Class SSLSocket

java.lang.Object
java.net.Socket
org.mozilla.jss.ssl.SSLSocket
All Implemented Interfaces:
Closeable, AutoCloseable

public class SSLSocket extends Socket
SSL client socket.
  • Field Details

    • SSL2_RC4_128_WITH_MD5

      public static final int SSL2_RC4_128_WITH_MD5
      Note the following cipher-suites constants are not all implemented. You need to call getImplementedCiphersuites.
      See Also:
    • SSL2_RC4_128_EXPORT40_WITH_MD5

      public static final int SSL2_RC4_128_EXPORT40_WITH_MD5
      See Also:
    • SSL2_RC2_128_CBC_WITH_MD5

      public static final int SSL2_RC2_128_CBC_WITH_MD5
      See Also:
    • SSL2_RC2_128_CBC_EXPORT40_WITH_MD5

      public static final int SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
      See Also:
    • SSL2_IDEA_128_CBC_WITH_MD5

      public static final int SSL2_IDEA_128_CBC_WITH_MD5
      See Also:
    • SSL2_DES_64_CBC_WITH_MD5

      public static final int SSL2_DES_64_CBC_WITH_MD5
      See Also:
    • SSL2_DES_192_EDE3_CBC_WITH_MD5

      public static final int SSL2_DES_192_EDE3_CBC_WITH_MD5
      See Also:
    • TLS_NULL_WITH_NULL_NULL

      public static final int TLS_NULL_WITH_NULL_NULL
      See Also:
    • SSL3_RSA_WITH_NULL_MD5

      @Deprecated public static final int SSL3_RSA_WITH_NULL_MD5
      Deprecated.
      Replaced with TLS_RSA_WITH_NULL_MD5.
      See Also:
    • TLS_RSA_WITH_NULL_MD5

      public static final int TLS_RSA_WITH_NULL_MD5
      See Also:
    • SSL3_RSA_WITH_NULL_SHA

      @Deprecated public static final int SSL3_RSA_WITH_NULL_SHA
      Deprecated.
      Replaced with TLS_RSA_WITH_NULL_SHA.
      See Also:
    • TLS_RSA_WITH_NULL_SHA

      public static final int TLS_RSA_WITH_NULL_SHA
      See Also:
    • SSL3_RSA_EXPORT_WITH_RC4_40_MD5

      public static final int SSL3_RSA_EXPORT_WITH_RC4_40_MD5
      See Also:
    • TLS_RSA_EXPORT_WITH_RC4_40_MD5

      public static final int TLS_RSA_EXPORT_WITH_RC4_40_MD5
      See Also:
    • SSL3_RSA_WITH_RC4_128_MD5

      @Deprecated public static final int SSL3_RSA_WITH_RC4_128_MD5
      Deprecated.
      Replaced with TLS_RSA_WITH_RC4_128_MD5.
      See Also:
    • TLS_RSA_WITH_RC4_128_MD5

      public static final int TLS_RSA_WITH_RC4_128_MD5
      See Also:
    • SSL3_RSA_WITH_RC4_128_SHA

      @Deprecated public static final int SSL3_RSA_WITH_RC4_128_SHA
      Deprecated.
      Replaced with TLS_RSA_WITH_RC4_128_SHA.
      See Also:
    • TLS_RSA_WITH_RC4_128_SHA

      public static final int TLS_RSA_WITH_RC4_128_SHA
      See Also:
    • SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5

      public static final int SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5
      See Also:
    • TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

      public static final int TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
      See Also:
    • SSL3_RSA_WITH_IDEA_CBC_SHA

      @Deprecated public static final int SSL3_RSA_WITH_IDEA_CBC_SHA
      Deprecated.
      Replaced with TLS_RSA_WITH_IDEA_CBC_SHA.
      See Also:
    • TLS_RSA_WITH_IDEA_CBC_SHA

      public static final int TLS_RSA_WITH_IDEA_CBC_SHA
      See Also:
    • SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA

      public static final int SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

      public static final int TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • SSL3_RSA_WITH_DES_CBC_SHA

