Merge pull request #79 from square/jwilson/tls_modes

Turn  makeTlsTolerant into two methods.

src/main/java/com/squareup/okhttp/Connection.java

@@ -135,7 +135,11 @@ public final class Connection implements Closeable {
         socket = address.sslSocketFactory.createSocket(
                 socket, address.uriHost, address.uriPort, true /* autoClose */);
         SSLSocket sslSocket = (SSLSocket) socket;
-        platform.makeTlsTolerant(sslSocket, address.uriHost, modernTls);
+        if (modernTls) {
+            platform.enableTlsExtensions(sslSocket, address.uriHost);
+        } else {
+            platform.supportTlsIntolerantServer(sslSocket);
+        }
 
         if (modernTls) {
             platform.setNpnProtocols(sslSocket, NPN_PROTOCOLS);

src/main/java/com/squareup/okhttp/internal/Platform.java

@@ -69,10 +69,20 @@ public class Platform {
         return url.toURI(); // this isn't as good as the built-in toUriLenient
     }
 
-    public void makeTlsTolerant(SSLSocket socket, String uriHost, boolean tlsTolerant) {
-        if (!tlsTolerant) {
-            socket.setEnabledProtocols(new String[]{"SSLv3"});
-        }
+    /**
+     * Attempt a TLS connection with useful extensions enabled. This mode
+     * supports more features, but is less likely to be compatible with older
+     * HTTPS servers.
+     */
+    public void enableTlsExtensions(SSLSocket socket, String uriHost) {
+    }
+
+    /**
+     * Attempt a secure connection with basic functionality to maximize
+     * compatibility. Currently this uses SSL 3.0.
+     */
+    public void supportTlsIntolerantServer(SSLSocket socket) {
+        socket.setEnabledProtocols(new String[]{"SSLv3"});
     }
 
     /**
@@ -180,10 +190,9 @@ public class Platform {
             this.setHostname = setHostname;
         }
 
-        @Override public void makeTlsTolerant(
-                SSLSocket socket, String uriHost, boolean tlsTolerant) {
-            super.makeTlsTolerant(socket, uriHost, tlsTolerant);
-            if (tlsTolerant && openSslSocketClass.isInstance(socket)) {
+        @Override public void enableTlsExtensions(SSLSocket socket, String uriHost) {
+            super.enableTlsExtensions(socket, uriHost);
+            if (openSslSocketClass.isInstance(socket)) {
                 // This is Android: use reflection on OpenSslSocketImpl.
                 try {
                     setUseSessionTickets.invoke(socket, true);

src/main/java/com/squareup/okhttp/internal/http/RouteSelector.java

@@ -18,8 +18,8 @@ package com.squareup.okhttp.internal.http;
 import com.squareup.okhttp.Address;
 import com.squareup.okhttp.Connection;
 import com.squareup.okhttp.ConnectionPool;
-import static com.squareup.okhttp.internal.Util.getEffectivePort;
 import com.squareup.okhttp.internal.Dns;
+import static com.squareup.okhttp.internal.Util.getEffectivePort;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
@@ -38,21 +38,11 @@ import java.util.NoSuchElementException;
  * recycled.
  */
 final class RouteSelector {
-    /**
-     * A TLS connection with useful extensions enabled. This mode supports more
-     * features, but is less likely to be compatible with older HTTP servers.
-     */
+    /** Uses {@link com.squareup.okhttp.internal.Platform#enableTlsExtensions}. */
     private static final int TLS_MODE_MODERN = 1;
-
-    /**
-     * A fallback connection with only basic functionality. Currently this uses
-     * SSL 3.0.
-     */
+    /** Uses {@link com.squareup.okhttp.internal.Platform#supportTlsIntolerantServer}. */
     private static final int TLS_MODE_COMPATIBLE = 0;
-
-    /**
-     * Unknown TLS mode.
-     */
+    /** No TLS mode. */
     private static final int TLS_MODE_NULL = -1;
 
     private final Address address;