public class SSL
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
static int |
ENABLE_FALLBACK_SCSV
Option for sending SCSV in handshakes.
|
static int |
ENABLE_POST_HANDSHAKE_AUTH
Enable post-handshake authentication extension.
|
static int |
ENABLE_RENEGOTIATION
Option for configuring renegotiation after initial handshake.
|
static int |
RENEGOTIATE_NEVER
Value for never allowing renegotiation after initial handshake.
|
static int |
RENEGOTIATE_REQUIRES_XTN
Value for allowing renegotiation after initial handshake with the TLS
renegotiation_info extension; safe.
|
static int |
RENEGOTIATE_TRANSITIONAL
Value for disallowing unsafe renegotiation in server sockets only, but
allows clients to continue to renegotiate with vulnerable servers.
|
static int |
RENEGOTIATE_UNRESTRICTED
Value for always allowing renegotiation after initial handshake,
regardless of whether or not the peer's client hellow bears the
renegotiation info extension; unsafe.
|
static int |
REQUEST_CERTIFICATE
Request certificate from the remote peer.
|
static int |
REQUIRE_ALWAYS
Value for always requiring a certificate.
|
static int |
REQUIRE_CERTIFICATE
Require certificate from the remote peer.
|
static int |
REQUIRE_FIRST_HANDSHAKE
Value for requiring a certificate only on the first handshake.
|
static int |
REQUIRE_NEVER
Value for never requiring a certificate.
|
static int |
REQUIRE_NO_ERROR
Value for requiring a certificate but not erring if the peer doesn't
provide one.
|
static int |
REQUIRE_SAFE_NEGOTIATION
Option for requiring safe negotiation.
|
static int |
SECFailure
Return value on failure from NSS functions.
|
static int |
SECSuccess
Return value on success from NSS functions.
|
static int |
SECWouldBlock
Return value from NSS functions when the operation would block.
|
Constructor and Description |
---|
SSL() |
Modifier and Type | Method and Description |
---|---|
static int |
AttachClientCertCallback(SSLFDProxy fd)
Use client authentication; set client certificate from SSLFDProxy.
|
static int |
AuthCertificateComplete(SSLFDProxy fd,
int error)
Inform NSS that the asynchronous certificate check handler has
completed, allowing us to continue the handshake.
|
static boolean |
CipherPrefGet(SSLFDProxy fd,
int cipher)
Get the preference for a specific cipher suite on the specified
PRFileDesc.
|
static boolean |
CipherPrefGetDefault(int cipher)
Get the default preferences for a specific cipher suite across all
future PRFileDesc's.
|
static int |
CipherPrefSet(SSLFDProxy fd,
int cipher,
boolean enabled)
Set the preference for a specific cipher suite on the specified
PRFileDesc.
|
static int |
CipherPrefSetDefault(int cipher,
boolean enabled)
Set the default preferences for a specific cipher suite across all
future PRFileDesc's.
|
static int |
ConfigAsyncBadCertCallback(SSLFDProxy fd)
Use an asynchronous bad certificate handler which allows us to approve
rejected certificates.
|
static int |
ConfigAsyncTrustManagerCertAuthCallback(SSLFDProxy fd)
Use an asynchronous certificate checking handler which allows us to
invoke an arbitrary number of TrustManagers.
|
static int |
ConfigJSSDefaultCertAuthCallback(SSLFDProxy fd)
Use the default JSS certificate checking handler (which understands
CryptoManager OCSP status).
|
static int |
ConfigSecureServer(SSLFDProxy fd,
PK11Cert cert,
PK11PrivKey key,
int kea)
Deprecated.
replaced with ConfigServerCert
See also: SSL_ConfigSecureServer in /usr/include/nss3/ssl.h
|
static int |
ConfigServerCert(SSLFDProxy fd,
PK11Cert cert,
PK11PrivKey key)
Configure the certificate and private key for a server socket.
|
static int |
ConfigServerSessionIDCache(int maxCacheEntries,
long timeout,
long ssl3_timeout,
java.lang.String directory)
Configure the server's session cache.
