diff options
author | Neil Fuller <nfuller@google.com> | 2015-01-23 19:55:25 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-01-23 19:55:25 +0000 |
commit | 22973e23be0ecbbbc0437a8241d0338734209378 (patch) | |
tree | c81f3570dec6fc7936cf1d8a94de32fe77636719 | |
parent | 21dcfb0c895735468aaa5eadc1a6147c142466d2 (diff) | |
parent | cc33cfd7afe21458edad4782188770f20c770b57 (diff) | |
download | okhttp-22973e23be0ecbbbc0437a8241d0338734209378.tar.gz |
am cc33cfd7: am 2fa2cab5: Merge "Tidy up HttpsHandler / HttpHandler and change defaults"
* commit 'cc33cfd7afe21458edad4782188770f20c770b57':
Tidy up HttpsHandler / HttpHandler and change defaults
-rw-r--r-- | android/main/java/com/squareup/okhttp/HttpHandler.java | 17 | ||||
-rw-r--r-- | android/main/java/com/squareup/okhttp/HttpsHandler.java | 49 |
2 files changed, 63 insertions, 3 deletions
diff --git a/android/main/java/com/squareup/okhttp/HttpHandler.java b/android/main/java/com/squareup/okhttp/HttpHandler.java index a94fe8f..e843faf 100644 --- a/android/main/java/com/squareup/okhttp/HttpHandler.java +++ b/android/main/java/com/squareup/okhttp/HttpHandler.java @@ -23,9 +23,14 @@ import java.net.ResponseCache; import java.net.URL; import java.net.URLConnection; import java.net.URLStreamHandler; +import java.util.Collections; +import java.util.List; public class HttpHandler extends URLStreamHandler { + private final static List<ConnectionSpec> CLEARTEXT_ONLY = + Collections.singletonList(ConnectionSpec.CLEARTEXT); + private final ConfigAwareConnectionPool configAwareConnectionPool = ConfigAwareConnectionPool.getInstance(); @@ -46,6 +51,9 @@ public class HttpHandler extends URLStreamHandler { protected OkUrlFactory newOkUrlFactory(Proxy proxy) { OkUrlFactory okUrlFactory = createHttpOkUrlFactory(proxy); + // For HttpURLConnections created through java.net.URL Android uses a connection pool that + // is aware when the default network changes so that pooled connections are not re-used when + // the default network changes. okUrlFactory.client().setConnectionPool(configAwareConnectionPool.get()); return okUrlFactory; } @@ -54,14 +62,21 @@ public class HttpHandler extends URLStreamHandler { * Creates an OkHttpClient suitable for creating {@link java.net.HttpURLConnection} instances on * Android. */ + // Visible for android.net.Network. public static OkUrlFactory createHttpOkUrlFactory(Proxy proxy) { OkHttpClient client = new OkHttpClient(); + + // Do not permit http -> https and https -> http redirects. client.setFollowSslRedirects(false); + client.setConnectionSpecs(CLEARTEXT_ONLY); + + // When we do not set the Proxy explicitly OkHttp picks up a ProxySelector using + // ProxySelector.getDefault(). if (proxy != null) { client.setProxy(proxy); } - // Explicitly set the response cache. + // OkHttp requires that we explicitly set the response cache. OkUrlFactory okUrlFactory = new OkUrlFactory(client); ResponseCache responseCache = ResponseCache.getDefault(); if (responseCache != null) { diff --git a/android/main/java/com/squareup/okhttp/HttpsHandler.java b/android/main/java/com/squareup/okhttp/HttpsHandler.java index cfd7aba..149d860 100644 --- a/android/main/java/com/squareup/okhttp/HttpsHandler.java +++ b/android/main/java/com/squareup/okhttp/HttpsHandler.java @@ -24,7 +24,43 @@ import java.util.List; import javax.net.ssl.HttpsURLConnection; public