How to make okhttp use OpenSSL engine for https?

Question

I need to use an algorithm which is implemented using OpenSSL engine. My target device is an Android9 device using okhttp2.6, I need this algorithm to work in https, how should I modify it?

1. Can the boringSSL used by okhttp use the OpenSSL engine? What do I have to do? Or do I need to use OpenSSL instead of boringSSL?

2. How to choose the engine when okhttp uses the SSL library?

The openssl engine can be used in native applications, but I don't know how to use it in Android apk. Android apk is using okhttp2.6 now

Answer 1

You can choose in two different ways.

1. Select a different provider, see https://square.github.io/okhttp/security/security_providers/ and install it as the platform security provider.

Via code:

          val provider = Conscrypt.newProviderBuilder()
              .provideTrustManager(true)
              .build()
          Security.insertProviderAt(provider, 1)

2. Replace the SSLSocketFactory that OkHttp uses.

Generally this is only required if there is an issue integrating a new provider with OkHttp, which relies on very specific APIs to use all possible and most secure SSL features.

However with both of these, you'll need an implementation of OpenSSL as a Socket or the Security Provider algorithms.

For 1, you can bundle your own Conscrypt implementation with your App. Or use the Play Store provider if it supports your device and has the features you need.

https://www.appfoundry.be/blog/Google-Play-Services-Dynamic-Security-Provider