Package io.netty.handler.ssl
SSL ·
TLS implementation based on
SSLEngine
-
Interface Summary Interface Description ApplicationProtocolAccessor Provides a way to get the application-level protocol name from ALPN or NPN.ApplicationProtocolNegotiator Deprecated. AsyncRunnable CipherSuiteFilter Provides a means to filter the supplied cipher suite based upon the supported and default cipher suites.JdkApplicationProtocolNegotiator Deprecated. JdkApplicationProtocolNegotiator.ProtocolSelectionListener A listener to be notified by which protocol was select by its peer.JdkApplicationProtocolNegotiator.ProtocolSelectionListenerFactory Factory interface forJdkApplicationProtocolNegotiator.ProtocolSelectionListener
objects.JdkApplicationProtocolNegotiator.ProtocolSelector Interface to define the role of an application protocol selector in the SSL handshake process.JdkApplicationProtocolNegotiator.ProtocolSelectorFactory Factory interface forJdkApplicationProtocolNegotiator.ProtocolSelector
objects.JdkApplicationProtocolNegotiator.SslEngineWrapperFactory Abstract factory pattern for wrapping anSSLEngine
object.OpenSslApplicationProtocolNegotiator Deprecated. OpenSslAsyncPrivateKeyMethod OpenSslCertificateCompressionAlgorithm Provides compression and decompression implementations for TLS Certificate Compression (RFC 8879).OpenSslEngineMap OpenSslKeyMaterial Holds references to the native key-material that is used by OpenSSL.OpenSslPrivateKeyMethod Allow to customize private key signing / decrypting (when using RSA).OpenSslSession SSLSession
that is specific to our native implementation.OpenSslX509TrustManagerWrapper.TrustManagerWrapper PemEncoded A marker interface for PEM encoded values.ReferenceCountedOpenSslEngine.NativeSslException ResumableX509ExtendedTrustManager An interface thatTrustManager
instances can implement, to be notified of resumed SSL sessions. -
Class Summary Class Description AbstractSniHandler<T> Enables SNI (Server Name Indication) extension for server side SSL.ApplicationProtocolConfig Provides anSSLEngine
agnostic way to configure aApplicationProtocolNegotiator
.ApplicationProtocolNames Provides a set of protocol names used in ALPN and NPN.ApplicationProtocolNegotiationHandler Configures aChannelPipeline
depending on the application-level protocol negotiation result ofSslHandler
.ApplicationProtocolUtil Utility class for application protocol common operations.BouncyCastle Contains methods that can be used to detect if BouncyCastle is usable.BouncyCastleAlpnSslEngine BouncyCastleAlpnSslUtils BouncyCastlePemReader Ciphers Cipher suitesCipherSuiteConverter Converts a Java cipher suite string to an OpenSSL cipher suite string and vice versa.CipherSuiteConverter.CachedValue Used to store nullable values in a CHMDefaultOpenSslKeyMaterial DelegatingSslContext Adapter class which allows to wrap anotherSslContext
and initSSLEngine
instances.EnhancingX509ExtendedTrustManager Wraps an existingX509ExtendedTrustManager
and enhances theCertificateException
that is thrown because of hostname validation.ExtendedOpenSslSession Delegates all operations to a wrappedOpenSslSession
except the methods defined byExtendedSSLSession
itself.GroupsConverter Convert java naming to OpenSSL naming if possible and if not return the original name.IdentityCipherSuiteFilter This class will not do any filtering of ciphers suites.Java7SslParametersUtils Java8SslUtils JdkAlpnApplicationProtocolNegotiator Deprecated. JdkAlpnApplicationProtocolNegotiator.AlpnWrapper JdkAlpnApplicationProtocolNegotiator.FailureWrapper JdkAlpnSslEngine JdkAlpnSslUtils JdkApplicationProtocolNegotiator.AllocatorAwareSslEngineWrapperFactory JdkBaseApplicationProtocolNegotiator Common base class forJdkApplicationProtocolNegotiator
classes to inherit from.JdkBaseApplicationProtocolNegotiator.FailProtocolSelectionListener JdkBaseApplicationProtocolNegotiator.FailProtocolSelector JdkBaseApplicationProtocolNegotiator.NoFailProtocolSelectionListener JdkBaseApplicationProtocolNegotiator.NoFailProtocolSelector JdkDefaultApplicationProtocolNegotiator TheJdkApplicationProtocolNegotiator
to use if you do not care about NPN or ALPN and are usingSslProvider.JDK
