/** Prepares the connection specs to attempt. */
private void resetConnectionSpecs() {
connectionSpecs = new ArrayList<ConnectionSpec>();
List<ConnectionSpec> specs = address.getConnectionSpecs();
for (int i = 0, size = specs.size(); i < size; i++) {
ConnectionSpec spec = specs.get(i);
if (request.isHttps() == spec.isTls()) {
connectionSpecs.add(spec);
}
}
nextSpecIndex = 0;
}
@Test
public void tlsBuilder_defaultCiphers() throws Exception {
ConnectionSpec tlsSpec =
new ConnectionSpec.Builder(true)
.tlsVersions(TlsVersion.TLS_1_2)
.supportsTlsExtensions(true)
.build();
assertNull(tlsSpec.cipherSuites());
assertEquals(Arrays.asList(TlsVersion.TLS_1_2), tlsSpec.tlsVersions());
assertTrue(tlsSpec.supportsTlsExtensions());
}
@Test
public void tlsBuilder_explicitCiphers() throws Exception {
ConnectionSpec tlsSpec =
new ConnectionSpec.Builder(true)
.cipherSuites(CipherSuite.TLS_RSA_WITH_RC4_128_MD5)
.tlsVersions(TlsVersion.TLS_1_2)
.supportsTlsExtensions(true)
.build();
assertEquals(Arrays.asList(CipherSuite.TLS_RSA_WITH_RC4_128_MD5), tlsSpec.cipherSuites());
assertEquals(Arrays.asList(TlsVersion.TLS_1_2), tlsSpec.tlsVersions());
assertTrue(tlsSpec.supportsTlsExtensions());
}
@Test
public void tls_defaultCiphers_withFallbackIndicator() throws Exception {
ConnectionSpec tlsSpec =
new ConnectionSpec.Builder(true)
.tlsVersions(TlsVersion.TLS_1_2)
.supportsTlsExtensions(false)
.build();
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
socket.setEnabledCipherSuites(
new String[] {
CipherSuite.TLS_RSA_WITH_RC4_128_MD5.javaName,
CipherSuite.TLS_RSA_WITH_RC4_128_SHA.javaName,
});
socket.setEnabledProtocols(
new String[] {
TlsVersion.TLS_1_2.javaName, TlsVersion.TLS_1_1.javaName,
});
Route route =
new Route(
HTTPS_ADDRESS,
PROXY,
INET_SOCKET_ADDRESS,
tlsSpec,
true /* shouldSendTlsFallbackIndicator */);
tlsSpec.apply(socket, route);
assertEquals(createSet(TlsVersion.TLS_1_2.javaName), createSet(socket.getEnabledProtocols()));
Set<String> expectedCipherSet =
createSet(
CipherSuite.TLS_RSA_WITH_RC4_128_MD5.javaName,
CipherSuite.TLS_RSA_WITH_RC4_128_SHA.javaName);
if (Arrays.asList(socket.getSupportedCipherSuites()).contains("TLS_FALLBACK_SCSV")) {
expectedCipherSet.add("TLS_FALLBACK_SCSV");
}
assertEquals(expectedCipherSet, expectedCipherSet);
}
private boolean shouldSendTlsFallbackIndicator(ConnectionSpec connectionSpec) {
return connectionSpec != connectionSpecs.get(0) && connectionSpec.isTls();
}
@Test
public void cleartextBuilder() throws Exception {
ConnectionSpec cleartextSpec = new ConnectionSpec.Builder(false).build();
assertFalse(cleartextSpec.isTls());
}