final class HttpsHandler extends HttpHandler { - private static final List<Protocol> ENABLED_PROTOCOLS = Arrays.asList(Protocol.HTTP_1_1); + + /** + * The initial connection spec to use when connecting to an https:// server, and the prototype + * for the others below. Note that Android does not set the cipher suites to use so the socket's + * defaults enabled cipher suites will be used instead. When the SSLSocketFactory is provided by + * the app or GMS core we will not override the enabled ciphers set on the sockets it produces + * with a list hardcoded at release time. This is deliberate. + * For the TLS versions we <em>will</em> select a known subset from the set of enabled TLS + * versions on the socket. + */ + private static final ConnectionSpec TLS_1_2_AND_BELOW = new ConnectionSpec.Builder(true) + .tlsVersions(TlsVersion.TLS_1_2, TlsVersion.TLS_1_1, TlsVersion.TLS_1_0, TlsVersion.SSL_3_0) + .supportsTlsExtensions(true) + .build(); + + private static final ConnectionSpec TLS_1_1_AND_BELOW = + new ConnectionSpec.Builder(TLS_1_2_AND_BELOW) + .tlsVersions(TlsVersion.TLS_1_1, TlsVersion.TLS_1_0, TlsVersion.SSL_3_0) + .supportsTlsExtensions(true) + .build(); + + private static final ConnectionSpec TLS_1_0_AND_BELOW = + new ConnectionSpec.Builder(TLS_1_2_AND_BELOW) + .tlsVersions(TlsVersion.TLS_1_0, TlsVersion.SSL_3_0) + .build(); + + private static final ConnectionSpec SSL_3_0 = + new ConnectionSpec.Builder(TLS_1_2_AND_BELOW) + .tlsVersions(TlsVersion.SSL_3_0) + .build(); + + /** Try up to 4 times to negotiate a connection with each server. */ + private static final List<ConnectionSpec> SECURE_CONNECTION_SPECS = + Arrays.asList(TLS_1_2_AND_BELOW, TLS_1_1_AND_BELOW, TLS_1_0_AND_BELOW, SSL_3_0); + + private static final List<Protocol> HTTP_1_1_ONLY = Arrays.asList(Protocol.HTTP_1_1); + private final ConfigAwareConnectionPool configAwareConnectionPool = ConfigAwareConnectionPool.getInstance(); @@ -35,6 +71,9 @@ public final class HttpsHandler extends HttpHandler { @Override protected OkUrlFactory newOkUrlFactory(Proxy proxy) { OkUrlFactory okUrlFactory = createHttpsOkUrlFactory(proxy); + // For HttpsURLConnections created through java.net.URL Android uses a connection pool that + // is aware when the default network changes so that pooled connections are not re-used when + // the default network changes. okUrlFactory.client().setConnectionPool(configAwareConnectionPool.get()); return okUrlFactory; } @@ -43,12 +82,18 @@ public final class HttpsHandler extends HttpHandler { * Creates an OkHttpClient suitable for creating {@link HttpsURLConnection} instances on * Android. */ + // Visible for android.net.Network. public static OkUrlFactory createHttpsOkUrlFactory(Proxy proxy) { // The HTTPS OkHttpClient is an HTTP OkHttpClient with extra configuration. OkUrlFactory okUrlFactory = HttpHandler.createHttpOkUrlFactory(proxy); OkHttpClient okHttpClient = okUrlFactory.client(); - okHttpClient.setProtocols(ENABLED_PROTOCOLS); + + // Only enable HTTP/1.1 (implies HTTP/1.0). Disable SPDY / HTTP/2.0. + okHttpClient.setProtocols(HTTP_1_1_ONLY); + + // Use Android's preferred fallback approach and cipher suite selection. + okHttpClient.setConnectionSpecs(SECURE_CONNECTION_SPECS); // OkHttp does not automatically honor the system-wide HostnameVerifier set with // HttpsURLConnection.setDefaultHostnameVerifier(). |