      @Deprecated public static final int SSL3_RSA_WITH_DES_CBC_SHA
      Deprecated.
      Replaced with TLS_RSA_WITH_DES_CBC_SHA.
      See Also:
    • TLS_RSA_WITH_DES_CBC_SHA

      public static final int TLS_RSA_WITH_DES_CBC_SHA
      See Also:
    • SSL3_RSA_WITH_3DES_EDE_CBC_SHA

      @Deprecated public static final int SSL3_RSA_WITH_3DES_EDE_CBC_SHA
      Deprecated.
      Replaced with TLS_RSA_WITH_3DES_EDE_CBC_SHA.
      See Also:
    • TLS_RSA_WITH_3DES_EDE_CBC_SHA

      public static final int TLS_RSA_WITH_3DES_EDE_CBC_SHA
      See Also:
    • SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA

      public static final int SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA

      public static final int TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • SSL3_DH_DSS_WITH_DES_CBC_SHA

      @Deprecated public static final int SSL3_DH_DSS_WITH_DES_CBC_SHA
      Deprecated.
      Replaced with TLS_DH_DSS_WITH_DES_CBC_SHA.
      See Also:
    • TLS_DH_DSS_WITH_DES_CBC_SHA

      public static final int TLS_DH_DSS_WITH_DES_CBC_SHA
      See Also:
    • SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA

      @Deprecated public static final int SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA
      Deprecated.
      Replaced with TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA.
      See Also:
    • TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA

      public static final int TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
      See Also:
    • SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

      public static final int SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

      public static final int TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • SSL3_DH_RSA_WITH_DES_CBC_SHA

      @Deprecated public static final int SSL3_DH_RSA_WITH_DES_CBC_SHA
      Deprecated.
      Replaced with TLS_DH_RSA_WITH_DES_CBC_SHA.
      See Also:
    • TLS_DH_RSA_WITH_DES_CBC_SHA

      public static final int TLS_DH_RSA_WITH_DES_CBC_SHA
      See Also:
    • SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA

      @Deprecated public static final int SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA
      Deprecated.
      Replaced with TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA.
      See Also:
    • TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA

      public static final int TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
      See Also:
    • SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

      public static final int SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

      public static final int TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • SSL3_DHE_DSS_WITH_DES_CBC_SHA

      @Deprecated public static final int SSL3_DHE_DSS_WITH_DES_CBC_SHA
      Deprecated.
      Replaced with TLS_DHE_DSS_WITH_DES_CBC_SHA.
      See Also:
    • TLS_DHE_DSS_WITH_DES_CBC_SHA

      public static final int TLS_DHE_DSS_WITH_DES_CBC_SHA
      See Also:
    • SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA

      @Deprecated public static final int SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA
      Deprecated.
      Replaced with TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.
      See Also:
    • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

      public static final int TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
      See Also:
    • SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

      public static final int SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

      public static final int TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • SSL3_DHE_RSA_WITH_DES_CBC_SHA

      @Deprecated public static final int SSL3_DHE_RSA_WITH_DES_CBC_SHA
      Deprecated.
      Replaced with TLS_DHE_RSA_WITH_DES_CBC_SHA.
      See Also:
    • TLS_DHE_RSA_WITH_DES_CBC_SHA

      public static final int TLS_DHE_RSA_WITH_DES_CBC_SHA
      See Also:
    • SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA

      @Deprecated public static final int SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA
      Deprecated.
      Replaced with TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA.
      See Also:
    • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

      public static final int TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
      See Also:
    • SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5

      public static final int SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5
      See Also:
    • TLS_DH_anon_EXPORT_WITH_RC4_40_MD5

      public static final int TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
      See Also:
    • SSL3_DH_ANON_WITH_RC4_128_MD5

      @Deprecated public static final int SSL3_DH_ANON_WITH_RC4_128_MD5
      Deprecated.
      Replaced with TLS_DH_anon_WITH_RC4_128_MD5.
      See Also:
    • TLS_DH_anon_WITH_RC4_128_MD5

      public static final int TLS_DH_anon_WITH_RC4_128_MD5
      See Also:
    • SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA

      public static final int SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA

      public static final int TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
      See Also:
    • SSL3_DH_ANON_WITH_DES_CBC_SHA

