diff --git a/src/main/java/org/kohsuke/github/extras/OkHttpConnector.java b/src/main/java/org/kohsuke/github/extras/OkHttpConnector.java index faa06b0d3b..e7802c6bae 100644 --- a/src/main/java/org/kohsuke/github/extras/OkHttpConnector.java +++ b/src/main/java/org/kohsuke/github/extras/OkHttpConnector.java @@ -1,13 +1,25 @@ package org.kohsuke.github.extras; +import com.squareup.okhttp.ConnectionSpec; import com.squareup.okhttp.OkHttpClient; import com.squareup.okhttp.OkUrlFactory; + import org.kohsuke.github.HttpConnector; import java.io.IOException; + import java.net.HttpURLConnection; import java.net.URL; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; + +import java.util.Arrays; +import java.util.List; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; + /** * {@link HttpConnector} for {@link OkHttpClient}. * @@ -23,10 +35,33 @@ public class OkHttpConnector implements HttpConnector { private final OkUrlFactory urlFactory; public OkHttpConnector(OkUrlFactory urlFactory) { + urlFactory.client().setSslSocketFactory(TlsSocketFactory()); + urlFactory.client().setConnectionSpecs(TlsConnectionSpecs()); this.urlFactory = urlFactory; } public HttpURLConnection connect(URL url) throws IOException { return urlFactory.open(url); } + + /** Returns TLSv1.2 only SSL Socket Factory. */ + private SSLSocketFactory TlsSocketFactory() { + SSLContext sc; + try { + sc = SSLContext.getInstance("TLSv1.2"); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e.getMessage(), e); + } + try { + sc.init(null, null, null); + return sc.getSocketFactory(); + } catch (KeyManagementException e) { + throw new RuntimeException(e.getMessage(), e); + } + } + + /** Returns connection spec with TLS v1.2 in it */ + private List TlsConnectionSpecs() { + return Arrays.asList(ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT); + } }