We've just cut the first release candidate of OkHttp 2.1. This release is focused on caching & crypto.
Caching
We've improved cache APIs and also fixed some long-lived cache bugs. If you're using OkHttp with Picasso, it may fix some unexpected cache misses. The cache is now private which allows it to store resources guarded with OAuth Authorization headers.
Getting the right Cache-Control is now easier, with constants for FORCE_CACHE and FORCE_NETWORK for the rare occasions when you need to override the default policy:
Request request = new Request.Builder()
.cacheControl(CacheControl.FORCE_NETWORK)
.url("https://square.com/cash")
.build();
Crypto
We've become quite opinionated on TLS configuration. We now expose a class, ConnectionSpec to manipulate which TLS versions are enabled (for example, to mitigate SSLv3's POODLE vulnerability) and also which cipher suites (for perfect forward secrecy). You can now disable TLS fallback and cleartext connections.
This release introduces an API for certificate pinning, though you should use it very carefully.
client.setCertificatePinner(new CertificatePinner.Builder()
.add("publicobject.com", "sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=")
.add("publicobject.com", "sha1/SXxoaOSEzPC6BgGmxAt/EAcsajw=")
.add("publicobject.com", "sha1/blhOM3W9V/bVQhsWAcLYwPU6n24=")
.add("publicobject.com", "sha1/T5x9IXmcrQ7YuQxXnxoCmeeQ84c=")
.build());
Get it now
The changelog has full details of what's new & what's been fixed. Get 2.1.0-RC1 from Maven Central:
<dependency>
<groupId>com.squareup.okhttp</groupId>
<artifactId>okhttp</artifactId>
<version>2.1.0-RC1</version>
</dependency>