public class SSLParameters extends Object
SSLParameters can be created via the constructors in this class.
Objects can also be obtained using the getSSLParameters()
methods in
SSLSocket
and
SSLServerSocket
and
SSLEngine
or the
getDefaultSSLParameters()
and
getSupportedSSLParameters()
methods in SSLContext
.
SSLParameters can be applied to a connection via the methods
SSLSocket.setSSLParameters()
and
SSLServerSocket.setSSLParameters()
and SSLEngine.setSSLParameters()
.
SSLSocket
,
SSLEngine
,
SSLContext
Constructor and Description |
---|
SSLParameters()
Constructs SSLParameters.
|
SSLParameters(String[] cipherSuites)
Constructs SSLParameters from the specified array of ciphersuites.
|
SSLParameters(String[] cipherSuites,
String[] protocols)
Constructs SSLParameters from the specified array of ciphersuites
and protocols.
|
Modifier and Type | Method and Description |
---|---|
AlgorithmConstraints |
getAlgorithmConstraints()
Returns the cryptographic algorithm constraints.
|
String[] |
getCipherSuites()
Returns a copy of the array of ciphersuites or null if none
have been set.
|
String |
getEndpointIdentificationAlgorithm()
Gets the endpoint identification algorithm.
|
boolean |
getNeedClientAuth()
Returns whether client authentication should be required.
|
String[] |
getProtocols()
Returns a copy of the array of protocols or null if none
have been set.
|
List<SNIServerName> |
getServerNames()
Returns a
List containing all SNIServerName s of the
Server Name Indication (SNI) parameter, or null if none has been set. |
Collection<SNIMatcher> |
getSNIMatchers()
Returns a
Collection containing all SNIMatcher s of the
Server Name Indication (SNI) parameter, or null if none has been set. |
boolean |
getUseCipherSuitesOrder()
Returns whether the local cipher suites preference should be honored.
|
boolean |
getWantClientAuth()
Returns whether client authentication should be requested.
|
void |
setAlgorithmConstraints(AlgorithmConstraints constraints)
Sets the cryptographic algorithm constraints, which will be used
in addition to any configured by the runtime environment.
|
void |
setCipherSuites(String[] cipherSuites)
Sets the array of ciphersuites.
|
void |
setEndpointIdentificationAlgorithm(String algorithm)
Sets the endpoint identification algorithm.
|
void |
setNeedClientAuth(boolean needClientAuth)
Sets whether client authentication should be required.
|
void |
setProtocols(String[] protocols)
Sets the array of protocols.
|
void |
setServerNames(List<SNIServerName> serverNames)
Sets the desired
SNIServerName s of the Server Name
Indication (SNI) parameter. |
void |
setSNIMatchers(Collection<SNIMatcher> matchers)
Sets the
SNIMatcher s of the Server Name Indication (SNI)
parameter. |
void |
setUseCipherSuitesOrder(boolean honorOrder)
Sets whether the local cipher suites preference should be honored.
|
void |
setWantClientAuth(boolean wantClientAuth)
Sets whether client authentication should be requested.
|
public SSLParameters()
The values of cipherSuites, protocols, cryptographic algorithm
constraints, endpoint identification algorithm, server names and
server name matchers are set to null
, useCipherSuitesOrder,
wantClientAuth and needClientAuth are set to false
.
public SSLParameters(String[] cipherSuites)
Calling this constructor is equivalent to calling the no-args
constructor followed by
setCipherSuites(cipherSuites);
.
cipherSuites
- the array of ciphersuites (or null)public SSLParameters(String[] cipherSuites, String[] protocols)
Calling this constructor is equivalent to calling the no-args
constructor followed by
setCipherSuites(cipherSuites); setProtocols(protocols);
.