|
static int |
ConfigSyncBadCertCallback(SSLFDProxy fd)
Use a synchronous bad certificate handler which allows us to approve
rejected certificates.
|
static int |
ConfigSyncTrustManagerCertAuthCallback(SSLFDProxy fd)
Use a synchronous certificate checking handler based off the SSLFDProxy
proper.
|
static int |
EnableAlertLogging(SSLFDProxy fd)
Enable recording of alerts in the SSLFDProxy object.
|
static int |
EnableHandshakeCallback(SSLFDProxy fd) |
static int |
ForceHandshake(SSLFDProxy fd)
Force a handshake to occur if not started, else step one.
|
static SSLChannelInfo |
GetChannelInfo(SSLFDProxy fd)
Inquire for SSL Channel Information after the handshake has completed.
|
static SSLPreliminaryChannelInfo |
GetPreliminaryChannelInfo(SSLFDProxy fd)
Inquire for SSL Channel Information before the handshake has completed.
|
static SSLFDProxy |
ImportFD(PRFDProxy model,
PRFDProxy fd)
Import a file descriptor to create a new SSL file descriptor out of it.
|
static byte[] |
ImportFDNative(PRFDProxy model,
PRFDProxy fd) |
static int |
InvalidateSession(SSLFDProxy fd)
Invalidate the SSL session associated with this socket.
|
static int |
KeyUpdate(SSLFDProxy fd,
boolean requestUpdate)
Send the TLS 1.3 KeyUpdate Request; experimental.
|
static int |
OptionGet(SSLFDProxy fd,
int option)
Get the value of a SSL option on the specified PRFileDesc.
|
static int |
OptionSet(SSLFDProxy fd,
int option,
int val)
Set the value of a SSL option on the specified PRFileDesc.
|
static PK11Cert |
PeerCertificate(SSLFDProxy fd)
Introspect the peer's certificate.
|
static PK11Cert[] |
PeerCertificateChain(SSLFDProxy fd)
Introspect the peer's certificate chain.
|
static int |
ReHandshake(SSLFDProxy fd,
boolean flushCache)
Rehandshake an existing socket, optionally flushing the cache line.
|
static void |
RemoveCallbacks(SSLFDProxy fd)
Removes all enabled callbacks.
|
static int |
ResetHandshake(SSLFDProxy fd,
boolean asServer)
Reset the handshake status, optionally handshaking as a server.
|
static SecurityStatusResult |
SecurityStatus(SSLFDProxy fd)
Check the security status of a SSL handshake.
|
static int |
SendCertificateRequest(SSLFDProxy fd)
Send the TLS 1.3 Certificate Request as a server; experimental.
|
static int |
SetURL(SSLFDProxy fd,
java.lang.String url)
Set the hostname of a handshake on the specified PRFileDesc.
|
static SSLVersionRange |
VersionRangeGet(SSLFDProxy fd)
Get the range of TLS versions enabled by this server.
|
static SSLVersionRange |
VersionRangeGetDefault()
Get the range of TLS versions enabled in all future PRFileDesc's of the
default STREAM protocol variant..
|
static SSLVersionRange |
VersionRangeGetDefault(SSLProtocolVariant variant)
Get the range of TLS versions enabled in all future PRFileDesc's of the
specified protocol variant.
|
static int |
VersionRangeSet(SSLFDProxy fd,
SSLVersionRange range)
Set the range of TLS versions enabled by this server by SSLVersionRange.
|
static int |
VersionRangeSetDefault(SSLProtocolVariant variant,
SSLVersionRange range)
Set the range of TLS versions enabled by default, for all future
PRFileDesc's of the specified protocol variant.
|
static int |
VersionRangeSetDefault(SSLVersionRange range)
Set the range of TLS versions enabled by default, for all future
PRFileDesc's of the default protocol variant type, STREAM.
