Class SSLContext
- java.lang.Object
-
- io.netty.internal.tcnative.SSLContext
-
public final class SSLContext extends java.lang.Object
-
-
Field Summary
Fields Modifier and Type Field Description private static int
MAX_ALPN_NPN_PROTO_SIZE
-
Constructor Summary
Constructors Modifier Constructor Description private
SSLContext()
-
Method Summary
All Methods Static Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static int
addCertificateCompressionAlgorithm(long ctx, int direction, CertificateCompressionAlgo algorithm)
Adds a certificate compression algorithm to the givenSSLContext
or throws an exception if certificate compression is not supported or the algorithm not recognized.private static int
addCertificateCompressionAlgorithm0(long ctx, int direction, int algorithmId, CertificateCompressionAlgo algorithm)
static void
clearOptions(long ctx, int options)
Clears OpenSSL Options.static void
disableOcsp(long ctx)
Disables OCSP stapling on the givenSSLContext
.static void
enableOcsp(long ctx, boolean client)
Enables OCSP stapling for the givenSSLContext
or throws an exception if OCSP stapling is not supported.static int
free(long ctx)
Free the resources used by the Contextstatic int
getMode(long ctx)
Call SSL_CTX_get_modestatic int
getOptions(long ctx)
Get OpenSSL Option.static long
getSessionCacheMode(long ctx)
Get the mode of the current used internal session cache.static long
getSessionCacheSize(long ctx)
Get the size of the internal session cache.static long
getSessionCacheTimeout(long ctx)
Get the timeout for the internal session cache in seconds.static long
getSslCtx(long ctx)
Returns theSSL_CTX
.static long
make(int protocol, int mode)
Initialize new SSL contextprivate static byte[]
protocolsToWireFormat(java.lang.String[] protocols)
static long
sessionAccept(long ctx)
Session resumption statistics methods.static long
sessionAcceptGood(long ctx)
Session resumption statistics methods.static long
sessionAcceptRenegotiate(long ctx)
Session resumption statistics methods.static long
sessionCacheFull(long ctx)
Session resumption statistics methods.static long
sessionCbHits(long ctx)
Session resumption statistics methods.static long
sessionConnect(long ctx)
Session resumption statistics methods.static long
sessionConnectGood(long ctx)
Session resumption statistics methods.static long
sessionConnectRenegotiate(long ctx)
Session resumption statistics methods.static long
sessionHits(long ctx)
Session resumption statistics methods.static long
sessionMisses(long ctx)
Session resumption statistics methods.static long
sessionNumber(long ctx)
Session resumption statistics methods.static long
sessionTicketKeyFail(long ctx)
TLS session ticket key resumption statistics.static long
sessionTicketKeyNew(long ctx)
TLS session ticket key resumption statistics.static long
sessionTicketKeyRenew(long ctx)
TLS session ticket key resumption statistics.static long
sessionTicketKeyResume(long ctx)
TLS session ticket key resumption statistics.static long
sessionTimeouts(long ctx)
Session resumption statistics methods.static void
setAlpnProtos(long ctx, java.lang.String[] alpnProtos, int selectorFailureBehavior)
Set application layer protocol for application layer protocol negotiation extensionprivate static void
setAlpnProtos0(long ctx, byte[] alpnProtos, int selectorFailureBehavior)
static boolean
setCACertificateBio(long ctx, long certBio)
Set concatenated PEM-encoded CA Certificates for Client Auth
This directive sets the all-in-one BIO where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with.static boolean
setCertificate(long ctx, java.lang.String cert, java.lang.String key, java.lang.String password)
Set Certificatestatic boolean
setCertificateBio(long ctx, long certBio, long keyBio, java.lang.String password)
Set Certificatestatic void
setCertificateCallback(long ctx, CertificateCallback callback)
Allow to hookCertificateCallback
into the certificate choosing process.static boolean
setCertificateChainBio(long ctx, long bio, boolean skipfirst)
Set BIO of PEM-encoded Server CA Certificatesstatic boolean