      @Deprecated public static final int SSL3_DH_ANON_WITH_DES_CBC_SHA
      Deprecated.
      Replaced with TLS_DH_anon_WITH_DES_CBC_SHA.
      See Also:
    • TLS_DH_anon_WITH_DES_CBC_SHA

      public static final int TLS_DH_anon_WITH_DES_CBC_SHA
      See Also:
    • SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA

      @Deprecated public static final int SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA
      Deprecated.
      Replaced with TLS_DH_anon_WITH_3DES_EDE_CBC_SHA.
      See Also:
    • TLS_DH_anon_WITH_3DES_EDE_CBC_SHA

      public static final int TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
      See Also:
    • SSL3_FORTEZZA_DMS_WITH_NULL_SHA

      @Deprecated public static final int SSL3_FORTEZZA_DMS_WITH_NULL_SHA
      Deprecated.
      As of NSS 3.11, FORTEZZA is no longer supported.
      See Also:
    • SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA

      @Deprecated public static final int SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA
      Deprecated.
      As of NSS 3.11, FORTEZZA is no longer supported.
      See Also:
    • SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA

      @Deprecated public static final int SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA
      Deprecated.
      As of NSS 3.11, FORTEZZA is no longer supported.
      See Also:
    • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA

      public static final int SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
      See Also:
    • SSL_RSA_FIPS_WITH_DES_CBC_SHA

      public static final int SSL_RSA_FIPS_WITH_DES_CBC_SHA
      See Also:
    • TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

      public static final int TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
      See Also:
    • TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

      public static final int TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
      See Also:
    • TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA

      public static final int TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
      See Also:
    • TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA

      public static final int TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
      See Also:
    • TLS_DHE_DSS_WITH_RC4_128_SHA

      public static final int TLS_DHE_DSS_WITH_RC4_128_SHA
      See Also:
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

      public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
      See Also:
    • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

      public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
      See Also:
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

      public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
      See Also:
    • TLS_RSA_WITH_AES_128_CBC_SHA

      public static final int TLS_RSA_WITH_AES_128_CBC_SHA
      See Also:
    • TLS_DH_DSS_WITH_AES_128_CBC_SHA

      public static final int TLS_DH_DSS_WITH_AES_128_CBC_SHA
      See Also:
    • TLS_DH_RSA_WITH_AES_128_CBC_SHA

      public static final int TLS_DH_RSA_WITH_AES_128_CBC_SHA
      See Also:
    • TLS_DHE_DSS_WITH_AES_128_CBC_SHA

      public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA
      See Also:
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA

      public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA
      See Also:
    • TLS_DH_ANON_WITH_AES_128_CBC_SHA

      @Deprecated public static final int TLS_DH_ANON_WITH_AES_128_CBC_SHA
      Deprecated.
      Replaced with TLS_DH_anon_WITH_AES_128_CBC_SHA.
      See Also:
    • TLS_DH_anon_WITH_AES_128_CBC_SHA

      public static final int TLS_DH_anon_WITH_AES_128_CBC_SHA
      See Also:
    • TLS_RSA_WITH_AES_256_CBC_SHA

      public static final int TLS_RSA_WITH_AES_256_CBC_SHA
      See Also:
    • TLS_DH_DSS_WITH_AES_256_CBC_SHA

      public static final int TLS_DH_DSS_WITH_AES_256_CBC_SHA
      See Also:
    • TLS_DH_RSA_WITH_AES_256_CBC_SHA

      public static final int TLS_DH_RSA_WITH_AES_256_CBC_SHA
      See Also:
    • TLS_DHE_DSS_WITH_AES_256_CBC_SHA

      public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA
      See Also:
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA

      public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA
      See Also:
    • TLS_DH_ANON_WITH_AES_256_CBC_SHA