cipherSuites
- the array of ciphersuites (or null)protocols
- the array of protocols (or null)public String[] getCipherSuites()
public void setCipherSuites(String[] cipherSuites)
cipherSuites
- the array of ciphersuites (or null)public String[] getProtocols()
public void setProtocols(String[] protocols)
protocols
- the array of protocols (or null)public boolean getWantClientAuth()
public void setWantClientAuth(boolean wantClientAuth)
needClientAuth
flag.wantClientAuth
- whether client authentication should be requestedpublic boolean getNeedClientAuth()
public void setNeedClientAuth(boolean needClientAuth)
wantClientAuth
flag.needClientAuth
- whether client authentication should be requiredpublic AlgorithmConstraints getAlgorithmConstraints()
setAlgorithmConstraints(AlgorithmConstraints)
public void setAlgorithmConstraints(AlgorithmConstraints constraints)
If the constraints
parameter is non-null, every
cryptographic algorithm, key and algorithm parameters used in the
SSL/TLS handshake must be permitted by the constraints.
constraints
- the algorithm constraints (or null)public String getEndpointIdentificationAlgorithm()
X509ExtendedTrustManager
,
setEndpointIdentificationAlgorithm(String)
public void setEndpointIdentificationAlgorithm(String algorithm)
If the algorithm
parameter is non-null or non-empty, the
endpoint identification/verification procedures must be handled during
SSL/TLS handshaking. This is to prevent man-in-the-middle attacks.
algorithm
- The standard string name of the endpoint
identification algorithm (or null). See Appendix A in the
Java Cryptography Architecture API Specification & Reference
for information about standard algorithm names.X509ExtendedTrustManager
public final void setServerNames(List<SNIServerName> serverNames)
SNIServerName
s of the Server Name
Indication (SNI) parameter.
This method is only useful to SSLSocket
s or SSLEngine
s
operating in client mode.
Note that the serverNames
list is cloned
to protect against subsequent modification.
serverNames
- the list of desired SNIServerName
s (or null)NullPointerException
- if the serverNames
contains null
elementIllegalArgumentException
- if the serverNames
contains more than one name of the same name typeSNIServerName
,
getServerNames()
public final List<SNIServerName> getServerNames()
List
containing all SNIServerName
s of the
Server Name Indication (SNI) parameter, or null if none has been set.
This method is only useful to SSLSocket
s or SSLEngine
s
operating in client mode.
For SSL/TLS connections, the underlying SSL/TLS provider may specify a default value for a certain server name type. In client mode, it is recommended that, by default, providers should include the server name indication whenever the server can be located by a supported server name type.
It is recommended that providers initialize default Server Name
Indications when creating SSLSocket
/SSLEngine
s.
In the following examples, the server name could be represented by an
instance of SNIHostName
which has been initialized with the
hostname "www.example.com" and type
StandardConstants.SNI_HOST_NAME
.
Socket socket = sslSocketFactory.createSocket("www.example.com", 443);or
SSLEngine engine = sslContext.createSSLEngine("www.example.com", 443);
SNIServerName
sList
,
setServerNames(List)
public final void setSNIMatchers(Collection<SNIMatcher> matchers)
SNIMatcher
s of the Server Name Indication (SNI)
parameter.
This method is only useful to SSLSocket
s or SSLEngine
s
operating in server mode.
Note that the matchers
collection is cloned to protect
against subsequent modification.
matchers
- the collection of SNIMatcher
s (or null)NullPointerException
- if the matchers
contains null
elementIllegalArgumentException
- if the matchers
contains more than one name of the same name typeCollection
,
SNIMatcher
,
getSNIMatchers()
public final Collection<SNIMatcher> getSNIMatchers()
Collection
containing all SNIMatcher
s of the
Server Name Indication (SNI) parameter, or null if none has been set.
This method is only useful to SSLSocket
s or SSLEngine
s
operating in server mode.
For better interoperability, providers generally will not define default matchers so that by default servers will ignore the SNI extension and continue the handshake.
SNIMatcher
sSNIMatcher
,
setSNIMatchers(Collection)
public final void setUseCipherSuitesOrder(boolean honorOrder)
honorOrder
- whether local cipher suites order in
#getCipherSuites
should be honored during
SSL/TLS handshaking.getUseCipherSuitesOrder()
public final boolean getUseCipherSuitesOrder()
#getCipherSuites
should be honored during SSL/TLS handshaking.setUseCipherSuitesOrder(boolean)
Submit a bug or feature
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2019, Oracle and/or its affiliates. All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.