Commit bcce0a3d authored by Neil Fuller's avatar Neil Fuller
Browse files

Changes for dealing with more granular TLS connection fallback

This change also enabled OkHttp to handle socket factories that
produce sockets that do not not enable all the protocols that might
be part of the fallback strategy. e.g. to avoid enabling SSLv3 when
SSLv3 is not enabled by default.

If a socket is encountered that does not support, e.g., TLSv1.2 the
negotiation is not attempted or failed; the strategy simply falls
back until it finds a TlsConfiguration that can work. If none will
work an exception is thrown.

The majority of this change is dealing with the fact that it is not
easy to know in advance which TLS/SSL protocol versions are supported
by a socket without having a socket instance. OkHttp currently
assumes that TLS configuration can be predetermined.

RouteSelector no longer deals with TLS fallback. This is now handled
by the Connection instead.

A later CL will modify the fallback strategy to try various TLS
versions (when supported) instead of switching immediately to SSLv3.
This change allows Android to switch with minimal code changes, at
least until we take a newer version of OkHttp where it may be easier.

Bug: 13228108
Change-Id: If76b0b5699c22601f21c9afe494d7089ac2fa55c
parent fcc9fffc
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment