ContextQMD
Back to Okhttp

Tls Configuration History

docs/security/tls_configuration_history.md

1.3.09.0 KB
Original Source

TLS Configuration History

OkHttp tracks the dynamic TLS ecosystem to balance connectivity and security. This page is a log of changes we've made over time to OkHttp's default TLS options.

OkHttp 3.14

2019-03-14

Remove 2 TLSv1.3 cipher suites that are neither available on OkHttp’s host platforms nor enabled in releases of Chrome and Firefox.

RESTRICTED_TLS cipher suites
  • TLS_AES_128_GCM_SHA256¹
  • TLS_AES_256_GCM_SHA384¹
  • TLS_CHACHA20_POLY1305_SHA256¹
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • REMOVED: TLS_AES_128_CCM_SHA256¹
  • REMOVED: TLS_AES_128_CCM_8_SHA256¹
MODERN_TLS / COMPATIBLE_TLS cipher suites
  • TLS_AES_128_GCM_SHA256¹
  • TLS_AES_256_GCM_SHA384¹
  • TLS_CHACHA20_POLY1305_SHA256¹
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA²
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA²
  • TLS_RSA_WITH_AES_128_GCM_SHA256²
  • TLS_RSA_WITH_AES_256_GCM_SHA384²
  • TLS_RSA_WITH_AES_128_CBC_SHA²
  • TLS_RSA_WITH_AES_256_CBC_SHA²
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA²
  • REMOVED: TLS_AES_128_CCM_SHA256¹
  • REMOVED: TLS_AES_128_CCM_8_SHA256¹

OkHttp 3.13

2019-02-04

Remove TLSv1.1 and TLSv1 from MODERN_TLS. Change COMPATIBLE_TLS to support all TLS versions.

RESTRICTED_TLS versions
  • TLSv1.3
  • TLSv1.2
MODERN_TLS versions
  • TLSv1.3
  • TLSv1.2
  • REMOVED: TLSv1.1
  • REMOVED: TLSv1
COMPATIBLE_TLS versions
  • NEW: TLSv1.3
  • NEW: TLSv1.2
  • NEW: TLSv1.1
  • TLSv1

OkHttp 3.12

2018-11-16

Added support for TLSv1.3.

RESTRICTED_TLS cipher suites
  • NEW: TLS_AES_128_GCM_SHA256¹
  • NEW: TLS_AES_256_GCM_SHA384¹
  • NEW: TLS_CHACHA20_POLY1305_SHA256¹
  • NEW: TLS_AES_128_CCM_SHA256¹
  • NEW: TLS_AES_128_CCM_8_SHA256¹
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
MODERN_TLS / COMPATIBLE_TLS cipher suites
  • NEW: TLS_AES_128_GCM_SHA256¹
  • NEW: TLS_AES_256_GCM_SHA384¹
  • NEW: TLS_CHACHA20_POLY1305_SHA256¹
  • NEW: TLS_AES_128_CCM_SHA256¹
  • NEW: TLS_AES_128_CCM_8_SHA256¹
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA²
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA²
  • TLS_RSA_WITH_AES_128_GCM_SHA256²
  • TLS_RSA_WITH_AES_256_GCM_SHA384²
  • TLS_RSA_WITH_AES_128_CBC_SHA²
  • TLS_RSA_WITH_AES_256_CBC_SHA²
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA²
RESTRICTED_TLS versions
  • NEW: TLSv1.3
  • TLSv1.2
MODERN_TLS versions
  • NEW: TLSv1.3
  • TLSv1.2
  • TLSv1.1
  • TLSv1
COMPATIBLE_TLS versions
  • TLSv1

OkHttp 3.11

2018-07-12

Added a new extra strict RESTRICTED_TLS configuration inspired by Google Cloud’s similar policy. It is appropriate when both the host platform (JVM/Conscrypt/Android) and target webserver are current.

RESTRICTED_TLS cipher suites
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
RESTRICTED_TLS versions
  • TLSv1.2

OkHttp 3.10

2018-02-24

Remove two rarely-used cipher suites from the default set. This tracks a Chromium change to remove these cipher suites because they are fragile and rarely-used.

MODERN_TLS / COMPATIBLE_TLS cipher suites
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA²
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA²
  • TLS_RSA_WITH_AES_128_GCM_SHA256²
  • TLS_RSA_WITH_AES_256_GCM_SHA384²
  • TLS_RSA_WITH_AES_128_CBC_SHA²
  • TLS_RSA_WITH_AES_256_CBC_SHA²
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA²
  • REMOVED: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • REMOVED: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

OkHttp 3.5

2016-11-30

Remove three old cipher suites and add five new ones. This tracks changes in what's available on Android and Java, and also what cipher suites recent releases of Chrome and Firefox support by default.

MODERN_TLS / COMPATIBLE_TLS cipher suites
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • NEW: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • NEW: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • NEW: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • NEW: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA²
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA²
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA²
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA²
  • TLS_RSA_WITH_AES_128_GCM_SHA256²
  • NEW: TLS_RSA_WITH_AES_256_GCM_SHA384²
  • TLS_RSA_WITH_AES_128_CBC_SHA²
  • TLS_RSA_WITH_AES_256_CBC_SHA²
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA²
  • REMOVED: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • REMOVED: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • REMOVED: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

OkHttp 3.0

2016-01-13

MODERN_TLS / COMPATIBLE_TLS cipher suites
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA²
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA²
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA²
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA²
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA²
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA²
  • TLS_RSA_WITH_AES_128_GCM_SHA256²
  • TLS_RSA_WITH_AES_128_CBC_SHA²
  • TLS_RSA_WITH_AES_256_CBC_SHA²
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA²
MODERN_TLS versions
  • TLSv1.2
  • TLSv1.1
  • TLSv1
COMPATIBLE_TLS versions
  • TLSv1

<a name="tlsv13_only"></a>

¹ TLSv1.3 Only

Cipher suites that are only available with TLSv1.3.

<a name="http2_naughty"></a>

² HTTP/2 Cipher Suite Denylist

Cipher suites that are discouraged for use with HTTP/2. OkHttp includes them because better suites are not commonly available. For example, none of the better cipher suites listed above shipped with Android 4.4 or Java 7.