Example 36 with ConnectionSpec
use of okhttp3.ConnectionSpec in project caronae-android by caronae.
the class CaronaeAPI method enableTls12OnPreLollipop.
private static OkHttpClient.Builder enableTls12OnPreLollipop(OkHttpClient.Builder client) {
if (Build.VERSION.SDK_INT >= 15 && Build.VERSION.SDK_INT <= 21) {
try {
SSLContext tlsContext = SSLContext.getInstance("TLSv1.2");
tlsContext.init(null, null, null);
client.sslSocketFactory(new Tls12SocketFactory(tlsContext.getSocketFactory()));
ConnectionSpec tlsSpec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).tlsVersions(TlsVersion.TLS_1_2).build();
List<ConnectionSpec> specs = Arrays.asList(tlsSpec);
client.connectionSpecs(specs);
} catch (Exception e) {
Log.e("OkHttpTLSCompat", "Error while setting TLS 1.2", e);
}
}
return client;
}
Also used :
ConnectionSpec(okhttp3.ConnectionSpec)
GsonBuilder(com.google.gson.GsonBuilder)
SSLContext(javax.net.ssl.SSLContext)
Example 37 with ConnectionSpec
use of okhttp3.ConnectionSpec in project AntennaPod by AntennaPod.
the class SslClientSetup method installCertificates.
public static void installCertificates(OkHttpClient.Builder builder) {
if (BuildConfig.FLAVOR.equals("free")) {
// The Free flavor bundles a modern conscrypt (security provider), so CustomSslSocketFactory
// is only used to make sure that modern protocols (TLSv1.3 and TLSv1.2) are enabled and
// that old, deprecated, protocols (like SSLv3, TLSv1.0 and TLSv1.1) are disabled.
X509TrustManager trustManager = BackportTrustManager.create();
builder.sslSocketFactory(new NoV1SslSocketFactory(trustManager), trustManager);
} else if (Build.VERSION.SDK_INT < 21) {
X509TrustManager trustManager = BackportTrustManager.create();
builder.sslSocketFactory(new NoV1SslSocketFactory(trustManager), trustManager);
// workaround for Android 4.x for certain web sites.
// see: https://github.com/square/okhttp/issues/4053#issuecomment-402579554
List<CipherSuite> cipherSuites = new ArrayList<>(ConnectionSpec.MODERN_TLS.cipherSuites());
cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
ConnectionSpec legacyTls = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).cipherSuites(cipherSuites.toArray(new CipherSuite[0])).build();
builder.connectionSpecs(Arrays.asList(legacyTls, ConnectionSpec.CLEARTEXT));
}
}
Also used :
ConnectionSpec(okhttp3.ConnectionSpec)
X509TrustManager(javax.net.ssl.X509TrustManager)
CipherSuite(okhttp3.CipherSuite)
List(java.util.List)
ArrayList(java.util.ArrayList)
Aggregations
ConnectionSpec (okhttp3.ConnectionSpec)18
Internal.applyConnectionSpec (okhttp3.internal.Internal.applyConnectionSpec)18
Test (org.junit.jupiter.api.Test)18
ArrayList (java.util.ArrayList)11
SSLSocket (javax.net.ssl.SSLSocket)9
X509TrustManager (javax.net.ssl.X509TrustManager)9
OkHttpClient (okhttp3.OkHttpClient)7
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)6
SSLContext (javax.net.ssl.SSLContext)5
TrustManager (javax.net.ssl.TrustManager)5
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)5
IOException (java.io.IOException)4
KeyManagementException (java.security.KeyManagementException)3
KeyStoreException (java.security.KeyStoreException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
NonNull (android.support.annotation.NonNull)2
UnknownServiceException (java.net.UnknownServiceException)2
HttpLoggingInterceptor (okhttp3.logging.HttpLoggingInterceptor)2
GsonBuilder (com.google.gson.GsonBuilder)1
FileNotFoundException (java.io.FileNotFoundException)1
