------------------------

_2019-02-04_

Remove TLSv1.1 and TLSv1 from MODERN_TLS. Change COMPATIBLE_TLS to support all TLS versions.

##### RESTRICTED_TLS versions

* TLSv1.3
* TLSv1.2

##### MODERN_TLS versions

* TLSv1.3
* TLSv1.2
* **REMOVED:** ~~TLSv1.1~~
* **REMOVED:** ~~TLSv1~~

##### COMPATIBLE_TLS versions

* **NEW:** TLSv1.3
* **NEW:** TLSv1.2
* **NEW:** TLSv1.1
* TLSv1

[OkHttp 3.12][OkHttp312]

 *
 * Copy WireSharkKeyLoggerListener to your test code to use in development.
 *
 * This logs TLSv1.2 on a JVM (OpenJDK 11+) without any additional code.  For TLSv1.3
 * an existing external tool is required.
 *
 * See https://stackoverflow.com/questions/61929216/how-to-log-tlsv1-3-keys-in-jsse-for-wireshark-to-decode-traffic
 *
 * Steps to run in your own code
 *

      PlatformVersion.majorVersion == 8 ->
        assertThat(s.enabledProtocols.toList()).contains(
          "TLSv1.2",
        )
      else ->
        assertThat(s.enabledProtocols.toList()).containsExactly(
          "TLSv1.3",
          "TLSv1.2",
          "TLSv1.1",
          "TLSv1",
        )
    }
  }

  @Test
  @Disabled
  fun testFacebook() {
    val sessionIds = mutableListOf<String>()

  private val provider: Provider = org.openjsse.net.ssl.OpenJSSE()

  // Selects TLSv1.3 so we are specific about our intended version ranges (not just 1.3)
  // and because it's a common pattern for VMs to have differences between supported and
  // defaulted versions for TLS based on what is requested.
  override fun newSSLContext(): SSLContext = SSLContext.getInstance("TLSv1.3", provider)

  override fun platformTrustManager(): X509TrustManager {

 * [javax.net.ssl.SSLSocket.setEnabledProtocols].
 */
enum class TlsVersion(
  @get:JvmName("javaName") val javaName: String,
) {
  TLS_1_3("TLSv1.3"), // 2016.
  TLS_1_2("TLSv1.2"), // 2008.
  TLS_1_1("TLSv1.1"), // 2006.
  TLS_1_0("TLSv1"), // 1999.
  SSL_3_0("SSLv3"), // 1996.
  ;

  @JvmName("-deprecated_javaName")
  @Deprecated(
    message = "moved to val",

    assertThat(handshake.localCertificates).isEmpty()
  }

  @Test
  fun createFromSslSession() {
    val sslSession =
      FakeSSLSession(
        "TLSv1.3",
        "TLS_AES_128_GCM_SHA256",
        arrayOf(serverCertificate.certificate, serverIntermediate.certificate),
        null,
      )

    val handshake = sslSession.handshake()

      socket.enabledCipherSuites,
    )
  }

  @Test
  fun applyIntersectionToProtocolVersion() {
    val socket = FakeSslSocket()
    socket.enabledProtocols = arrayOf("TLSv1", "TLSv1.1", "TLSv1.2")
    socket.supportedCipherSuites = arrayOf("TLS_A")
    socket.enabledCipherSuites = arrayOf("TLS_A")
    val connectionSpec =
      ConnectionSpec.Builder(true)

    }
  }

  @Test
  fun testSupportedProtocols() {
    val factory = SSLSocketFactoryImpl()
    val s = factory.createSocket() as SSLSocketImpl

    assertEquals(listOf("TLSv1.3", "TLSv1.2"), s.enabledProtocols.toList())
  }

  @Test
  @Disabled
  fun testMozilla() {
    assumeNetwork()

    val request = Request.Builder().url("https://mozilla.org/robots.txt").build()

    // Most secure but generally supported list.
    private val RESTRICTED_CIPHER_SUITES =
      listOf(
        // TLSv1.3.
        CipherSuite.TLS_AES_128_GCM_SHA256,
        CipherSuite.TLS_AES_256_GCM_SHA384,
        CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
        // TLSv1.0, TLSv1.1, TLSv1.2.
        CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
        CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

    // IllegalStateException: Cannot resume session and session creation is disabled
    platform.assumeNotBouncyCastle()
  }

  @ParameterizedTest(name = "{displayName}({arguments})")
  @ValueSource(strings = ["TLSv1.2", "TLSv1.3"])
  @Flaky
  fun testSessionReuse(tlsVersion: String) {
    if (tlsVersion == TlsVersion.TLS_1_3.javaName) {
      assumeTrue(PlatformVersion.majorVersion != 8)
    }