      @Deprecated public static final int TLS_DH_ANON_WITH_AES_256_CBC_SHA
      Deprecated.
      Replaced with TLS_DH_anon_WITH_AES_256_CBC_SHA.
      See Also:
    • TLS_DH_anon_WITH_AES_256_CBC_SHA

      public static final int TLS_DH_anon_WITH_AES_256_CBC_SHA
      See Also:
    • TLS_RSA_WITH_NULL_SHA256

      public static final int TLS_RSA_WITH_NULL_SHA256
      See Also:
    • TLS_RSA_WITH_AES_128_CBC_SHA256

      public static final int TLS_RSA_WITH_AES_128_CBC_SHA256
      See Also:
    • TLS_RSA_WITH_AES_256_CBC_SHA256

      public static final int TLS_RSA_WITH_AES_256_CBC_SHA256
      See Also:
    • TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

      public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
      See Also:
    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

      public static final int TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
      See Also:
    • TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA

      public static final int TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
      See Also:
    • TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA

      public static final int TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
      See Also:
    • TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA

      public static final int TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
      See Also:
    • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA

      public static final int TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
      See Also:
    • TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA

      @Deprecated public static final int TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA
      Deprecated.
      Replaced with TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA.
      See Also:
    • TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA

      public static final int TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
      See Also:
    • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

      public static final int TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
      See Also:
    • TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA

      public static final int TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
      See Also:
    • TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA

      public static final int TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
      See Also:
    • TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA

      public static final int TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
      See Also:
    • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

      public static final int TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
      See Also:
    • TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA

      @Deprecated public static final int TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA
      Deprecated.
      Replaced with TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA.
      See Also:
    • TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA

      public static final int TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
      See Also:
    • TLS_RSA_WITH_SEED_CBC_SHA

      public static final int TLS_RSA_WITH_SEED_CBC_SHA
      See Also:
    • TLS_RSA_WITH_AES_128_GCM_SHA256

      public static final int TLS_RSA_WITH_AES_128_GCM_SHA256
      See Also:
    • TLS_RSA_WITH_AES_256_GCM_SHA384

      public static final int TLS_RSA_WITH_AES_256_GCM_SHA384
      See Also:
    • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

      public static final int TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
      See Also:
    • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

      public static final int TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
      See Also:
    • TLS_DHE_DSS_WITH_AES_128_GCM_SHA256

      public static final int TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
      See Also:
    • TLS_DHE_DSS_WITH_AES_256_GCM_SHA384

      public static final int TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
      See Also:
    • TLS_DHE_PSK_WITH_AES_128_GCM_SHA256

      public static final int TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
      See Also:
    • TLS_DHE_PSK_WITH_AES_256_GCM_SHA384

      public static final int TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
      See Also:
    • TLS_EMPTY_RENEGOTIATION_INFO_SCSV

      public static final int TLS_EMPTY_RENEGOTIATION_INFO_SCSV
      See Also:
    • TLS_FALLBACK_SCSV

      public static final int TLS_FALLBACK_SCSV
      See Also:
    • TLS_ECDH_ECDSA_WITH_NULL_SHA

      public static final int TLS_ECDH_ECDSA_WITH_NULL_SHA
      See Also:
    • TLS_ECDH_ECDSA_WITH_RC4_128_SHA

      public static final int TLS_ECDH_ECDSA_WITH_RC4_128_SHA
      See Also:
    • TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA

      public static final int TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
      See Also:
    • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

      public static final int TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
      See Also:
    • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

      public static final int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
      See Also:
    • TLS_ECDHE_ECDSA_WITH_NULL_SHA

      public static final int TLS_ECDHE_ECDSA_WITH_NULL_SHA
      See Also:
    • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

      public static final int TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
      See Also:
    • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA

      public static final int TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
      See Also:
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

      public static final int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
      See Also:
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

      public static final int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
      See Also:
    • TLS_ECDH_RSA_WITH_NULL_SHA

      public static final int TLS_ECDH_RSA_WITH_NULL_SHA
      See Also:
    • TLS_ECDH_RSA_WITH_RC4_128_SHA

      public static final int TLS_ECDH_RSA_WITH_RC4_128_SHA
      See Also:
    • TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA

      public static final int TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
      See Also:
    • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

      public static final int TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
      See Also:
    • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

      public static final int TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
      See Also:
    • TLS_ECDHE_RSA_WITH_NULL_SHA

      public static final int TLS_ECDHE_RSA_WITH_NULL_SHA
      See Also:
    • TLS_ECDHE_RSA_WITH_RC4_128_SHA

      public static final int TLS_ECDHE_RSA_WITH_RC4_128_SHA
      See Also:
    • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

