Public scan reportRepository
square/okhttp
Scanned on Jun 4, 2026
Risk score/ 100
High risk
Summary
The OkHttp repository contains quantum-vulnerable cryptographic implementations in its TLS certificate management module. RSA and Elliptic Curve Cryptography are extensively used for certificate generation and key handling, which will become insecure against quantum computing attacks. While these appear to be primarily in testing and utility code rather than core TLS handshake logic, migration planning is essential for long-term security.
0
6
0
1
Top findings
- HighPKCS#1 (RSA-based)
okhttp-tls/src/test/java/okhttp3/tls/HeldCertificateTest.kt:186
- HighRSA
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:30
ML-KEM (CRYSTALS-Kyber) for key encapsulation
- HighRSA
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:31
ML-KEM (CRYSTALS-Kyber) for key encapsulation
- HighElliptic Curve Cryptography
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:29
- HighRSA
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:176
ML-KEM (CRYSTALS-Kyber) for key encapsulation
+ 2 more findings in the full report
Scan your own repository
Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.