setCertificateChainFile(long ctx, java.lang.String file, boolean skipfirst)
Set File of PEM-encoded Server CA Certificates
This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate.static void
setCertRequestedCallback(long ctx, CertificateRequestedCallback callback)
Deprecated.static void
setCertVerifyCallback(long ctx, CertificateVerifier verifier)
Allow to hookCertificateVerifier
into the handshake processing.static boolean
setCipherSuite(long ctx, java.lang.String ciphers)
Deprecated.static boolean
setCipherSuite(long ctx, java.lang.String ciphers, boolean tlsv13)
Cipher Suite available for negotiation in SSL handshake.static void
setContextId(long ctx, java.lang.String id)
Set Session context id.static boolean
setCurvesList(long ctx, java.lang.String... curves)
Sets the curves to use.private static boolean
setCurvesList0(long ctx, java.lang.String curves)
static boolean
setKeyLogCallback(long ctx, KeyLogCallback callback)
Allow to hookKeyLogCallback
into the debug infrastructor of the native TLS implementation.static void
setMaxCertList(long ctx, int size)
Set the maximum number of bytes for the certificate chain during handshake.static int
setMode(long ctx, int mode)
Call SSL_CTX_set_modestatic void
setNpnProtos(long ctx, java.lang.String[] nextProtos, int selectorFailureBehavior)
Set next protocol for next protocol negotiation extensionprivate static void
setNpnProtos0(long ctx, byte[] nextProtos, int selectorFailureBehavior)
static boolean
setNumTickets(long ctx, int tickets)
Set the number of TLSv1.3 session tickets that will be sent to the client after a full handshake.static void
setOptions(long ctx, int options)
Set OpenSSL Option.static void
setPrivateKeyMethod(long ctx, AsyncSSLPrivateKeyMethod method)
Sets theAsyncSSLPrivateKeyMethod
to use for the givenSSLContext
.static void
setPrivateKeyMethod(long ctx, SSLPrivateKeyMethod method)
Set theSSLPrivateKeyMethod
to use for the givenSSLContext
.private static void
setPrivateKeyMethod0(long ctx, AsyncSSLPrivateKeyMethod method)
static long
setSessionCacheMode(long ctx, long mode)
Set the mode of the internal session cache and return the previous used mode.static long
setSessionCacheSize(long ctx, long size)
Set the size of the internal session cache.static long
setSessionCacheTimeout(long ctx, long timeoutSeconds)
Set the timeout for the internal session cache in seconds.static boolean
setSessionIdContext(long ctx, byte[] sidCtx)
Set the context within which session be reused (server side only).static void
setSessionTicketKeys(long ctx, SessionTicketKey[] keys)
Set TLS session ticket keys.private static void
setSessionTicketKeys0(long ctx, byte[] keys)
Set TLS session keys.static void
setSniHostnameMatcher(long ctx, SniHostNameMatcher matcher)
Allow to hookSniHostNameMatcher
into the sni processing.static void
setSSLSessionCache(long ctx, SSLSessionCache cache)
Set theSSLSessionCache
that will be used if session caching is enabled.static void
setTmpDHLength(long ctx, int length)
Set length of the DH to use.static void
setUseTasks(long ctx, boolean useTasks)
Enable or disable producing of tasks that should be obtained viaSSL.getTask(long)
and run.static void
setVerify(long ctx, int level, int depth)
Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
-
-
-
Field Detail
-
MAX_ALPN_NPN_PROTO_SIZE
private static final int MAX_ALPN_NPN_PROTO_SIZE
- See Also:
- Constant Field Values
-
-
Method Detail
-
make
public static long make(int protocol, int mode) throws java.lang.Exception
Initialize new SSL context- Parameters:
protocol
- The SSL protocol to use. It can be any combination of the following:SSL.SSL_PROTOCOL_SSLV2
SSL.SSL_PROTOCOL_SSLV3
SSL.SSL_PROTOCOL_TLSV1
SSL.SSL_PROTOCOL_TLSV1_1
SSL.SSL_PROTOCOL_TLSV1_2
SSL.SSL_PROTOCOL_ALL
( == all TLS versions, no SSL)mode
- SSL mode to useSSL_MODE_CLIENT SSL_MODE_SERVER SSL_MODE_COMBINED
- Returns:
- the SSLContext struct
- Throws:
java.lang.Exception
- if an error happened
-
free
public static int free(long ctx)
Free the resources used by the Context- Parameters:
ctx
- Server or Client context to free.- Returns:
- APR Status code.
