Changes for dealing with more granular TLS connection fallback
This change also enabled OkHttp to handle socket factories that produce sockets that do not not enable all the protocols that might be part of the fallback strategy. e.g. to avoid enabling SSLv3 when SSLv3 is not enabled by default. If a socket is encountered that does not support, e.g., TLSv1.2 the negotiation is not attempted or failed; the strategy simply falls back until it finds a TlsConfiguration that can work. If none will work an exception is thrown. The majority of this change is dealing with the fact that it is not easy to know in advance which TLS/SSL protocol versions are supported by a socket without having a socket instance. OkHttp currently assumes that TLS configuration can be predetermined. RouteSelector no longer deals with TLS fallback. This is now handled by the Connection instead. A later CL will modify the fallback strategy to try various TLS versions (when supported) instead of switching immediately to SSLv3. This change allows Android to switch with minimal code changes, at least until we take a newer version of OkHttp where it may be easier. Bug: 13228108 Change-Id: If76b0b5699c22601f21c9afe494d7089ac2fa55c
Loading
Please sign in to comment