diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-06 23:09:15 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-06 23:09:15 +0000 |
commit | c2fa6b3f944e417c39c877ef8e45fa2a9c10aaea (patch) | |
tree | 1cab24f5c6213e40794b612fa7017cf8ea745fb6 | |
parent | 32c442b0ac6025a8b47a28e9103078ed099cca30 (diff) | |
parent | 1fd6738eb7c794a3a17e5338ec65360de32b4571 (diff) | |
download | okhttp-c2fa6b3f944e417c39c877ef8e45fa2a9c10aaea.tar.gz |
Snap for 10449897 from 1fd6738eb7c794a3a17e5338ec65360de32b4571 to udc-qpr1-releaseandroid-14.0.0_r27android-14.0.0_r26android-14.0.0_r25android-14.0.0_r24android-14.0.0_r23android-14.0.0_r22android-14.0.0_r21android-14.0.0_r20android-14.0.0_r19android-14.0.0_r18android-14.0.0_r17android-14.0.0_r16android14-qpr1-s2-releaseandroid14-qpr1-release
Change-Id: I30459db98fdacf5ece2f70bb48065ed947f31346
8 files changed, 129 insertions, 37 deletions
diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java index 0b18783..605ca68 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java @@ -90,6 +90,20 @@ public final class CallTest { @Rule public final MockWebServer server2 = new MockWebServer(); @Rule public final InMemoryFileSystem fileSystem = new InMemoryFileSystem(); + // Android-added: Use TLS 1.3 and 1.2 for testing + private static final ConnectionSpec TLS_SPEC_1_3 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_3) + .build(); + + private static final ConnectionSpec TLS_SPEC_1_2 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .build(); + + private static final List<ConnectionSpec> TLS_SPEC_NO_V1 + = Arrays.asList(TLS_SPEC_1_3, TLS_SPEC_1_2); + private SSLContext sslContext = SslContextBuilder.localhost(); private OkHttpClient client = new OkHttpClient(); private RecordingCallback callback = new RecordingCallback(); @@ -915,6 +929,8 @@ public final class CallTest { server.enqueue(new MockResponse().setBody("abc")); suppressTlsFallbackScsv(client); + // Android-added: Use TLS 1.3 and 1.2 for testing + client.setConnectionSpecs(TLS_SPEC_NO_V1); client.setHostnameVerifier(new RecordingHostnameVerifier()); client.setDns(new SingleInetAddressDns()); @@ -933,12 +949,18 @@ public final class CallTest { server.useHttps(sslContext.getSocketFactory(), false); server.enqueue(new MockResponse().setSocketPolicy(SocketPolicy.FAIL_HANDSHAKE)); + // Android-added: Need an extra handshake fail when using TLS 1.3 and 1.2 for testing. + // Seems to be a testing quirk due to adding two ConnectionSpecs and has no impact + // on the logic being tested or the expected outcomes, so not gonna dig too deep. + server.enqueue(new MockResponse().setSocketPolicy(SocketPolicy.FAIL_HANDSHAKE)); RecordingSSLSocketFactory clientSocketFactory = new RecordingSSLSocketFactory(sslContext.getSocketFactory()); client.setSslSocketFactory(clientSocketFactory); client.setHostnameVerifier(new RecordingHostnameVerifier()); client.setDns(new SingleInetAddressDns()); + // Android-added: Use TLS 1.3 and 1.2 for testing + client.setConnectionSpecs(TLS_SPEC_NO_V1); Request request = new Request.Builder().url(server.url("/")).build(); try { @@ -961,6 +983,8 @@ public final class CallTest { suppressTlsFallbackScsv(client); client.setHostnameVerifier(new RecordingHostnameVerifier()); + // Android-added: Use TLS 1.3 and 1.2 for testing + client.setConnectionSpecs(TLS_SPEC_NO_V1); Request request = new Request.Builder() .url(server.url("/")) diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java index 2318a68..adb6160 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java @@ -21,6 +21,7 @@ import java.util.Set; import java.util.concurrent.CopyOnWriteArraySet; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import