public class SSLParameters extends Object
SSLParameters can be created via the constructors in this class. Objects can also be obtained using the getSSLParameters() methods in SSLSocket and SSLServerSocket and SSLEngine or the getDefaultSSLParameters() and getSupportedSSLParameters() methods in SSLContext.
SSLParameters can be applied to a connection via the methods SSLSocket.setSSLParameters() and SSLServerSocket.setSSLParameters() and SSLEngine.setSSLParameters().
SSLSocket,
SSLEngine,
SSLContext
| Constructor and Description |
|---|
SSLParameters()
Constructs SSLParameters.
|
SSLParameters(String
Constructs SSLParameters from the specified array of ciphersuites.
|
SSLParameters(String
Constructs SSLParameters from the specified array of ciphersuites and protocols.
|
| Modifier and Type | Method and Description |
|---|---|
AlgorithmConstraints |
getAlgorithmConstraints()
Returns the cryptographic algorithm constraints.
|
String |
getCipherSuites()
Returns a copy of the array of ciphersuites or null if none have been set.
|
String |
getEndpointIdentificationAlgorithm()
Gets the endpoint identification algorithm.
|
boolean |
getNeedClientAuth()
Returns whether client authentication should be required.
|
String |
getProtocols()
Returns a copy of the array of protocols or null if none have been set.
|
List |
getServerNames()
Returns a
List containing all
SNIServerNames of the Server Name Indication (SNI) parameter, or null if none has been set.
|
Collection |
getSNIMatchers()
Returns a
Collection containing all
SNIMatchers of the Server Name Indication (SNI) parameter, or null if none has been set.
|
boolean |
getUseCipherSuitesOrder()
Returns whether the local cipher suites preference should be honored.
|
boolean |
getWantClientAuth()
Returns whether client authentication should be requested.
|
void |
setAlgorithmConstraints(AlgorithmConstraints
Sets the cryptographic algorithm constraints, which will be used in addition to any configured by the runtime environment.
|
void |
setCipherSuites(String
Sets the array of ciphersuites.
|
void |
setEndpointIdentificationAlgorithm(String
Sets the endpoint identification algorithm.
|
void |
setNeedClientAuth(boolean needClientAuth)
Sets whether client authentication should be required.
|
void |
setProtocols(String
Sets the array of protocols.
|
void |
setServerNames(List
Sets the desired
SNIServerNames of the Server Name Indication (SNI) parameter.
|
void |
setSNIMatchers(Collection
Sets the
SNIMatchers of the Server Name Indication (SNI) parameter.
|
void |
setUseCipherSuitesOrder(boolean honorOrder)
Sets whether the local cipher suites preference should be honored.
|
void |
setWantClientAuth(boolean wantClientAuth)
Sets whether client authentication should be requested.
|
public SSLParameters()
The values of cipherSuites, protocols, cryptographic algorithm constraints, endpoint identification algorithm, server names and server name matchers are set to null, useCipherSuitesOrder, wantClientAuth and needClientAuth are set to false.
public SSLParameters(String[] cipherSuites)
Calling this constructor is equivalent to calling the no-args constructor followed by setCipherSuites(cipherSuites);.
cipherSuites - the array of ciphersuites (or null)
public SSLParameters(String[] cipherSuites, String [] protocols)
Calling this constructor is equivalent to calling the no-args constructor followed by setCipherSuites(cipherSuites); setProtocols(protocols);.
cipherSuites - the array of ciphersuites (or null)
protocols - the array of protocols (or null)
public String[] getCipherSuites()
public void setCipherSuites(String[] cipherSuites)
cipherSuites - the array of ciphersuites (or null)
public String[] getProtocols()
public void setProtocols(String[] protocols)
protocols - the array of protocols (or null)
public boolean getWantClientAuth()
public void setWantClientAuth(boolean wantClientAuth)
needClientAuth flag.
wantClientAuth - whether client authentication should be requested
public boolean getNeedClientAuth()
public void setNeedClientAuth(boolean needClientAuth)
wantClientAuth flag.
needClientAuth - whether client authentication should be required
public AlgorithmConstraintsgetAlgorithmConstraints()
setAlgorithmConstraints(AlgorithmConstraints)
public void setAlgorithmConstraints(AlgorithmConstraintsconstraints)
If the constraints parameter is non-null, every cryptographic algorithm, key and algorithm parameters used in the SSL/TLS handshake must be permitted by the constraints.
constraints - the algorithm constraints (or null)
public StringgetEndpointIdentificationAlgorithm()
X509ExtendedTrustManager,
setEndpointIdentificationAlgorithm(String)
public void setEndpointIdentificationAlgorithm(Stringalgorithm)
If the algorithm parameter is non-null or non-empty, the endpoint identification/verification procedures must be handled during SSL/TLS handshaking. This is to prevent man-in-the-middle attacks.
algorithm - The standard string name of the endpoint identification algorithm (or null). See Appendix A in the
Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.
X509ExtendedTrustManager
public final void setServerNames(List<SNIServerName > serverNames)
SNIServerNames of the Server Name Indication (SNI) parameter.
This method is only useful to SSLSockets or SSLEngines operating in client mode.
Note that the serverNames list is cloned to protect against subsequent modification.
serverNames - the list of desired
SNIServerNames (or null)
NullPointerException - if the
serverNames contains
null element
IllegalArgumentException - if the
serverNames contains more than one name of the same name type
SNIServerName,
getServerNames()
public final List<SNIServerName > getServerNames()
List containing all
SNIServerNames of the Server Name Indication (SNI) parameter, or null if none has been set.
This method is only useful to SSLSockets or SSLEngines operating in client mode.
For SSL/TLS connections, the underlying SSL/TLS provider may specify a default value for a certain server name type. In client mode, it is recommended that, by default, providers should include the server name indication whenever the server can be located by a supported server name type.
It is recommended that providers initialize default Server Name Indications when creating SSLSocket/SSLEngines. In the following examples, the server name could be represented by an instance of SNIHostName which has been initialized with the hostname "www.example.com" and type StandardConstants.
Socket socket =
sslSocketFactory.createSocket("www.example.com", 443);
or
SSLEngine engine =
sslContext.createSSLEngine("www.example.com", 443);
SNIServerNames
List,
setServerNames(List)
public final void setSNIMatchers(Collection<SNIMatcher > matchers)
SNIMatchers of the Server Name Indication (SNI) parameter.
This method is only useful to SSLSockets or SSLEngines operating in server mode.
Note that the matchers collection is cloned to protect against subsequent modification.
matchers - the collection of
SNIMatchers (or null)
NullPointerException - if the
matchers contains
null element
IllegalArgumentException - if the
matchers contains more than one name of the same name type
Collection,
SNIMatcher,
getSNIMatchers()
public final Collection<SNIMatcher > getSNIMatchers()
Collection containing all
SNIMatchers of the Server Name Indication (SNI) parameter, or null if none has been set.
This method is only useful to SSLSockets or SSLEngines operating in server mode.
For better interoperability, providers generally will not define default matchers so that by default servers will ignore the SNI extension and continue the handshake.
SNIMatchers
SNIMatcher,
setSNIMatchers(Collection)
public final void setUseCipherSuitesOrder(boolean honorOrder)
honorOrder - whether local cipher suites order in
#getCipherSuites should be honored during SSL/TLS handshaking.
getUseCipherSuitesOrder()
public final boolean getUseCipherSuitesOrder()
#getCipherSuites should be honored during SSL/TLS handshaking.
setUseCipherSuitesOrder(boolean)