Fix tls version

[JohannesKuehnel]

Removed static libraries and added Maven entries
Added latest OkHttp library as source code and forced TLSv1.2
Fixed OkHttp API changes vom v1 to v2
Added OkHttp enforcing to doHttps-Methods (consistency)
Fixed resource reporting for Bricks

Test run: https://jenkins.catrob.at/view/All-Categories/view/Experimental/job/Catroid-Multi-Job-Custom-Branch-RELOADED/480/
https://jenkins.catrob.at/job/CatroidDeviceTest/563/

[aried3r]

Why add the source code instead of adding

compile 'com.squareup.okhttp:okhttp-urlconnection:2.0.0'
compile 'com.squareup.okhttp:okhttp:2.0.0'

to the build.gradle file?

[aried3r]

Well, I'm guessing because you want to disable SSLv3 because of POODLE, but where in the code did you apply your own changes?

[JohannesKuehnel]

As I've discussed with Ajdin and others already, that's something I've already tried but the problem is the OkHttp library is using SSLContext.getInstance("TLS") which calls the API's default TLS setting (only API level 20 has TLSv1.2 as its default) and therefor fails to connect to the testserver (which has TLS below 1.1 as well as SSL3 disabled).

Changes have been applied to several files due to Maps, Lists and so on missing Datatypes in their "<>", System.out.println() etc. The relevant change, however, is in OkHttpClient.java - getDefaultSSLSocketFactory(), where I've changed "TLS" to "TLSv1.2".

One could also make a single library jar with the edited files. This would result in a minor pull request.

[aried3r]

Would the code in this comment work for us using the gradle dependency?

[JohannesKuehnel]

Styp was working on this today. Dunno if he finally succeeded.

Anyway, Android APIs below 16 don't support TLSv1.1+, which might be a problem once we upgrade the production server, since Pocket Code officially works with 10+.
https://developer.android.com/reference/javax/net/ssl/SSLSocket.html

[SimonStefan]

easier fix with e23ade4 will be committed soon to master