.JdkNpnApplicationProtocolNegotiator Deprecated. JdkSslClientContext Deprecated. JdkSslContext AnSslContext
which uses JDK's SSL/TLS implementation.JdkSslContext.Defaults JdkSslEngine JdkSslServerContext Deprecated. OpenSsl Tells ifnetty-tcnative
and its OpenSSL support are available.OpenSslCachingKeyMaterialProvider OpenSslKeyMaterialProvider
that will cache theOpenSslKeyMaterial
to reduce the overhead of parsing the chain and the key for generation of the material.OpenSslCachingX509KeyManagerFactory Wraps anotherKeyManagerFactory
and caches its chains / certs for an alias for better performance when usingSslProvider.OPENSSL
orSslProvider.OPENSSL_REFCNT
.OpenSslCertificateCompressionConfig Configuration for TLS1.3 certificate compression extension.OpenSslCertificateCompressionConfig.AlgorithmConfig The configuration for algorithm.OpenSslCertificateCompressionConfig.Builder Builder for anOpenSslCertificateCompressionAlgorithm
.OpenSslClientContext A client-sideSslContext
which uses OpenSSL's SSL/TLS implementation.OpenSslClientSessionCache OpenSslSessionCache
that is used by the client-side.OpenSslClientSessionCache.HostPort Host / Port tuple used to find aOpenSslSession
in the cache.OpenSslContext This class will use a finalizer to ensure native resources are automatically cleaned up.OpenSslContextOption<T> OpenSslDefaultApplicationProtocolNegotiator Deprecated. OpenSslEngine Implements aSSLEngine
using OpenSSL BIO abstractions.OpenSslKeyMaterialManager OpenSslKeyMaterialProvider ProvidesOpenSslKeyMaterial
for a given alias.OpenSslNpnApplicationProtocolNegotiator Deprecated. OpenSslPrivateKey OpenSslServerContext A server-sideSslContext
which uses OpenSSL's SSL/TLS implementation.OpenSslServerSessionContext OpenSslSessionContext
implementation which offers extra methods which are only useful for the server-side.OpenSslSessionCache SSLSessionCache
implementation for our native SSL implementation.OpenSslSessionCache.NativeSslSession OpenSslSession
implementation which wraps the native SSL_SESSION* while in cache.OpenSslSessionContext OpenSSL specificSSLSessionContext
implementation.OpenSslSessionId Represent the session ID used by anOpenSslSession
.OpenSslSessionStats Stats exposed by an OpenSSL session context.OpenSslSessionTicketKey Session Ticket KeyOpenSslX509KeyManagerFactory SpecialKeyManagerFactory
that pre-compute the keymaterial used whenSslProvider.OPENSSL
orSslProvider.OPENSSL_REFCNT
is used and so will improve handshake times and its performance.OpenSslX509KeyManagerFactory.OpenSslKeyManagerFactorySpi OpenSslX509KeyManagerFactory.OpenSslKeyManagerFactorySpi.ProviderFactory OpenSslX509KeyManagerFactory.OpenSslKeyManagerFactorySpi.ProviderFactory.OpenSslPopulatedKeyMaterialProvider OpenSslKeyMaterialProvider
implementation that pre-compute theOpenSslKeyMaterial
for all aliases.OpenSslX509KeyManagerFactory.OpenSslKeyStore OpenSslX509TrustManagerWrapper Utility which allows to wrapX509TrustManager
implementations with the internal implementation used bySSLContextImpl
that provides extended verification.OpenSslX509TrustManagerWrapper.UnsafeTrustManagerWrapper OptionalSslHandler OptionalSslHandler
is a utility decoder to support both SSL and non-SSL handlers based on the first message received.PemPrivateKey This is a special purpose implementation of aPrivateKey
which allows the user to pass PEM/PKCS#8 encoded key material straight intoOpenSslContext
without having to parse and re-encode bytes in Java land.PemReader Reads a PEM file and converts it into a list of DERs so that they are imported into aKeyStore
easily.PemValue A PEM encoded value.PemX509Certificate This is a special purpose implementation of aX509Certificate
which allows the user to pass PEM/PKCS#8 encoded data straight intoOpenSslContext
without having to parse and re-encode bytes in Java land.PseudoRandomFunction This pseudorandom function (PRF) takes as input a secret, a seed, and an identifying label and produces an output of arbitrary length.ReferenceCountedOpenSslClientContext A client-sideSslContext
which uses OpenSSL's SSL/TLS implementation.ReferenceCountedOpenSslClientContext.ExtendedTrustManagerVerifyCallback ReferenceCountedOpenSslClientContext.OpenSslClientCertificateCallback ReferenceCountedOpenSslClientContext.OpenSslClientSessionContext ReferenceCountedOpenSslClientContext.TrustManagerVerifyCallback ReferenceCountedOpenSslContext An implementation ofSslContext