org.junit.Assume; import org.junit.Test; import static org.junit.Assert.assertEquals; @@ -80,65 +81,75 @@ public final class ConnectionSpecTest { @Test public void tls_defaultCiphers_noFallbackIndicator() throws Exception { ConnectionSpec tlsSpec = new ConnectionSpec.Builder(true) - .tlsVersions(TlsVersion.TLS_1_2) + // Android-changed: Use TLS 1.3 and 1.2 for testing + .tlsVersions(TlsVersion.TLS_1_3) .supportsTlsExtensions(false) .build(); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + // CipherSuite.TLS_AES_128_GCM_SHA384.javaName, }); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); assertTrue(tlsSpec.isCompatible(socket)); tlsSpec.apply(socket, false /* isFallback */); - assertEquals(set(TlsVersion.TLS_1_2.javaName), set(socket.getEnabledProtocols())); + // Android-changed: Use TLS 1.3 and 1.2 for testing + assertEquals(set(TlsVersion.TLS_1_3.javaName), set(socket.getEnabledProtocols())); Set<String> expectedCipherSet = set( CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName); - assertEquals(expectedCipherSet, expectedCipherSet); + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + CipherSuite.TLS_AES_128_GCM_SHA256.javaName, + CipherSuite.TLS_AES_256_GCM_SHA384.javaName, + CipherSuite.TLS_CHACHA20_POLY1305_SHA256.javaName); + assertEquals(expectedCipherSet, set(socket.getEnabledCipherSuites())); } @Test public void tls_defaultCiphers_withFallbackIndicator() throws Exception { ConnectionSpec tlsSpec = new ConnectionSpec.Builder(true) - .tlsVersions(TlsVersion.TLS_1_2) + // Android-changed: Use TLS 1.3 and 1.2 for testing + .tlsVersions(TlsVersion.TLS_1_3) .supportsTlsExtensions(false) .build(); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + // CipherSuite.TLS_AES_128_GCM_SHA384.javaName, }); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); assertTrue(tlsSpec.isCompatible(socket)); tlsSpec.apply(socket, true /* isFallback */); - assertEquals(set(TlsVersion.TLS_1_2.javaName), set(socket.getEnabledProtocols())); + // Android-changed: Use TLS 1.3 and 1.2 for testing + assertEquals(set(TlsVersion.TLS_1_3.javaName), set(socket.getEnabledProtocols())); Set<String> expectedCipherSet = set( CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName); + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + CipherSuite.TLS_AES_128_GCM_SHA256.javaName, + CipherSuite.TLS_AES_256_GCM_SHA384.javaName, + CipherSuite.TLS_CHACHA20_POLY1305_SHA256.javaName); if (Arrays.asList(socket.getSupportedCipherSuites()).contains("TLS_FALLBACK_SCSV")) { expectedCipherSet.add("TLS_FALLBACK_SCSV"); } - assertEquals(expectedCipherSet, expectedCipherSet); + assertEquals(expectedCipherSet, set(socket.getEnabledCipherSuites())); } @Test public void tls_explicitCiphers() throws Exception { @@ -151,12 +162,13 @@ public final class ConnectionSpecTest { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - // Android-changed: Replace removed CBC cipher with GCM version - CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, + // Android-changed: USe TLS 1.3 and 1.2 for testing - TLS 1.3 suites are implicit + // CipherSuite.TLS_AES_128_GCM_SHA384.javaName, }); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); assertTrue(tlsSpec.isCompatible(socket)); @@ -189,8 +201,9 @@ public final class ConnectionSpecTest { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledProtocols(new String[] { + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_3.javaName, TlsVersion.TLS_1_2.javaName, - TlsVersion.TLS_1_1.javaName, }); socket.setEnabledCipherSuites(new String[] { @@ -236,12 +249,14 @@ public final class ConnectionSpecTest { SSLSocket