QuantumScan
square/okhttp
The OkHttp repository contains quantum-vulnerable cryptographic implementations in its TLS certificate management module. RSA and Elliptic Curve Cryptography are extensively used for certificate generation and key handling, which will become insecure against quantum computing attacks. While these appear to be primarily in testing and utility code rather than core TLS handshake logic, migration planning is essential for long-term security.
| File | Algorithm | Severity | |
|---|---|---|---|
| okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:29 | Elliptic Curve Cryptography | high | |
| okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:30 | RSA | high | |
| okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:31 | RSA | high | |
| okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:176 | RSA | high | |
| okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:178 | PKCS#1 (RSA-based) | high | |
| okhttp-tls/src/test/java/okhttp3/tls/HeldCertificateTest.kt:186 | PKCS#1 (RSA-based) | high | |
| okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:164 | Hardcoded cryptographic key | low |
Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.
https://quantumscan.io/en/share/be80b222-9c21-4461-8e05-f4ea993d4699Show your project's post-quantum readiness in the README. The badge updates automatically after every new scan.
[](https://github.com/square/okhttp)<a href="https://github.com/square/okhttp"><img src="https://quantumscan.io/api/badge/square/okhttp.svg" alt="Post-Quantum Readiness" /></a>Add badge to your README
Show your quantum-safety score directly on GitHub.
[](https://quantumscan.io/en/scan/be80b222-9c21-4461-8e05-f4ea993d4699)Save your results & track future changes
Create a free account to get drift alerts, compliance PDF exports, and scan history.
- Weekly drift alerts when new vulnerabilities appear
- Track risk score over time across all your repos
- Export DORA / NIS2 compliance PDF for auditors
Free forever for design partners · No credit card