      public static final int TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
      See Also:
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

      public static final int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
      See Also:
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

      public static final int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
      See Also:
    • TLS_ECDH_anon_WITH_NULL_SHA

      public static final int TLS_ECDH_anon_WITH_NULL_SHA
      See Also:
    • TLS_ECDH_anon_WITH_RC4_128_SHA

      public static final int TLS_ECDH_anon_WITH_RC4_128_SHA
      See Also:
    • TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

      public static final int TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
      See Also:
    • TLS_ECDH_anon_WITH_AES_128_CBC_SHA

      public static final int TLS_ECDH_anon_WITH_AES_128_CBC_SHA
      See Also:
    • TLS_ECDH_anon_WITH_AES_256_CBC_SHA

      public static final int TLS_ECDH_anon_WITH_AES_256_CBC_SHA
      See Also:
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

      public static final int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
      See Also:
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

      public static final int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
      See Also:
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

      public static final int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
      See Also:
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

      public static final int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
      See Also:
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

      public static final int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
      See Also:
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

      public static final int TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
      See Also:
    • TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256

      public static final int TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
      See Also:
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

      public static final int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      See Also:
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

      public static final int TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      See Also:
    • TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256

      public static final int TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
      See Also:
    • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

      public static final int TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
      See Also:
    • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

      public static final int TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
      See Also:
    • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

      public static final int TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
      See Also:
    • TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256

      public static final int TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
      See Also:
    • TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256

      public static final int TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
      See Also:
    • TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256

      public static final int TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
      See Also:
    • TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384

      public static final int TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384
      See Also:
    • TLS_AES_128_GCM_SHA256

      public static final int TLS_AES_128_GCM_SHA256
      See Also:
    • TLS_AES_256_GCM_SHA384

      public static final int TLS_AES_256_GCM_SHA384
      See Also:
    • TLS_CHACHA20_POLY1305_SHA256

      public static final int TLS_CHACHA20_POLY1305_SHA256
      See Also:
    • readLock

      private Object readLock
    • writeLock

      private Object writeLock
    • isClosed

      private boolean isClosed
    • inRead

      private boolean inRead
    • inWrite

      private boolean inWrite
    • inetAddress

      private InetAddress inetAddress
    • port

      private int port
    • sockProxy

      private SocketProxy sockProxy
    • open

      private boolean open
    • handshakeAsClient

      private boolean handshakeAsClient
    • base

      private SocketBase base
    • SSL_REQUIRE_NEVER

      public static final int SSL_REQUIRE_NEVER
      See Also:
    • SSL_REQUIRE_ALWAYS

      public static final int SSL_REQUIRE_ALWAYS
      See Also:
    • SSL_REQUIRE_FIRST_HANDSHAKE

      public static final int SSL_REQUIRE_FIRST_HANDSHAKE
      See Also:
    • SSL_REQUIRE_NO_ERROR

      public static final int SSL_REQUIRE_NO_ERROR
      See Also:
    • SSL_RENEGOTIATE_NEVER

      public static final int SSL_RENEGOTIATE_NEVER
      See Also:
    • SSL_RENEGOTIATE_REQUIRES_XTN

      public static final int SSL_RENEGOTIATE_REQUIRES_XTN
      See Also:
    • SSL_RENEGOTIATE_UNRESTRICTED

      public static final int SSL_RENEGOTIATE_UNRESTRICTED
      See Also:
    • SSL_RENEGOTIATE_TRANSITIONAL

      public static final int SSL_RENEGOTIATE_TRANSITIONAL
      See Also:
    • socketListeners

      private Collection<SSLSocketListener> socketListeners
    • handshakeCompletedListeners

      private Collection<SSLHandshakeCompletedListener> handshakeCompletedListeners
  • Constructor Details

