okhttp / okhttp3 / ConnectionSpec

ConnectionSpec

class ConnectionSpec

Specifies configuration for the socket connection that HTTP traffic travels through. For https: URLs, this includes the TLS version and cipher suites to use when negotiating a secure connection.

The TLS versions configured in a connection spec are only be used if they are also enabled in the SSL socket. For example, if an SSL socket does not have TLS 1.3 enabled, it will not be used even if it is present on the connection spec. The same policy also applies to cipher suites.

Use Builder.allEnabledTlsVersions and Builder.allEnabledCipherSuites to defer all feature selection to the underlying SSL socket.

The configuration of each spec changes with each OkHttp release. This is annoying: upgrading your OkHttp library can break connectivity to certain web servers! But it’s a necessary annoyance because the TLS ecosystem is dynamic and staying up to date is necessary to stay secure. See OkHttp's TLS Configuration History to track these changes.

Types

Builder

 class Builder

Properties

cipherSuites

 val cipherSuites: List<CipherSuite>?

Returns the cipher suites to use for a connection. Returns null if all of the SSL socket's enabled cipher suites should be used.

isTls

 val isTls: Boolean

supportsTlsExtensions

 val supportsTlsExtensions: Boolean

tlsVersions

 val tlsVersions: List<TlsVersion>?

Returns the TLS versions to use when negotiating a connection. Returns null if all of the SSL socket's enabled TLS versions should be used.

Functions

equals

 fun equals(other: Any?): Boolean

hashCode

 fun hashCode(): Int

isCompatible

 fun isCompatible(socket: SSLSocket): Boolean

Returns true if the socket, as currently configured, supports this connection spec. In order for a socket to be compatible the enabled cipher suites and protocols must intersect.

toString

 fun toString(): String

Companion Object Properties

CLEARTEXT

 val CLEARTEXT: ConnectionSpec

Unencrypted, unauthenticated connections for http: URLs.

COMPATIBLE_TLS

 val COMPATIBLE_TLS: ConnectionSpec

A backwards-compatible fallback configuration that works on obsolete client platforms and can connect to obsolete servers. When possible, prefer to upgrade your client platform or server rather than using this configuration.

MODERN_TLS

 val MODERN_TLS: ConnectionSpec

A modern TLS configuration that works on most client platforms and can connect to most servers. This is OkHttp's default configuration.

RESTRICTED_TLS

 val RESTRICTED_TLS: ConnectionSpec

A secure TLS connection that requires a recent client platform and a recent server.