diff --git a/src/main/java/com/squareup/okhttp/Connection.java b/src/main/java/com/squareup/okhttp/Connection.java index 61122355b..61f74d136 100644 --- a/src/main/java/com/squareup/okhttp/Connection.java +++ b/src/main/java/com/squareup/okhttp/Connection.java @@ -135,7 +135,11 @@ public final class Connection implements Closeable { socket = address.sslSocketFactory.createSocket( socket, address.uriHost, address.uriPort, true /* autoClose */); SSLSocket sslSocket = (SSLSocket) socket; - platform.makeTlsTolerant(sslSocket, address.uriHost, modernTls); + if (modernTls) { + platform.enableTlsExtensions(sslSocket, address.uriHost); + } else { + platform.supportTlsIntolerantServer(sslSocket); + } if (modernTls) { platform.setNpnProtocols(sslSocket, NPN_PROTOCOLS); diff --git a/src/main/java/com/squareup/okhttp/internal/Platform.java b/src/main/java/com/squareup/okhttp/internal/Platform.java index 6c5970ef3..ab71c6260 100644 --- a/src/main/java/com/squareup/okhttp/internal/Platform.java +++ b/src/main/java/com/squareup/okhttp/internal/Platform.java @@ -69,10 +69,20 @@ public class Platform { return url.toURI(); // this isn't as good as the built-in toUriLenient } - public void makeTlsTolerant(SSLSocket socket, String uriHost, boolean tlsTolerant) { - if (!tlsTolerant) { - socket.setEnabledProtocols(new String[]{"SSLv3"}); - } + /** + * Attempt a TLS connection with useful extensions enabled. This mode + * supports more features, but is less likely to be compatible with older + * HTTPS servers. + */ + public void enableTlsExtensions(SSLSocket socket, String uriHost) { + } + + /** + * Attempt a secure connection with basic functionality to maximize + * compatibility. Currently this uses SSL 3.0. + */ + public void supportTlsIntolerantServer(SSLSocket socket) { + socket.setEnabledProtocols(new String[]{"SSLv3"}); } /** @@ -180,10 +190,9 @@ public class Platform { this.setHostname = setHostname; } - @Override public void makeTlsTolerant( - SSLSocket socket, String uriHost, boolean tlsTolerant) { - super.makeTlsTolerant(socket, uriHost, tlsTolerant); - if (tlsTolerant && openSslSocketClass.isInstance(socket)) { + @Override public void enableTlsExtensions(SSLSocket socket, String uriHost) { + super.enableTlsExtensions(socket, uriHost); + if (openSslSocketClass.isInstance(socket)) { // This is Android: use reflection on OpenSslSocketImpl. try { setUseSessionTickets.invoke(socket, true); diff --git a/src/main/java/com/squareup/okhttp/internal/http/RouteSelector.java b/src/main/java/com/squareup/okhttp/internal/http/RouteSelector.java index 5b0d079a2..ac4bb6c8c 100644 --- a/src/main/java/com/squareup/okhttp/internal/http/RouteSelector.java +++ b/src/main/java/com/squareup/okhttp/internal/http/RouteSelector.java @@ -18,8 +18,8 @@ package com.squareup.okhttp.internal.http; import com.squareup.okhttp.Address; import com.squareup.okhttp.Connection; import com.squareup.okhttp.ConnectionPool; -import static com.squareup.okhttp.internal.Util.getEffectivePort; import com.squareup.okhttp.internal.Dns; +import static com.squareup.okhttp.internal.Util.getEffectivePort; import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; @@ -38,21 +38,11 @@ import java.util.NoSuchElementException; * recycled. */ final class RouteSelector { - /** - * A TLS connection with useful extensions enabled. This mode supports more - * features, but is less likely to be compatible with older HTTP servers. - */ + /** Uses {@link com.squareup.okhttp.internal.Platform#enableTlsExtensions}. */ private static final int TLS_MODE_MODERN = 1; - - /** - * A fallback connection with only basic functionality. Currently this uses - * SSL 3.0. - */ + /** Uses {@link com.squareup.okhttp.internal.Platform#supportTlsIntolerantServer}. */ private static final int TLS_MODE_COMPATIBLE = 0; - - /** - * Unknown TLS mode. - */ + /** No TLS mode. */ private static final int TLS_MODE_NULL = -1; private final Address address;