    • SSLSocket

      SSLSocket()
      For sockets that get created by accept().
    • SSLSocket

      public SSLSocket(String host, int port) throws IOException
      Creates an SSL client socket and connects to the specified host and port.
      Parameters:
      host - The hostname to connect to.
      port - The port to connect to.
      Throws:
      IOException
    • SSLSocket

      public SSLSocket(InetAddress address, int port) throws IOException
      Creates an SSL client socket and connects to the specified address and port.
      Parameters:
      address - The IP address to connect to.
      port - The port to connect to.
      Throws:
      IOException
    • SSLSocket

      public SSLSocket(String host, int port, InetAddress localAddr, int localPort) throws IOException
      Creates an SSL client socket and connects to the specified host and port. Binds to the given local address and port.
      Parameters:
      host - The hostname to connect to.
      port - The port to connect to.
      localAddr - The local address to bind to. It can be null, in which case an unspecified local address will be chosen.
      localPort - The local port to bind to. If 0, a random port will be assigned to the socket.
      Throws:
      IOException
    • SSLSocket

      public SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort) throws IOException
      Creates an SSL client socket and connects to the specified address and port. Binds to the given local address and port.
      Parameters:
      address - The IP address to connect to.
      port - The port to connect to.
      localAddr - The local address to bind to. It can be null, in which case an unspecified local address will be chosen.
      localPort - The local port to bind to. If 0, a random port will be assigned to the socket.
      Throws:
      IOException
    • SSLSocket

      public SSLSocket(String host, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) throws IOException
      Creates an SSL client socket and connects to the specified host and port. Binds to the given local address and port. Installs the given callbacks for certificate approval and client certificate selection.
      Parameters:
      host - The hostname to connect to.
      port - The port to connect to.
      localAddr - The local address to bind to. It can be null, in which case an unspecified local address will be chosen.
      localPort - The local port to bind to. If 0, a random port will be assigned to the socket.
      certApprovalCallback - A callback that can be used to override approval of the peer's certificate.
      clientCertSelectionCallback - A callback to select the client certificate to present to the peer.
      Throws:
      IOException
    • SSLSocket

      @Deprecated public SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort, boolean stream, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) throws IOException
      Deprecated.
      As of JSS 3.0. The stream parameter is ignored, because only stream sockets are supported.
      Creates an SSL client socket and connects to the specified address and port. Binds to the given local address and port. Installs the given callbacks for certificate approval and client certificate selection.
      Parameters:
      address - The IP address to connect to.
      port - The port to connect to.
      localAddr - The local address to bind to. It can be null, in which case an unspecified local address will be chosen.
      localPort - The local port to bind to. If 0, a random port will be assigned to the socket.
      stream - This parameter is ignored. All SSLSockets are stream sockets.
      certApprovalCallback - A callback that can be used to override approval of the peer's certificate.
      clientCertSelectionCallback - A callback to select the client certificate to present to the peer.
      Throws:
      IOException
    • SSLSocket

      public SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) throws IOException
      Creates an SSL client socket and connects to the specified address and port. Binds to the given local address and port. Installs the given callbacks for certificate approval and client certificate selection.
      Parameters:
      address - The IP address to connect to.
      port - The port to connect to.
      localAddr - The local address to bind to. It can be null, in which case an unspecified local address will be chosen.
      localPort - The local port to bind to. If 0, a random port will be assigned to the socket.
      certApprovalCallback - A callback that can be used to override approval of the peer's certificate.
      clientCertSelectionCallback - A callback to select the client certificate to present to the peer.
      Throws:
      IOException
    • SSLSocket

      private SSLSocket(InetAddress address, String hostname, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) throws IOException
      Throws:
      IOException
    • SSLSocket

      public SSLSocket(Socket s, String host, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) throws IOException
      Creates an SSL client socket using the given Java socket for underlying I/O. Installs the given callbacks for certificate approval and client certificate selection.
      Parameters:
      s - The Java socket to use for underlying I/O.
      host - The hostname of the remote side of the connection. This name is used to verify the server's certificate.
      certApprovalCallback - A callback that can be used to override approval of the peer's certificate.
      clientCertSelectionCallback - A callback to select the client certificate to present to the peer.
      Throws:
      IOException
  • Method Details

    • setSockProxy

      void setSockProxy(SocketProxy sp)
      Should only be called by SSLServerSocket after a successful accept().
    • getInetAddress

      public InetAddress getInetAddress()
      Overrides:
      getInetAddress in class Socket
      Returns:
      The remote peer's IP address or null if the SSLSocket is closed.
    • getLocalAddress

      public InetAddress getLocalAddress()
      Overrides:
      getLocalAddress in class Socket
      Returns:
      The local IP address or null if the SSLSocket is closed.
    • getLocalPort

      public int getLocalPort()
      Overrides:
      getLocalPort in class Socket
      Returns:
      The local port or -1 if the SSLSocket is closed.
    • getPort

      public int getPort()
      Overrides:
      getPort in class Socket
      Returns:
      The remote port.
    • getInputStream

      public InputStream getInputStream() throws IOException
      Returns the input stream for reading from this socket.
      Overrides:
      getInputStream in class Socket
      Throws:
      IOException
    • getOutputStream

      public OutputStream getOutputStream() throws IOException
      Returns the output stream for writing to this socket.
      Overrides:
      getOutputStream in class Socket
      Throws:
      IOException
    • setTcpNoDelay

      public void setTcpNoDelay(boolean on) throws SocketException
      Enables or disables the TCP_NO_DELAY socket option. Enabling this option will disable the Nagle algorithm.
      Overrides:
      setTcpNoDelay in class Socket
      Throws:
      SocketException
    • getTcpNoDelay

      public boolean getTcpNoDelay() throws SocketException
      Returns the current setting of the TCP_NO_DELAY socket option.
      Overrides:
      getTcpNoDelay in class Socket
      Throws:
      SocketException
    • setKeepAlive

      public void setKeepAlive(boolean on) throws SocketException
      Enables or disables the SO_KEEPALIVE socket option.
      Overrides:
      setKeepAlive in class Socket
      Throws:
      SocketException
    • getKeepAlive

      public boolean getKeepAlive() throws SocketException
      Returns the current setting of the SO_KEEPALIVE socket option.
      Overrides:
      getKeepAlive in class Socket
      Throws:
      SocketException
    • shutdownInput

      public void shutdownInput() throws IOException
      Shuts down the input side of the socket.
      Overrides:
      shutdownInput in class Socket
      Throws:
      IOException
    • shutdownOutput

      public void shutdownOutput() throws IOException
      Shuts down the output side of the socket.
      Overrides:
      shutdownOutput in class Socket
      Throws:
      IOException
    • shutdownNative

      private void shutdownNative(int how) throws IOException
      Throws:
      IOException
    • abortReadWrite

      private void abortReadWrite() throws IOException
      Throws:
      IOException
    • setSoLinger

      public void setSoLinger(boolean on, int linger) throws SocketException
      Sets the SO_LINGER socket option. param linger The time (in seconds) to linger for.
      Overrides:
      setSoLinger in class Socket
      Throws:
      SocketException
    • getSoLinger

      public int getSoLinger() throws SocketException
      Returns the current value of the SO_LINGER socket option.
      Overrides:
      getSoLinger in class Socket
      Throws:
      SocketException
    • setSoTimeout

      public void setSoTimeout(int timeout) throws SocketException
      Sets the SO_TIMEOUT socket option.
      Overrides:
      setSoTimeout in class Socket
      Parameters:
      timeout - The timeout time in milliseconds.
      Throws:
      SocketException
    • getSoTimeout

      public int getSoTimeout() throws SocketException
      Returns the current value of the SO_TIMEOUT socket option.
      Overrides:
      getSoTimeout in class Socket
      Returns:
      The timeout time in milliseconds.
      Throws:
      SocketException
    • setSendBufferSize

      public void setSendBufferSize(int size) throws SocketException
      Sets the size (in bytes) of the send buffer.
      Overrides:
      setSendBufferSize in class Socket
      Throws:
      SocketException
    • getSendBufferSize

      public int getSendBufferSize() throws SocketException
      Returns the size (in bytes) of the send buffer.
      Overrides:
      getSendBufferSize in class Socket
      Throws:
      SocketException
    • setReceiveBufferSize

      public void setReceiveBufferSize(int size) throws SocketException
      Sets the size (in bytes) of the receive buffer.
      Overrides:
      setReceiveBufferSize in class Socket
      Throws:
      SocketException
    • getReceiveBufferSize

      public int getReceiveBufferSize() throws SocketException
      Returns the size (in bytes) of the receive buffer.
      Overrides:
      getReceiveBufferSize in class Socket
      Throws:
      SocketException
    • close

