Restricted ciphers (#3908)

Add a "best practice" restricted TLS connection spec

okhttp/src/main/java/okhttp3/CipherSuite.java

@@ -29,10 +29,16 @@ import java.util.TreeMap;
  * <p><strong>Not all cipher suites are supported on all platforms.</strong> As newer cipher suites
  * are created (for stronger privacy, better performance, etc.) they will be adopted by the platform
  * and then exposed here. Cipher suites that are not available on either Android (through API level
- * 20) or Java (through JDK 8) are omitted for brevity.
+ * 24) or Java (through JDK 9) are omitted for brevity.
  *
- * <p>See also <a href="https://android.googlesource.com/platform/external/conscrypt/+/master/src/main/java/org/conscrypt/NativeCrypto.java">NativeCrypto.java</a>
- * from conscrypt, which lists the cipher suites supported by Android.
+ * <p>See <a href="https://developer.android.com/reference/javax/net/ssl/SSLEngine.html">Android SSLEngine</a>
+ * which lists the cipher suites supported by Android.
+ *
+ * <p>See <a href="https://docs.oracle.com/javase/9/security/oracleproviders.htm">JDK 9 Providers</a>
+ * which lists the cipher suites supported by Oracle.
+ *
+ * <p>See <a href="https://github.com/google/conscrypt/blob/master/common/src/main/java/org/conscrypt/NativeCrypto.java">NativeCrypto.java</a>
+ * from conscrypt, which lists the cipher suites supported by Conscrypt.
  */
 public final class CipherSuite {
   /**
@@ -385,7 +391,7 @@ public final class CipherSuite {
   public static final CipherSuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = of("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 0xcca9);
   // public static final CipherSuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = of("TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 0xccaa);
   // public static final CipherSuite TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = of("TLS_PSK_WITH_CHACHA20_POLY1305_SHA256", 0xccab);
-  // public static final CipherSuite TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = of("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", 0xccac);
+   public static final CipherSuite TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = of("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", 0xccac);
   // public static final CipherSuite TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = of("TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", 0xccad);
   // public static final CipherSuite TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = of("TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256", 0xccae);
 

okhttp/src/main/java/okhttp3/ConnectionSpec.java

@@ -40,6 +40,16 @@ import static okhttp3.internal.Util.nonEmptyIntersection;
  */
 public final class ConnectionSpec {
 
+  // Most secure but generally supported list.
+  private static final CipherSuite[] RESTRICTED_CIPHER_SUITES = new CipherSuite[] {
+      CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+      CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+      CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+      CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+      CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+      CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+  };
+
   // This is nearly equal to the cipher suites supported in Chrome 51, current as of 2016-05-25.
   // All of these suites are available on Android 7.0; earlier releases support a subset of these
   // suites. https://github.com/square/okhttp/issues/1972
@@ -63,6 +73,13 @@ public final class ConnectionSpec {
       CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
   };
 
+  /** A secure TLS connection assuming a modern client platform and server. */
+  public static final ConnectionSpec RESTRICTED_TLS = new Builder(true)
+      .cipherSuites(RESTRICTED_CIPHER_SUITES)
+      .tlsVersions(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2)
+      .supportsTlsExtensions(true)
+      .build();
+
   /** A modern TLS connection with extensions like SNI and ALPN available. */
   public static final ConnectionSpec MODERN_TLS = new Builder(true)
       .cipherSuites(APPROVED_CIPHER_SUITES)