OkHttp 3.13 Requires Android 5+
Article Summary
Jesse Wilson explains why Square is cutting off 11% of Android devices with OkHttp 3.13. Spoiler: your web servers might break too.
Jesse Wilson from Square announced OkHttp 3.13, a major update that drops support for older Android versions and Java 7. The change aligns with industry-wide moves by Google, Mozilla, Microsoft, and Apple to require TLSv1.2 as the minimum security standard by early 2020.
Key Takeaways
- OkHttp 3.13 now requires Android 5.0+ (API 21) and Java 8+
- TLSv1 and TLSv1.1 support dropped to align with 2020 browser requirements
- OkHttp 3.12.x branch maintained through December 2020 for Android 4.x users
- 11% of Play Store devices still ran Android 4.x in October 2018
OkHttp is proactively enforcing TLSv1.2 as the minimum security standard, cutting off Android 4.x support to protect user data before major browsers do the same in 2020.
About This Article
OkHttp needed to enforce TLSv1.2 as the minimum standard to match requirements set by Google, Mozilla, Microsoft, and Apple in early 2020. This meant requiring Android 5.0 (API 21) as the baseline.
Jesse Wilson's team created a maintenance branch for OkHttp 3.12.x to support Android 4.x devices. They also added configuration options like ConnectionSpec.COMPATIBLE_TLS for servers that couldn't upgrade right away.
Developers can upgrade by setting minSdkVersion to 21 and configuring Java 1.8 compatibility in build.gradle. They'll need to update to OkHttp 3.13.1. The 3.12.x branch remains available through December 2020 for those who need backward compatibility.