sslSocket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); sslSocket.setEnabledProtocols(new String[] { - TlsVersion.TLS_1_0.javaName(), - TlsVersion.TLS_1_1.javaName() + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion.TLS_1_2.javaName, + TlsVersion.TLS_1_3.javaName, }); tlsSpec.apply(sslSocket, false); - assertEquals(Arrays.asList(TlsVersion.TLS_1_0.javaName(), TlsVersion.TLS_1_1.javaName()), + // Android-changed: Use TLS 1.3 and 1.2 for testing + assertEquals(Arrays.asList(TlsVersion.TLS_1_2.javaName(), TlsVersion.TLS_1_3.javaName()), Arrays.asList(sslSocket.getEnabledProtocols())); } @@ -253,6 +268,11 @@ public final class ConnectionSpecTest { .build(); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); + // Android-changed: Only testable if TLS v1.1 is available as TLS 1.3 ciphers are + // not changeable on Android. + Assume.assumeTrue( + Arrays.asList(socket.getEnabledProtocols()).contains(TlsVersion.TLS_1_1.javaName)); + socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, }); diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java index d20ab9a..1976523 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/URLConnectionTest.java @@ -106,6 +106,20 @@ public final class URLConnectionTest { @Rule public final MockWebServer server2 = new MockWebServer(); @Rule public final TemporaryFolder tempDir = new TemporaryFolder(); + // Android-added: Use TLS 1.3 and 1.2 for testing + private static final ConnectionSpec TLS_SPEC_1_3 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_3) + .build(); + + private static final ConnectionSpec TLS_SPEC_1_2 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .build(); + + private static final List<ConnectionSpec> TLS_SPEC_NO_V1 + = Arrays.asList(TLS_SPEC_1_3, TLS_SPEC_1_2); + private SSLContext sslContext = SslContextBuilder.localhost(); private OkUrlFactory client; private HttpURLConnection connection; @@ -606,6 +620,7 @@ public final class URLConnectionTest { server.enqueue(new MockResponse().setBody("this response comes via SSL")); suppressTlsFallbackScsv(client.client()); + client.client().setConnectionSpecs(TLS_SPEC_NO_V1); client.client().setHostnameVerifier(new RecordingHostnameVerifier()); connection = client.open(server.getUrl("/foo")); @@ -613,7 +628,7 @@ public final class URLConnectionTest { RecordedRequest request = server.takeRequest(); assertEquals("GET /foo HTTP/1.1", request.getRequestLine()); - assertEquals(TlsVersion.TLS_1_0, request.getTlsVersion()); + assertEquals(TlsVersion.TLS_1_2, request.getTlsVersion()); } @Test public void connectViaHttpsWithSSLFallbackFailuresRecorded() throws Exception { @@ -622,6 +637,7 @@ public final class URLConnectionTest { server.enqueue(new MockResponse().setSocketPolicy(SocketPolicy.FAIL_HANDSHAKE)); suppressTlsFallbackScsv(client.client()); + client.client().setConnectionSpecs(TLS_SPEC_NO_V1); client.client().setDns(new SingleInetAddressDns()); client.client().setHostnameVerifier(new RecordingHostnameVerifier()); @@ -651,6 +667,7 @@ public final class URLConnectionTest { server.enqueue(new MockResponse().setBody("def")); suppressTlsFallbackScsv(client.client()); + client.client().setConnectionSpecs(TLS_SPEC_NO_V1); client.client().setHostnameVerifier(new RecordingHostnameVerifier()); assertContent("abc", client.open(server.getUrl("/"))); @@ -660,7 +677,7 @@ public final class URLConnectionTest { assertContent("def", client.open(server.getUrl("/"))); Set<TlsVersion> tlsVersions = - EnumSet.of(TlsVersion.TLS_1_0, TlsVersion.TLS_1_2); // v1.2 on OpenJDK 8. + EnumSet.of(TlsVersion.TLS_1_3); RecordedRequest request1 = server.takeRequest(); assertTrue(tlsVersions.contains(request1.getTlsVersion())); diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java index c94cc23..b96c328 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/ConnectionSpecSelectorTest.java @@ -41,11 +41,24 @@ public class ConnectionSpecSelectorTest { private SSLContext sslContext = SslContextBuilder.localhost(); + // Android-changed: Use TLS 1.3 and 1.2 for testing + private static final ConnectionSpec TLS_SPEC_1_3 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_3) + .build(); + + private static final ConnectionSpec TLS_SPEC_1_2 = + new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .build(); + + @Test public void nonRetryableIOException() throws Exception { ConnectionSpecSelector connectionSpecSelector = - createConnectionSpecSelector(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS); - SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + // Android-changed: Use TLS 1.3 and 1.2 for testing + createConnectionSpecSelector(TLS_SPEC_1_3, TLS_SPEC_1_2); + SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2); connectionSpecSelector.configureSecureSocket(socket); boolean retry = connectionSpecSelector.connectionFailed( @@ -57,8 +70,9 @@ public class ConnectionSpecSelectorTest { @Test public void nonRetryableSSLHandshakeException() throws Exception { ConnectionSpecSelector connectionSpecSelector = - createConnectionSpecSelector(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS); - SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + // Android-changed: Use TLS 1.3 and 1.2 + createConnectionSpecSelector(TLS_SPEC_1_3, TLS_SPEC_1_2); + SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2); connectionSpecSelector.configureSecureSocket(socket); SSLHandshakeException trustIssueException = @@ -72,8 +86,9 @@ public class ConnectionSpecSelectorTest { @Test public void retryableSSLHandshakeException() throws Exception { ConnectionSpecSelector connectionSpecSelector = - createConnectionSpecSelector(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS); - SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + // Android-changed: Use TLS 1.3 and 1.2 + createConnectionSpecSelector(TLS_SPEC_1_3, TLS_SPEC_1_2); + SSLSocket socket = createSocketWithEnabledProtocols(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2); connectionSpecSelector.configureSecureSocket(socket); boolean retry = connectionSpecSelector.connectionFailed(RETRYABLE_EXCEPTION); @@ -88,24 +103,28 @@ public class ConnectionSpecSelectorTest { .tlsVersions(TlsVersion.SSL_3_0) .build(); + // Android-changed: Use TLS 1.3 and 1.2 for testing ConnectionSpecSelector connectionSpecSelector = createConnectionSpecSelector( - ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS, sslV3); + TLS_SPEC_1_3, TLS_SPEC_1_2, sslV3); - TlsVersion[] enabledSocketTlsVersions = { TlsVersion.TLS_1_1, TlsVersion.TLS_1_0 }; + // Android-changed: Use TLS 1.3 and 1.2 for testing + TlsVersion[] enabledSocketTlsVersions = { TlsVersion.TLS_1_3, TlsVersion.TLS_1_2 }; SSLSocket socket = createSocketWithEnabledProtocols(enabledSocketTlsVersions); - // MODERN_TLS is used here. + // Android-changed: Use TLS 1.3 and 1.2 for testing + // TLS_SPEC_1_3 is used here. connectionSpecSelector.configureSecureSocket(socket); - assertEnabledProtocols(socket, TlsVersion.TLS_1_1, TlsVersion.TLS_1_0); + assertEnabledProtocols(socket, TlsVersion.TLS_1_3); boolean retry = connectionSpecSelector.connectionFailed(RETRYABLE_EXCEPTION); assertTrue(retry); socket.close(); - // COMPATIBLE_TLS is used here. + // Android-changed: Use TLS 1.3 and 1.2 for testing + // TLS_SPEC_1_2 is used here. socket = createSocketWithEnabledProtocols(enabledSocketTlsVersions); connectionSpecSelector.configureSecureSocket(socket); - assertEnabledProtocols(socket, TlsVersion.TLS_1_0); + assertEnabledProtocols(socket, TlsVersion.TLS_1_2); retry = connectionSpecSelector.connectionFailed(RETRYABLE_EXCEPTION); assertFalse(retry); diff --git a/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java b/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java index 1334457..210f394 100644 --- a/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java +++ b/okhttp/src/main/java/com/squareup/okhttp/CipherSuite.java @@ -225,6 +225,10 @@ public enum CipherSuite { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, 5289, 8, 21), + // Android-added: Android supported TLS 1.3 suites. + TLS_AES_128_GCM_SHA256("TLS_AES_128_GCM_SHA256", 0x1301, 8446, 11, 29), + TLS_AES_256_GCM_SHA384("TLS_AES_256_GCM_SHA384", 0x1302, 8446, 11, 29), + TLS_CHACHA20_POLY1305_SHA256("TLS_CHACHA20_POLY1305_SHA256", 0x1303, 8446, 11, 29), // TLS_ECDHE_PSK_WITH_RC4_128_SHA("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035, 5489, MAX_VALUE, MAX_VALUE), diff --git a/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java b/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java index 512aa0d..8c72dc0 100644 --- a/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java +++ b/okhttp/src/main/java/com/squareup/okhttp/TlsVersion.java @@ -22,6 +22,7 @@ import javax.net.ssl.SSLSocket; * {@link SSLSocket#setEnabledProtocols}. */ public enum TlsVersion { + TLS_1_3("TLSv1.3"), // 2019. TLS_1_2("TLSv1.2"), // 2008. TLS_1_1("TLSv1.1"), // 2006. TLS_1_0("TLSv1"), // 1999. @@ -36,6 +37,7 @@ public enum TlsVersion { public static TlsVersion forJavaName(String javaName) { switch (javaName) { + case "TLSv1.3": return TLS_1_3; case "TLSv1.2": return TLS_1_2; case "TLSv1.1": return TLS_1_1; case "TLSv1": return TLS_1_0; diff --git a/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java b/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java index bc15fb7..644c59f 100644 --- a/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java +++ b/repackaged/okhttp/src/main/java/com/android/okhttp/CipherSuite.java @@ -227,6 +227,10 @@ public enum CipherSuite { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, 5289, 8, 21), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, 5289, 8, 21), + // Android-added: Android supported TLS 1.3 suites. + TLS_AES_128_GCM_SHA256("TLS_AES_128_GCM_SHA256", 0x1301, 8446, 11, 29), + TLS_AES_256_GCM_SHA384("TLS_AES_256_GCM_SHA384", 0x1302, 8446, 11, 29), + TLS_CHACHA20_POLY1305_SHA256("TLS_CHACHA20_POLY1305_SHA256", 0x1303, 8446, 11, 29), // TLS_ECDHE_PSK_WITH_RC4_128_SHA("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034, 5489, MAX_VALUE, MAX_VALUE), // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035, 5489, MAX_VALUE, MAX_VALUE), diff --git a/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java b/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java index c8cd1e3..d9a6d9a 100644 --- a/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java +++ b/repackaged/okhttp/src/main/java/com/android/okhttp/TlsVersion.java @@ -24,6 +24,7 @@ import javax.net.ssl.SSLSocket; * @hide This class is not part of the Android public SDK API */ public enum TlsVersion { + TLS_1_3("TLSv1.3"), // 2019. TLS_1_2("TLSv1.2"), // 2008. TLS_1_1("TLSv1.1"), // 2006. TLS_1_0("TLSv1"), // 1999. @@ -38,6 +39,7 @@ public enum TlsVersion { public static TlsVersion forJavaName(String javaName) { switch (javaName) { + case "TLSv1.3": return TLS_1_3; case "TLSv1.2": return TLS_1_2; case "TLSv1.1": return TLS_1_1; case "TLSv1": return TLS_1_0; |