which works with libraries that support the OpenSsl C library API.ReferenceCountedOpenSslContext.AbstractCertificateVerifier ReferenceCountedOpenSslContext.AsyncPrivateKeyMethod ReferenceCountedOpenSslContext.AsyncPrivateKeyMethod.ResultCallbackListener ReferenceCountedOpenSslContext.CompressionAlgorithm ReferenceCountedOpenSslContext.DefaultOpenSslEngineMap ReferenceCountedOpenSslContext.PrivateKeyMethod ReferenceCountedOpenSslEngine Implements aSSLEngine
using OpenSSL BIO abstractions.ReferenceCountedOpenSslServerContext A server-sideSslContext
which uses OpenSSL's SSL/TLS implementation.ReferenceCountedOpenSslServerContext.ExtendedTrustManagerVerifyCallback ReferenceCountedOpenSslServerContext.OpenSslServerCertificateCallback ReferenceCountedOpenSslServerContext.OpenSslSniHostnameMatcher ReferenceCountedOpenSslServerContext.TrustManagerVerifyCallback ResumptionController ResumptionController.X509ExtendedWrapTrustManager SignatureAlgorithmConverter Converts OpenSSL signature Algorithm names to Java signature Algorithm names.SniCompletionEvent Event that is fired once we did a selection of aSslContext
based on theSNI hostname
, which may be because it was successful or there was an error.SniHandler Enables SNI (Server Name Indication) extension for server side SSL.SniHandler.AsyncMappingAdapter SniHandler.Selection SslClientHelloHandler<T> ByteToMessageDecoder
which allows to be notified once a fullClientHello
was received.SslCloseCompletionEvent Event that is fired once the close_notify was received or if an failure happens before it was received.SslCompletionEvent SslContext A secure socket protocol implementation which acts as a factory forSSLEngine
andSslHandler
.SslContextBuilder Builder for configuring a new SslContext for creation.SslContextOption<T> ASslContextOption
allows to configure aSslContext
in a type-safe way.SslHandler SslHandlerCoalescingBufferQueue Each call to SSL_write will introduce about ~100 bytes of overhead.SslHandshakeCompletionEvent Event that is fired once the SSL handshake is complete, which may be because it was successful or there was an error.SslMasterKeyHandler TheSslMasterKeyHandler
is a channel-handler you can include in your pipeline to consume the master key & session identifier for a TLS session.SslMasterKeyHandler.WiresharkSslMasterKeyHandler Record the session identifier and master key to theInternalLogger
namedio.netty.wireshark
.SslProtocols SSL/TLS protocolsSslUtils Constants for SSL packets.SupportedCipherSuiteFilter This class will filter all requested ciphers out that are not supported by the currentSSLEngine
. -
Enum Summary Enum Description ApplicationProtocolConfig.Protocol Defines which application level protocol negotiation to use.ApplicationProtocolConfig.SelectedListenerFailureBehavior Defines the most common behaviors for the peer which is notified of the selected protocol.ApplicationProtocolConfig.SelectorFailureBehavior Defines the most common behaviors for the peer that selects the application protocol.ClientAuth Indicates the state of theSSLEngine
with respect to client authentication.OpenSslCertificateCompressionConfig.AlgorithmMode The usage mode of theOpenSslCertificateCompressionAlgorithm
.ReferenceCountedOpenSslEngine.HandshakeState SslHandler.SslEngineType SslProvider An enumeration of SSL/TLS protocol providers. -
Exception Summary Exception Description NotSslRecordException SpecialSSLException
which will get thrown if a packet is received that not looks like a TLS/SSL record.OpenSslCertificateException A specialCertificateException
which allows to specify which error code is included in the SSL Record.ReferenceCountedOpenSslEngine.OpenSslException ReferenceCountedOpenSslEngine.OpenSslHandshakeException SslClosedEngineException SSLException
which signals that the exception was caused by anSSLEngine
which was closed already.SslHandshakeTimeoutException SSLHandshakeException
that is used when a handshake failed due a configured timeout.StacklessSSLHandshakeException ASSLHandshakeException
that does not fill in the stack trace.