ b/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java @@ -227,6 +227,10 @@ public enum CipherSuite { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, 5289, 8, 21), + // Android-added: Android supported TLS 1.3 suites. + TLS_AES_128_GCM_SHA256("TLS_AES_128_GCM_SHA256", 0x1301, 8446, 11, 29), + TLS_AES_256_GCM_SHA384("TLS_AES_256_GCM_SHA384", 0x1302, 8446, 11, 29), + TLS_CHACHA20_POLY1305_SHA256("TLS_CHACHA20_POLY1305_SHA256", 0x1303, 8446, 11, 29), // TLS_ECDHE_PSK_WITH_RC4_128_SHA("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035, 5489, MAX_VALUE, MAX_VALUE), diff --git a/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java b/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java index c8cd1e3..d9a6d9a 100644 --- a/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java +++ b/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java @@ -24,6 +24,7 @@ import javax.net.ssl.SSLSocket; * @hide This class is not part of the Android public SDK API */ public enum TlsVersion { + TLS_1_3("TLSv1.3"), // 2019. TLS_1_2("TLSv1.2"), // 2008. TLS_1_1("TLSv1.1"), // 2006. TLS_1_0("TLSv1"), // 1999. @@ -38,6 +39,7 @@ public enum TlsVersion { public static TlsVersion forJavaName(String javaName) { switch (javaName) { + case "TLSv1.3": return TLS_1_3; case "TLSv1.2": return TLS_1_2; case "TLSv1.1": return TLS_1_1; case "TLSv1": return TLS_1_0; |