Okhttp: Test TLSv1.3 with conscrypt

Created on 3 Aug 2018 · 3Comments · Source: square/okhttp

https://github.com/google/conscrypt/issues/479
https://github.com/google/conscrypt/pull/516

Test that things work in OpenJDK with Conscrypt 1.2.0.

We should also work out what it means on Android 8.x or 9. And with GMS provider on earlier android versions. https://github.com/google/conscrypt/issues/479

tests

Source

yschimke

Most helpful comment

TLS 1.3 shouldn't require significant changes, just setting TLS 1.3 as enabled (or using SSLContext.getInstance("TLSv1.3")) should pretty much be enough.

The main thing I've noticed is the TLS protocol handling code assumes that calling getEnabledProtocols() on a fresh SSLSocket will tell you what protocols are supported. That won't be true initially for Conscrypt (you can enable 1.3 but it won't be enabled by default), so you might want to special-case that or try to set the full set of protocols you have and catch IllegalArgumentException before doing the intersection thing or something along those lines.

I'm planning on putting together some documentation on just what behavior differs between the two versions, but it's all pretty minor.

flooey on 3 Aug 2018

🎉2

All 3 comments

TLS 1.3 shouldn't require significant changes, just setting TLS 1.3 as enabled (or using SSLContext.getInstance("TLSv1.3")) should pretty much be enough.

I'm planning on putting together some documentation on just what behavior differs between the two versions, but it's all pretty minor.

flooey on 3 Aug 2018

🎉2

Working on this now, a working request...

https://graph.facebook.com/robots.txt ConscryptPlatform
TLS_1_3 TLS_AES_128_GCM_SHA256 h2 200 25b

yschimke on 11 Sep 2018

🎉1

ConscryptTest.testMozilla is off by default, but confirms this works.

yschimke on 22 Sep 2019

Was this page helpful?

0 / 5 - 0 ratings