|
public static final int REQUEST_CERTIFICATE
public static final int REQUIRE_CERTIFICATE
public static final int SECSuccess
public static final int SECFailure
public static final int SECWouldBlock
public static final int ENABLE_POST_HANDSHAKE_AUTH
public static final int ENABLE_RENEGOTIATION
public static final int REQUIRE_SAFE_NEGOTIATION
public static final int RENEGOTIATE_NEVER
public static final int RENEGOTIATE_UNRESTRICTED
public static final int RENEGOTIATE_REQUIRES_XTN
public static final int RENEGOTIATE_TRANSITIONAL
public static final int ENABLE_FALLBACK_SCSV
public static final int REQUIRE_NEVER
public static final int REQUIRE_ALWAYS
public static final int REQUIRE_FIRST_HANDSHAKE
public static final int REQUIRE_NO_ERROR
public static SSLFDProxy ImportFD(PRFDProxy model, PRFDProxy fd)
public static int OptionSet(SSLFDProxy fd, int option, int val)
public static int OptionGet(SSLFDProxy fd, int option) throws java.lang.Exception
java.lang.Exception
public static int SetURL(SSLFDProxy fd, java.lang.String url)
public static int CipherPrefSet(SSLFDProxy fd, int cipher, boolean enabled)
public static boolean CipherPrefGet(SSLFDProxy fd, int cipher) throws java.lang.Exception
java.lang.Exception
public static int CipherPrefSetDefault(int cipher, boolean enabled)
public static boolean CipherPrefGetDefault(int cipher)
public static int VersionRangeSet(SSLFDProxy fd, SSLVersionRange range)
public static SSLVersionRange VersionRangeGet(SSLFDProxy fd) throws java.lang.Exception
java.lang.Exception
public static int VersionRangeSetDefault(SSLVersionRange range)
public static int VersionRangeSetDefault(SSLProtocolVariant variant, SSLVersionRange range)
public static SSLVersionRange VersionRangeGetDefault()
public static SSLVersionRange VersionRangeGetDefault(SSLProtocolVariant variant)
public static SecurityStatusResult SecurityStatus(SSLFDProxy fd)
public static SSLChannelInfo GetChannelInfo(SSLFDProxy fd)
public static SSLPreliminaryChannelInfo GetPreliminaryChannelInfo(SSLFDProxy fd)
public static int ResetHandshake(SSLFDProxy fd, boolean asServer)
public static int ReHandshake(SSLFDProxy fd, boolean flushCache)
public static int ForceHandshake(SSLFDProxy fd)
@Deprecated public static int ConfigSecureServer(SSLFDProxy fd, PK11Cert cert, PK11PrivKey key, int kea)
public static int ConfigServerCert(SSLFDProxy fd, PK11Cert cert, PK11PrivKey key)
public static int ConfigServerSessionIDCache(int maxCacheEntries, long timeout, long ssl3_timeout, java.lang.String directory)
public static int InvalidateSession(SSLFDProxy fd)
public static PK11Cert PeerCertificate(SSLFDProxy fd)
public static PK11Cert[] PeerCertificateChain(SSLFDProxy fd) throws java.lang.Exception
java.lang.Exception
public static int SendCertificateRequest(SSLFDProxy fd)
public static int KeyUpdate(SSLFDProxy fd, boolean requestUpdate)
public static int AttachClientCertCallback(SSLFDProxy fd)
public static int EnableAlertLogging(SSLFDProxy fd)
public static int ConfigJSSDefaultCertAuthCallback(SSLFDProxy fd)
public static int ConfigAsyncTrustManagerCertAuthCallback(SSLFDProxy fd)
public static int ConfigSyncTrustManagerCertAuthCallback(SSLFDProxy fd)
public static int ConfigAsyncBadCertCallback(SSLFDProxy fd)
public static int ConfigSyncBadCertCallback(SSLFDProxy fd)
public static int AuthCertificateComplete(SSLFDProxy fd, int error)
public static void RemoveCallbacks(SSLFDProxy fd)
public static int EnableHandshakeCallback(SSLFDProxy fd)