-
setContextId
public static void setContextId(long ctx, java.lang.String id)
Set Session context id. Usually host:port combination.- Parameters:
ctx
- Context to use.id
- String that uniquely identifies this context.
-
setOptions
public static void setOptions(long ctx, int options)
Set OpenSSL Option.- Parameters:
ctx
- Server or Client context to use.options
- See SSL.SSL_OP_* for option flags.
-
getOptions
public static int getOptions(long ctx)
Get OpenSSL Option.- Parameters:
ctx
- Server or Client context to use.- Returns:
- options See SSL.SSL_OP_* for option flags.
-
clearOptions
public static void clearOptions(long ctx, int options)
Clears OpenSSL Options.- Parameters:
ctx
- Server or Client context to use.options
- See SSL.SSL_OP_* for option flags.
-
setCipherSuite
@Deprecated public static boolean setCipherSuite(long ctx, java.lang.String ciphers) throws java.lang.Exception
Deprecated.Cipher Suite available for negotiation in SSL handshake.
This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.- Parameters:
ctx
- Server or Client context to use.ciphers
- An SSL cipher specification.- Returns:
true
if successful- Throws:
java.lang.Exception
- if an error happened
-
setCipherSuite
public static boolean setCipherSuite(long ctx, java.lang.String ciphers, boolean tlsv13) throws java.lang.Exception
Cipher Suite available for negotiation in SSL handshake.
This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.- Parameters:
ctx
- Server or Client context to use.ciphers
- An SSL cipher specification.tlsv13
-true
if the ciphers are for TLSv1.3- Returns:
true
if successful- Throws:
java.lang.Exception
- if an error happened
-
setCertificateChainFile
public static boolean setCertificateChainFile(long ctx, java.lang.String file, boolean skipfirst)
Set File of PEM-encoded Server CA Certificates
This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA certificate of of the server certificate and can range up to the root CA certificate. Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.
But be careful: Providing the certificate chain works only if you are using a single (either RSA or DSA) based server certificate. If you are using a coupled RSA+DSA certificate pair, this will work only if actually both certificates use the same certificate chain. Else the browsers will be confused in this situation.- Parameters:
ctx
- Server or Client context to use.file
- File of PEM-encoded Server CA Certificates.skipfirst
- Skip first certificate if chain file is inside certificate file.- Returns:
true
if successful
-
setCertificateChainBio
public static boolean setCertificateChainBio(long ctx, long bio, boolean skipfirst)
Set BIO of PEM-encoded Server CA CertificatesThis directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA certificate of of the server certificate and can range up to the root CA certificate. Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.
But be careful: Providing the certificate chain works only if you are using a single (either RSA or DSA) based server certificate. If you are using a coupled RSA+DSA certificate pair, this will work only if actually both certificates use the same certificate chain. Otherwsie the browsers will be confused in this situation.
- Parameters:
ctx
- Server or Client context to use.bio
- BIO of PEM-encoded Server CA Certificates.skipfirst
- Skip first certificate if chain file is inside certificate file.- Returns:
true
if successful
-
setCertificate
public static boolean setCertificate(long ctx, java.lang.String cert, java.lang.String key, java.lang.String password) throws java.lang.Exception
Set CertificatePoint setCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted for a pass phrase. Note that a kill -HUP will prompt again. A test certificate can be generated with `make certificate' under built time. Keep in mind that if you've both a RSA and a DSA certificate you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
If the key is not combined with the certificate, use key param to point at the key file. Keep in mind that if you've both a RSA and a DSA private key you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
- Parameters:
ctx
- Server or Client context to use.cert
- Certificate file.key
- Private Key file to use if not in cert.password
- Certificate password. If null and certificate is encrypted, password prompt will be displayed.- Returns:
true
if successful- Throws:
java.lang.Exception
- if an error happened
-
setCertificateBio
public static boolean setCertificateBio(long ctx, long certBio, long keyBio, java.lang.String password) throws java.lang.Exception
Set CertificatePoint setCertificate at a PEM encoded certificate stored in a BIO. If the certificate is encrypted, then you will be prompted for a pass phrase. Note that a kill -HUP will prompt again. A test certificate can be generated with `make certificate' under built time. Keep in mind that if you've both a RSA and a DSA certificate you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
If the key is not combined with the certificate, use key param to point at the key file. Keep in mind that if you've both a RSA and a DSA private key you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
