security.

OkHttp uses your platform's built-in TLS implementation. On Java platforms OkHttp also supports
[Conscrypt][conscrypt], which integrates [BoringSSL](https://github.com/google/boringssl) with Java. OkHttp will use Conscrypt if it is
the first security provider:

```java
Security.insertProviderAt(Conscrypt.newProvider(), 1);
```

    MockWebServer().apply {
      useHttps(handshakeCertificates.sslSocketFactory(), false)

      enqueue(
        MockResponse()
          .setResponseCode(HTTP_MOVED_TEMP)
          .setHeader("Location", "https://www.google.com/robots.txt"),
      )
    }

  val clientCertificates =
    HandshakeCertificates.Builder()
      .addPlatformTrustedCertificates()
      .addInsecureHost(server.hostName)
      .build()

      assertThat(it.body.string()).isEqualTo("abc")
    }
  }

  @Test
  fun testExternalSite() {
    val client = clientRule.newClient()

    client.newCall(Request(url = "https://google.com/robots.txt".toHttpUrl())).execute().use {
      assertThat(it.code).isEqualTo(200)
    }
  }

  @ParameterizedTest
  @ArgumentsSource(SampleTestProvider::class)
  fun testParams(mode: String) {
  }
}

              println("Negotiated " + sslSocket.applicationProtocol)
            }
          },
        )
        .build()

    val request =
      Request.Builder()
        .url("https://www.google.com")
        .build()
    client.newCall(request).execute().use { response ->
      assertThat(response.code).isEqualTo(200)
    }
  }

    }

    OkHttpClient client = builder.build();

    sendRequest(client, "https://valid-isrgrootx1.letsencrypt.org/robots.txt");

    try {
      sendRequest(client, "https://google.com/robots.txt");
      if (androidMorEarlier) {
        // will pass with default CAs on N or later
        fail();
      }
    } catch (SSLHandshakeException sslhe) {
      assertTrue(androidMorEarlier);

OkHttp 2.x Change Log
=====================

## Version 2.7.5

_2016-02-25_

 *  Fix: Change the certificate pinner to always build full chains. This
    prevents a potential crash when using certificate pinning with the Google
    Play Services security provider.


## Version 2.7.4

_2016-02-07_

 *  Fix: Don't crash when finding the trust manager if the Play Services (GMS)
    security provider is installed.

 *
 * This class doesn't support additional attributes on cookies, like
 * [Chromium's Priority=HIGH extension][chromium_extension].
 *
 * [chromium_extension]: https://code.google.com/p/chromium/issues/detail?id=232693
 */
@Suppress("NAME_SHADOWING")
class Cookie private constructor(
  /** Returns a non-empty string with this cookie's name. */
  @get:JvmName("name") val name: String,

import okio.GzipSink;
import okio.Okio;

public final class RequestBodyCompression {
  /**
   * The Google API KEY for OkHttp recipes. If you're using Google APIs for anything other than
   * running these examples, please request your own client ID!
   *
   * https://console.developers.google.com/project
   */
  public static final String GOOGLE_API_KEY = "AIzaSyAx2WZYe0My0i-uGurpvraYJxO7XNbwiGs";

1. Add an Emulator named `pixel5`, if you don't already have one

```
$ sdkmanager --install "system-images;android-29;google_apis;x86"
$ echo "no" | avdmanager --verbose create avd --force --name "pixel5" --device "pixel" --package "system-images;android-29;google_apis;x86" --tag "google_apis" --abi "x86"
```

2. Run an Emulator using Android Studio or from command line.

```
$ emulator -no-window -no-snapshot-load @pixel5

 * `CLEARTEXT` is an insecure configuration that is used for `http://` URLs.

These loosely follow the model set in [Google Cloud Policies](https://cloud.google.com/load-balancing/docs/ssl-policies-concepts). We [track changes](../security/tls_configuration_history.md) to this policy.