- java.lang.Object
-
- javax.net.ssl.SSLParameters
-
public class SSLParameters extends Object
Encapsulates parameters for an SSL/TLS connection. The parameters are the list of ciphersuites to be accepted in an SSL/TLS handshake, the list of protocols to be allowed, the endpoint identification algorithm during SSL/TLS handshaking, the algorithm constraints and whether SSL/TLS servers should request or require client authentication.SSLParameters can be created via the constructors in this class. Objects can also be obtained using the
getSSLParameters()
methods inSSLSocket
andSSLServerSocket
andSSLEngine
or thegetDefaultSSLParameters()
andgetSupportedSSLParameters()
methods inSSLContext
.SSLParameters can be applied to a connection via the methods
SSLSocket.setSSLParameters()
andSSLServerSocket.setSSLParameters()
andSSLEngine.getSSLParameters()
.- Since:
- 1.6
- See Also:
SSLSocket
,SSLEngine
,SSLContext
-
-
Constructor Summary
Constructors Constructor and Description SSLParameters()
Constructs SSLParameters.SSLParameters(String[] cipherSuites)
Constructs SSLParameters from the specified array of ciphersuites.SSLParameters(String[] cipherSuites, String[] protocols)
Constructs SSLParameters from the specified array of ciphersuites and protocols.
-
Method Summary
Methods Modifier and Type Method and Description AlgorithmConstraints
getAlgorithmConstraints()
Returns the cryptographic algorithm constraints.String[]
getCipherSuites()
Returns a copy of the array of ciphersuites or null if none have been set.String
getEndpointIdentificationAlgorithm()
Gets the endpoint identification algorithm.boolean
getNeedClientAuth()
Returns whether client authentication should be required.String[]
getProtocols()
Returns a copy of the array of protocols or null if none have been set.boolean
getWantClientAuth()
Returns whether client authentication should be requested.void
setAlgorithmConstraints(AlgorithmConstraints constraints)
Sets the cryptographic algorithm constraints, which will be used in addition to any configured by the runtime environment.void
setCipherSuites(String[] cipherSuites)
Sets the array of ciphersuites.void
setEndpointIdentificationAlgorithm(String algorithm)
Sets the endpoint identification algorithm.void
setNeedClientAuth(boolean needClientAuth)
Sets whether client authentication should be required.void
setProtocols(String[] protocols)
Sets the array of protocols.void
setWantClientAuth(boolean wantClientAuth)
Sets whether client authentication should be requested.
-
-
-
Constructor Detail
-
SSLParameters
public SSLParameters()
Constructs SSLParameters.The cipherSuites and protocols values are set to
null
, wantClientAuth and needClientAuth are set tofalse
.
-
SSLParameters
public SSLParameters(String[] cipherSuites)
Constructs SSLParameters from the specified array of ciphersuites.Calling this constructor is equivalent to calling the no-args constructor followed by
setCipherSuites(cipherSuites);
.- Parameters:
cipherSuites
- the array of ciphersuites (or null)
-
SSLParameters
public SSLParameters(String[] cipherSuites, String[] protocols)
Constructs SSLParameters from the specified array of ciphersuites and protocols.Calling this constructor is equivalent to calling the no-args constructor followed by
setCipherSuites(cipherSuites); setProtocols(protocols);
.- Parameters:
cipherSuites
- the array of ciphersuites (or null)protocols
- the array of protocols (or null)
-
-
Method Detail
-
getCipherSuites
public String[] getCipherSuites()
Returns a copy of the array of ciphersuites or null if none have been set.- Returns:
- a copy of the array of ciphersuites or null if none have been set.
-
setCipherSuites
public void setCipherSuites(String[] cipherSuites)
Sets the array of ciphersuites.- Parameters:
cipherSuites
- the array of ciphersuites (or null)
-
getProtocols
public String[] getProtocols()
Returns a copy of the array of protocols or null if none have been set.- Returns:
- a copy of the array of protocols or null if none have been set.
-
setProtocols
public void setProtocols(String[] protocols)
Sets the array of protocols.- Parameters:
protocols
- the array of protocols (or null)
-
getWantClientAuth
public boolean getWantClientAuth()
Returns whether client authentication should be requested.- Returns:
- whether client authentication should be requested.
-
setWantClientAuth
public void setWantClientAuth(boolean wantClientAuth)
Sets whether client authentication should be requested. Calling this method clears theneedClientAuth
flag.- Parameters:
wantClientAuth
- whether client authentication should be requested
-
getNeedClientAuth
public boolean getNeedClientAuth()
Returns whether client authentication should be required.- Returns:
- whether client authentication should be required.
-
setNeedClientAuth
public void setNeedClientAuth(boolean needClientAuth)
Sets whether client authentication should be required. Calling this method clears thewantClientAuth
flag.- Parameters:
needClientAuth
- whether client authentication should be required
-
getAlgorithmConstraints
public AlgorithmConstraints getAlgorithmConstraints()
Returns the cryptographic algorithm constraints.- Returns:
- the cryptographic algorithm constraints, or null if the constraints have not been set
- Since:
- 1.7
- See Also:
setAlgorithmConstraints(AlgorithmConstraints)
-
setAlgorithmConstraints
public void setAlgorithmConstraints(AlgorithmConstraints constraints)
Sets the cryptographic algorithm constraints, which will be used in addition to any configured by the runtime environment.If the
constraints
parameter is non-null, every cryptographic algorithm, key and algorithm parameters used in the SSL/TLS handshake must be permitted by the constraints.- Parameters:
constraints
- the algorithm constraints (or null)- Since:
- 1.7
-
getEndpointIdentificationAlgorithm
public String getEndpointIdentificationAlgorithm()
Gets the endpoint identification algorithm.- Returns:
- the endpoint identification algorithm, or null if none has been set.
- Since:
- 1.7
- See Also:
X509ExtendedTrustManager
,setEndpointIdentificationAlgorithm(String)
-
setEndpointIdentificationAlgorithm
public void setEndpointIdentificationAlgorithm(String algorithm)
Sets the endpoint identification algorithm.If the
algorithm
parameter is non-null or non-empty, the endpoint identification/verification procedures must be handled during SSL/TLS handshaking. This is to prevent man-in-the-middle attacks.- Parameters:
algorithm
- The standard string name of the endpoint identification algorithm (or null). See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.- Since:
- 1.7
- See Also:
X509ExtendedTrustManager
-
-
Document created the 11/06/2005, last modified the 04/03/2020
Source of the printed document:https://www.gaudry.be/en/java-api-rf-javax/net/ssl/sslparameters.html
The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.
References
These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.