- Parameters:
ctx
- Server or Client context to use.certBio
- Certificate BIO.keyBio
- Private Key BIO to use if not in cert.password
- Certificate password. If null and certificate is encrypted, password prompt will be displayed.- Returns:
true
if successful- Throws:
java.lang.Exception
- if an error happened
-
setSessionCacheSize
public static long setSessionCacheSize(long ctx, long size)
Set the size of the internal session cache. See man SSL_CTX_sess_set_cache_size- Parameters:
ctx
- Server or Client context to use.size
- the size of the cache- Returns:
- the previous set value
-
getSessionCacheSize
public static long getSessionCacheSize(long ctx)
Get the size of the internal session cache. See man SSL_CTX_sess_get_cache_size- Parameters:
ctx
- Server or Client context to use.- Returns:
- the current value
-
setSessionCacheTimeout
public static long setSessionCacheTimeout(long ctx, long timeoutSeconds)
Set the timeout for the internal session cache in seconds. See man SSL_CTX_set_timeout- Parameters:
ctx
- Server or Client context to use.timeoutSeconds
- the timeout of the cache- Returns:
- the previous set value
-
getSessionCacheTimeout
public static long getSessionCacheTimeout(long ctx)
Get the timeout for the internal session cache in seconds. See man SSL_CTX_get_timeout- Parameters:
ctx
- Server or Client context to use- Returns:
- the current value
-
setSessionCacheMode
public static long setSessionCacheMode(long ctx, long mode)
Set the mode of the internal session cache and return the previous used mode.- Parameters:
ctx
- Server or Client context to usemode
- the mode of the cache- Returns:
- the previous set value
-
getSessionCacheMode
public static long getSessionCacheMode(long ctx)
Get the mode of the current used internal session cache.- Parameters:
ctx
- Server or Client context to use- Returns:
- the current mode
-
sessionAccept
public static long sessionAccept(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionAcceptGood
public static long sessionAcceptGood(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionAcceptRenegotiate
public static long sessionAcceptRenegotiate(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionCacheFull
public static long sessionCacheFull(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionCbHits
public static long sessionCbHits(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionConnect
public static long sessionConnect(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionConnectGood
public static long sessionConnectGood(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionConnectRenegotiate
public static long sessionConnectRenegotiate(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionHits
public static long sessionHits(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionMisses
public static long sessionMisses(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionNumber
public static long sessionNumber(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionTimeouts
public static long sessionTimeouts(long ctx)
Session resumption statistics methods. See man SSL_CTX_sess_number- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionTicketKeyNew
public static long sessionTicketKeyNew(long ctx)
TLS session ticket key resumption statistics.- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionTicketKeyResume
public static long sessionTicketKeyResume(long ctx)
TLS session ticket key resumption statistics.- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionTicketKeyRenew
public static long sessionTicketKeyRenew(long ctx)
TLS session ticket key resumption statistics.- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
sessionTicketKeyFail
public static long sessionTicketKeyFail(long ctx)
TLS session ticket key resumption statistics.- Parameters:
ctx
- Server or Client context to use- Returns:
- the current number
-
setSessionTicketKeys
public static void setSessionTicketKeys(long ctx, SessionTicketKey[] keys)
Set TLS session ticket keys.The first key in the list is the primary key. Tickets dervied from the other keys in the list will be accepted but updated to a new ticket using the primary key. This is useful for implementing ticket key rotation. See RFC 5077
- Parameters:
ctx
- Server or Client context to usekeys
- theSessionTicketKey
s
-
setSessionTicketKeys0
private static void setSessionTicketKeys0(long ctx, byte[] keys)
Set TLS session keys.
-
setCACertificateBio
public static boolean setCACertificateBio(long ctx, long certBio)
Set concatenated PEM-encoded CA Certificates for Client Auth
This directive sets the all-in-one BIO where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a BIO is simply the concatenation of the various PEM-encoded Certificate files, in order of preference. This can be used alternatively and/or additionally to path.- Parameters:
ctx
- Server context to use.certBio
- Directory of PEM-encoded CA Certificates for Client Auth.- Returns:
true
if successful,false
otherwise.
-
setVerify
public static void setVerify(long ctx, int level, int depth)
Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
This directive sets the Certificate verification level for the Client Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.
