Skip to content

Add TLS compatibility mode configuration for HTTP senders#8599

Open
adhamahmad wants to merge 1 commit into
open-telemetry:mainfrom
adhamahmad:feat/OkHttpHttpSender-should-support-COMPATIBLE_TLS-connectionSpec
Open

Add TLS compatibility mode configuration for HTTP senders#8599
adhamahmad wants to merge 1 commit into
open-telemetry:mainfrom
adhamahmad:feat/OkHttpHttpSender-should-support-COMPATIBLE_TLS-connectionSpec

Conversation

@adhamahmad

Copy link
Copy Markdown

Summary

Adds support for configuring TLS compatibility mode for HTTP senders (OkHttp only for now), allowing clients to optionally connect to endpoints that require legacy TLS protocol versions.

Fixes #7573

Motivation

Some users running on legacy environments, may be unable to connect to endpoints that only support older TLS protocol versions. The current HTTP sender configuration only supports modern TLS negotiation, preventing connections to these legacy endpoints.

Changes

Added TlsCompatibilityMode configuration to HttpSenderConfig with MODERN as the default behavior
Added HttpExporterBuilder.setTlsCompatibilityMode(TlsCompatibilityMode) to allow OTLP HTTP exporters to configure TLS compatibility behavior
Updated ImmutableHttpSenderConfig to carry the TLS compatibility mode configuration
Updated OkHttpHttpSender to map TlsCompatibilityMode.COMPATIBLE to OkHttp's ConnectionSpec.COMPATIBLE_TLS
Kept existing behavior unchanged by defaulting all senders to modern TLS configuration
Added TlsCompatibilityMode as a public API for implementation-neutral TLS compatibility configuration
Updated public API diff documentation with the new configuration method and enum

Testing

Added OkHttpHttpSenderTlsCompatibilityTest
Verified MODERN mode cannot connect to a server restricted to TLSv1/TLSv1.1 protocols
Verified COMPATIBLE mode can negotiate a connection with a legacy TLS-only server

Add a TLS compatibility mode option to HttpSenderConfig and expose it
through OTLP HTTP exporter configuration. Implement support in the
OkHttp sender by allowing compatible TLS negotiation for legacy TLS
servers while keeping modern TLS as the default.

Add tests covering modern TLS failure and compatible TLS success against
a legacy TLSv1/TLSv1.1-only server.
@adhamahmad adhamahmad requested a review from a team as a code owner July 15, 2026 00:42
@linux-foundation-easycla

linux-foundation-easycla Bot commented Jul 15, 2026

Copy link
Copy Markdown

CLA Signed
The committers listed above are authorized under a signed CLA.

  • ✅ login: adhamahmad / name: Adham Ahmed Hussein Mahrous (6473f3a)

@otelbot otelbot Bot added the api-change Changes to public API surface area label Jul 15, 2026
@otelbot

otelbot Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

⚠️ API changes detected — additional maintainer review required

@jack-berg @jkwatson

This PR modifies the public API surface area of the following module(s):

  • opentelemetry-sdk-common

Please review the changes in docs/apidiffs/current_vs_latest/ carefully before approving.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

api-change Changes to public API surface area

Projects

None yet

Development

Successfully merging this pull request may close these issues.

OkHttpHttpSender should support COMPATIBLE_TLS connectionSpec

1 participant