| commit | 2ab4219879241a2d3b45eb5c6a504b51fad101e8 | [log] [tgz] |
|---|---|---|
| author | Neil Fuller <nfuller@google.com> | Wed Jan 21 17:47:59 2015 +0000 |
| committer | Neil Fuller <nfuller@google.com> | Thu Jan 22 10:11:44 2015 +0000 |
| tree | 096bbd6e58a842a3c4da61179c0f47f29259e6e8 | |
| parent | e78f117bcbd6b57d783737107f445ef75ecb474a [diff] |
Tidy up HttpsHandler / HttpHandler and change defaults OkHttp was recently upgraded in AOSP. This is a tidy up change to correct some defaults and improve documentation of Android settings. Besides better docs this change mostly focuses on ConnectionSpecs. OkHttp now has a set of default ConnectionSpecs. ConnectionSpecs control TLS version and cipher suite selection during connection negotiations. The defaults are not what we want on Android: Historically, it looks like we don't want HttpsURLConnection being redirected to http:// addresses, and HttpURLConnections being redirected to https://. This means that we can exclude any TLS-based ConnectionSpecs from HttpHandler, and cleartext-based ConnectionSpecs from HttpsHandler making that choice even more explicit. TLS versions: The upgrade effectively had a side-effect of disabling SSLv3 in all cases. On Android we disable SSLv3 in the default socket factory (getEnabledProtocols()), but it is still supported on the socket (getSupportedProtocols()). In the L release, OkHttp would use the default TLS versions for the initial connection and SSLv3 only for the fallback (i.e. with the default socket factory it would turn it back on for the fallback connection). This change allows for applications that may need to use SSLv3. SSLv3 will only be used if there is an installed socket factory that enables it by default. There should be a future change coming to upstream that will further alter this behavior because OkHttp will still make multiple attempts to connect when it knows it won't work. Ciphers: OkHttp is opinionated about the cipher suites to enable on a socket. On Android, we want the SocketFactory to determine the set of acceptable ciphers and we should just use the default enabled set (because the default set may be better than the set known when the device shipped, e.g. the socket factory may come from GMS or installed by an app and therefore provide better ciphers or disable ones that have found to be broken). This change fixes two failing tests in libcore.java.net.URLConnectionTest due to the TLS version changes. Change-Id: Iefc77746695b307a1222faf336d9d6452e974810
An HTTP & SPDY client for Android and Java applications. For more information see the website and the wiki.
Download the latest JAR or grab via Maven:
<dependency> <groupId>com.squareup.okhttp</groupId> <artifactId>okhttp</artifactId> <version>2.2.0</version> </dependency>
or Gradle:
compile 'com.squareup.okhttp:okhttp:2.2.0'
Snapshots of the development version are available in Sonatype's snapshots repository.
A library for testing HTTP, HTTPS, HTTP/2.0, and SPDY clients.
MockWebServer coupling with OkHttp is essential for proper testing of SPDY and HTTP/2.0 so that code can be shared.
Download the latest JAR or grab via Maven:
<dependency> <groupId>com.squareup.okhttp</groupId> <artifactId>mockwebserver</artifactId> <version>2.2.0</version> <scope>test</scope> </dependency>
or Gradle:
testCompile 'com.squareup.okhttp:mockwebserver:2.2.0'
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.