The following levels are available for level:SSL.SSL_CVERIFY_IGNORED
- The level is ignored. Only depth will change.SSL.SSL_CVERIFY_NONE
- No client Certificate is required at allSSL.SSL_CVERIFY_OPTIONAL
- The client may present a valid CertificateSSL.SSL_CVERIFY_REQUIRED
- The client has to present a valid Certificate
setCACertificatePath
), etc.- Parameters:
ctx
- Server or Client context to use.level
- Type of Client Certificate verification.depth
- Maximum depth of CA Certificates in Client Certificate verification.
-
setCertVerifyCallback
public static void setCertVerifyCallback(long ctx, CertificateVerifier verifier)
Allow to hookCertificateVerifier
into the handshake processing. This will callSSL_CTX_set_cert_verify_callback
and so replace the default verification callback used by openssl- Parameters:
ctx
- Server or Client context to use.verifier
- the verifier to call during handshake.
-
setCertRequestedCallback
@Deprecated public static void setCertRequestedCallback(long ctx, CertificateRequestedCallback callback)
Deprecated.Allow to hookCertificateRequestedCallback
into the certificate choosing process. This will callSSL_CTX_set_client_cert_cb
and so replace the default verification callback used by openssl- Parameters:
ctx
- Server or Client context to use.callback
- the callback to call during certificate selection.
-
setCertificateCallback
public static void setCertificateCallback(long ctx, CertificateCallback callback)
Allow to hookCertificateCallback
into the certificate choosing process. This will callSSL_CTX_set_cert_cb
and so replace the default verification callback used by openssl- Parameters:
ctx
- Server or Client context to use.callback
- the callback to call during certificate selection.
-
setSniHostnameMatcher
public static void setSniHostnameMatcher(long ctx, SniHostNameMatcher matcher)
Allow to hookSniHostNameMatcher
into the sni processing. This will callSSL_CTX_set_tlsext_servername_callback
and so replace the default callback used by openssl- Parameters:
ctx
- Server or Client context to use.matcher
- the matcher to call during sni hostname matching.
-
setKeyLogCallback
public static boolean setKeyLogCallback(long ctx, KeyLogCallback callback)
Allow to hookKeyLogCallback
into the debug infrastructor of the native TLS implementation. This will callSSL_CTX_set_keylog_callback
and so replace the existing reference. This is intended for debugging use with tools like Wireshark.Warning: The log output will contain secret key material, and can be used to decrypt TLS sessions! The log output should be handled with the same care given to the private keys.
- Parameters:
ctx
- Server or Client context to use.callback
- the callback to call when delivering debug output.- Returns:
true
if the key-log callback was assigned, otherwisefalse
if key-log callbacks are not supported.
-
protocolsToWireFormat
private static byte[] protocolsToWireFormat(java.lang.String[] protocols)
-
setNpnProtos
public static void setNpnProtos(long ctx, java.lang.String[] nextProtos, int selectorFailureBehavior)
Set next protocol for next protocol negotiation extension- Parameters:
ctx
- Server context to use.nextProtos
- protocols in priority orderselectorFailureBehavior
- seeSSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE
andSSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL
-
setNpnProtos0
private static void setNpnProtos0(long ctx, byte[] nextProtos, int selectorFailureBehavior)
-
setAlpnProtos
public static void setAlpnProtos(long ctx, java.lang.String[] alpnProtos, int selectorFailureBehavior)
Set application layer protocol for application layer protocol negotiation extension- Parameters:
ctx
- Server context to use.alpnProtos
- protocols in priority orderselectorFailureBehavior
- seeSSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE
andSSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL
-
setAlpnProtos0
private static void setAlpnProtos0(long ctx, byte[] alpnProtos, int selectorFailureBehavior)
-
setTmpDHLength
public static void setTmpDHLength(long ctx, int length)
Set length of the DH to use.- Parameters:
ctx
- Server context to use.length
- the length.
-
setSessionIdContext
public static boolean setSessionIdContext(long ctx, byte[] sidCtx)
Set the context within which session be reused (server side only). See man SSL_CTX_set_session_id_context- Parameters:
ctx
- Server context to use.sidCtx
- can be any kind of binary data, it is therefore possible to use e.g. the name of the application and/or the hostname and/or service name- Returns:
true
if success,false
otherwise.
