public final class ConnectionSpec
extends java.lang.Object
https:
URLs, this includes the TLS version and cipher suites to use when negotiating a secure
connection.
The TLS versions configured in a connection spec are only be used if they are also enabled in the SSL socket. For example, if an SSL socket does not have TLS 1.3 enabled, it will not be used even if it is present on the connection spec. The same policy also applies to cipher suites.
Use ConnectionSpec.Builder.allEnabledTlsVersions()
and ConnectionSpec.Builder.allEnabledCipherSuites()
to
defer all feature selection to the underlying SSL socket.
Modifier and Type | Class and Description |
---|---|
static class |
ConnectionSpec.Builder |
Modifier and Type | Field and Description |
---|---|
private static CipherSuite[] |
APPROVED_CIPHER_SUITES |
(package private) java.lang.String[] |
cipherSuites |
static ConnectionSpec |
CLEARTEXT
Unencrypted, unauthenticated connections for
http: URLs. |
static ConnectionSpec |
COMPATIBLE_TLS
A backwards-compatible fallback connection for interop with obsolete servers.
|
static ConnectionSpec |
MODERN_TLS
A modern TLS connection with extensions like SNI and ALPN available.
|
(package private) boolean |
supportsTlsExtensions |
(package private) boolean |
tls |
(package private) java.lang.String[] |
tlsVersions |
Constructor and Description |
---|
ConnectionSpec(ConnectionSpec.Builder builder) |
Modifier and Type | Method and Description |
---|---|
(package private) void |
apply(javax.net.ssl.SSLSocket sslSocket,
boolean isFallback)
Applies this spec to
sslSocket . |
java.util.List<CipherSuite> |
cipherSuites()
Returns the cipher suites to use for a connection.
|
boolean |
equals(java.lang.Object other) |
int |
hashCode() |
boolean |
isCompatible(javax.net.ssl.SSLSocket socket)
Returns
true if the socket, as currently configured, supports this connection spec. |
boolean |
isTls() |
private ConnectionSpec |
supportedSpec(javax.net.ssl.SSLSocket sslSocket,
boolean isFallback)
Returns a copy of this that omits cipher suites and TLS versions not enabled by
sslSocket . |
boolean |
supportsTlsExtensions() |
java.util.List<TlsVersion> |
tlsVersions()
Returns the TLS versions to use when negotiating a connection.
|
java.lang.String |
toString() |
private static final CipherSuite[] APPROVED_CIPHER_SUITES
public static final ConnectionSpec MODERN_TLS
public static final ConnectionSpec COMPATIBLE_TLS
public static final ConnectionSpec CLEARTEXT
http:
URLs.final boolean tls
final boolean supportsTlsExtensions
@Nullable final java.lang.String[] cipherSuites
@Nullable final java.lang.String[] tlsVersions
ConnectionSpec(ConnectionSpec.Builder builder)
public boolean isTls()
@Nullable public java.util.List<CipherSuite> cipherSuites()
@Nullable public java.util.List<TlsVersion> tlsVersions()
public boolean supportsTlsExtensions()
void apply(javax.net.ssl.SSLSocket sslSocket, boolean isFallback)
sslSocket
.private ConnectionSpec supportedSpec(javax.net.ssl.SSLSocket sslSocket, boolean isFallback)
sslSocket
.public boolean isCompatible(javax.net.ssl.SSLSocket socket)
true
if the socket, as currently configured, supports this connection spec. In
order for a socket to be compatible the enabled cipher suites and protocols must intersect.
For cipher suites, at least one of the required cipher suites
must
match the socket's enabled cipher suites. If there are no required cipher suites the socket
must have at least one cipher suite enabled.
For protocols, at least one of the required protocols
must match the
socket's enabled protocols.
public boolean equals(@Nullable java.lang.Object other)
equals
in class java.lang.Object
public int hashCode()
hashCode
in class java.lang.Object
public java.lang.String toString()
toString
in class java.lang.Object