Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hows My Ssl test for Android #5428

Merged
merged 4 commits into from
Sep 9, 2019
Merged

Hows My Ssl test for Android #5428

merged 4 commits into from
Sep 9, 2019

Conversation

yschimke
Copy link
Collaborator

@yschimke yschimke commented Sep 7, 2019

With session ticket disabled in AndroidSocketAdapter

09-07 12:04:35.577 24546 25651 W OkHttp  : results HowsMySslResults(unknown_cipher_suite_supported=false, beast_vuln=false, session_ticket_supported=false, tls_compression_supported=false, ephemeral_keys_supported=true, rating=Probably Okay, tls_version=TLS 1.3, able_to_detect_n_minus_one_splitting=false, insecure_cipher_suites={}, given_cipher_suites=[TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA])

@yschimke
Copy link
Collaborator Author

yschimke commented Sep 7, 2019

n.b. above some rate, expect failures unless Square subscribe https://subscriptions.howsmyssl.com/

So we may not want to land, but using for testing in a console.

yschimke
yschimke commented Sep 7, 2019
View reviewed changes
android-test/src/androidTest/java/okhttp/android/test/OkHttpTest.kt
assertEquals("TLS 1.3", results.tls_version)
assertEquals(0, results.insecure_cipher_suites.size)

assertEquals(TlsVersion.TLS_1_3, response.handshake?.tlsVersion)
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO adapt this and other checks based on Android version.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this is a drag I guess we just need an expected TLS version for each Android version we support.

swankjesse
swankjesse approved these changes Sep 7, 2019
View reviewed changes
android-test/src/androidTest/java/okhttp/android/test/OkHttpTest.kt
val given_cipher_suites: List<String>?
)

@Test
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wanna @Ignore this so running our test suite by default doesn’t flake on connectivity?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... I’d love to share tests like this between Android and JVM

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, I'll follow up on that.

@yschimke yschimke merged commit 2cdbbda into square:master Sep 9, 2019
@yschimke yschimke deleted the howsmyssl branch September 9, 2019 11:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swankjesse swankjesse swankjesse approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yschimke @swankjesse