-
setMode
public static int setMode(long ctx, int mode)
Call SSL_CTX_set_mode- Parameters:
ctx
- context to usemode
- the mode- Returns:
- the set mode.
-
getMode
public static int getMode(long ctx)
Call SSL_CTX_get_mode- Parameters:
ctx
- context to use- Returns:
- the mode.
-
enableOcsp
public static void enableOcsp(long ctx, boolean client)
Enables OCSP stapling for the givenSSLContext
or throws an exception if OCSP stapling is not supported.
-
disableOcsp
public static void disableOcsp(long ctx)
-
getSslCtx
public static long getSslCtx(long ctx)
Returns theSSL_CTX
.
-
setUseTasks
public static void setUseTasks(long ctx, boolean useTasks)
Enable or disable producing of tasks that should be obtained viaSSL.getTask(long)
and run.- Parameters:
ctx
- context to useuseTasks
-true
to enable,false
to disable.
-
addCertificateCompressionAlgorithm
public static int addCertificateCompressionAlgorithm(long ctx, int direction, CertificateCompressionAlgo algorithm)
Adds a certificate compression algorithm to the givenSSLContext
or throws an exception if certificate compression is not supported or the algorithm not recognized. For servers, algorithm preference order is dictated by the order of algorithm registration. Most preferred algorithm should be registered first. This method is currently only supported whenBoringSSL
is used. SSL_CTX_add_cert_compression_alg rfc8879- Parameters:
ctx
- context, to which, the algorithm should be added.direction
- indicates whether decompression support should be advertized, compression should be applied for peers which support it, or both. This allows the caller to support one way compression only.SSL.SSL_CERT_COMPRESSION_DIRECTION_COMPRESS
SSL.SSL_CERT_COMPRESSION_DIRECTION_DECOMPRESS
SSL.SSL_CERT_COMPRESSION_DIRECTION_BOTH
algorithm
- implementation of the compression and or decompression algorithm as aCertificateCompressionAlgo
- Returns:
- one on success or zero on error
-
addCertificateCompressionAlgorithm0
private static int addCertificateCompressionAlgorithm0(long ctx, int direction, int algorithmId, CertificateCompressionAlgo algorithm)
-
setPrivateKeyMethod
public static void setPrivateKeyMethod(long ctx, SSLPrivateKeyMethod method)
Set theSSLPrivateKeyMethod
to use for the givenSSLContext
. This allows to offload private key operations if needed. This method is currently only supported whenBoringSSL
is used.- Parameters:
ctx
- context to usemethod
- method to use for the given context.
-
setPrivateKeyMethod
public static void setPrivateKeyMethod(long ctx, AsyncSSLPrivateKeyMethod method)
Sets theAsyncSSLPrivateKeyMethod
to use for the givenSSLContext
. This allows to offload private key operations if needed. This method is currently only supported whenBoringSSL
is used.- Parameters:
ctx
- context to usemethod
- method to use for the given context.
-
setPrivateKeyMethod0
private static void setPrivateKeyMethod0(long ctx, AsyncSSLPrivateKeyMethod method)
-
setSSLSessionCache
public static void setSSLSessionCache(long ctx, SSLSessionCache cache)
Set theSSLSessionCache
that will be used if session caching is enabled.- Parameters:
ctx
- context to use.cache
- cache to use for the given context.
-
setNumTickets
public static boolean setNumTickets(long ctx, int tickets)
Set the number of TLSv1.3 session tickets that will be sent to the client after a full handshake. See SSL_CTX_set_num_tickets for more details.- Parameters:
ctx
- context to usetickets
- the number of tickets- Returns:
true
if successful,false
otherwise.
-
setCurvesList
public static boolean setCurvesList(long ctx, java.lang.String... curves)
Sets the curves to use. See SSL_CTX_set1_curves_list.- Parameters:
ctx
- context to usecurves
- the curves to use.- Returns:
true
if successful,false
otherwise.
-
setCurvesList0
private static boolean setCurvesList0(long ctx, java.lang.String curves)
-
setMaxCertList
public static void setMaxCertList(long ctx, int size)
Set the maximum number of bytes for the certificate chain during handshake. See SSL_CTX_set_max_cert_list for more details.- Parameters:
ctx
- context to usesize
- the maximum number of bytes
-
-