      public void close() throws IOException
      Closes this socket.
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
      Overrides:
      close in class Socket
      Throws:
      IOException
    • socketConnect

      private void socketConnect(byte[] addr, String hostname, int port) throws SocketException
      Throws:
      SocketException
    • addSocketListener

      public void addSocketListener(SSLSocketListener listener)
    • removeSocketListener

      public void removeSocketListener(SSLSocketListener listener)
    • fireAlertReceivedEvent

      private void fireAlertReceivedEvent(SSLAlertEvent event)
    • fireAlertSentEvent

      private void fireAlertSentEvent(SSLAlertEvent event)
    • addHandshakeCompletedListener

      public void addHandshakeCompletedListener(SSLHandshakeCompletedListener listener)
      Adds a listener to be notified when an SSL handshake completes.
    • removeHandshakeCompletedListener

      public void removeHandshakeCompletedListener(SSLHandshakeCompletedListener listener)
      Removes a previously registered listener for handshake completion.
    • notifyAllHandshakeListeners

      private void notifyAllHandshakeListeners()
    • enableSSL2

      public void enableSSL2(boolean enable) throws SocketException
      Enables SSL v2 on this socket. It is enabled by default, unless the default has been changed with enableSSL2Default.
      Throws:
      SocketException
    • enableSSL2Default

      public static void enableSSL2Default(boolean enable) throws SocketException
      Sets the default for SSL v2 for all new sockets.
      Throws:
      SocketException
    • enableSSL3

      public void enableSSL3(boolean enable) throws SocketException
      Enables SSL v3 on this socket. It is enabled by default, unless the default has been changed with enableSSL3Default.
      Throws:
      SocketException
    • enableSSL3Default

      public static void enableSSL3Default(boolean enable) throws SocketException
      Sets the default for SSL v3 for all new sockets.
      Throws:
      SocketException
    • enableTLS

      public void enableTLS(boolean enable) throws SocketException
      Enables TLS on this socket. It is enabled by default, unless the default has been changed with enableTLSDefault.
      Throws:
      SocketException
    • enableTLSDefault

      public static void enableTLSDefault(boolean enable) throws SocketException
      Sets the default for TLS for all new sockets.
      Throws:
      SocketException
    • enableSessionTickets

      public void enableSessionTickets(boolean enable) throws SocketException
      Enables Session tickets on this socket. It is disabled by default, unless the default has been changed with enableSessionTicketsDefault.
      Throws:
      SocketException
    • enableSessionTicketsDefault

      public static void enableSessionTicketsDefault(boolean enable) throws SocketException
      Sets the default for Session Tickets for all new sockets.
      Throws:
      SocketException
    • enableRenegotiation

      public void enableRenegotiation(int mode) throws SocketException
      Enables the mode of renegotiation that the peer must use on this socket. Default is never renegotiate at all. Unless the default has been changed with SSLSocket.enableRenegotiationDefault.
      Parameters:
      mode - One of: SSLSocket.SSL_RENEGOTIATE_NEVER - Never renegotiate at all. SSLSocket.SSL_RENEGOTIATE_UNRESTRICTED - Renegotiate without restriction, whether or not the peer's hello bears the TLS renegotiation info extension. Vulnerable, as in the past. SSLSocket.SSL_RENEGOTIATE_REQUIRES_XTN - Only renegotiate if the peer's hello bears the TLS renegotiation_info extension. This is safe renegotiation. SSLSocket.SSL_RENEGOTIATE_TRANSITIONAL - Disallow unsafe renegotiation in server sockets only, but allow clients to continue to renegotiate with vulnerable servers. This value should only be used during the transition period when few servers have been upgraded.
      Throws:
      SocketException
    • enableRenegotiationDefault

      public static void enableRenegotiationDefault(int mode) throws SocketException
      Set the mode of renegotiation that the peer must use for all new sockets. The default is never renegotiate at all.
      Parameters:
      mode - One of: SSLSocket.SSL_RENEGOTIATE_NEVER - Never renegotiate at all. SSLSocket.SSL_RENEGOTIATE_UNRESTRICTED - Renegotiate without restriction, whether or not the peer's hello bears the TLS renegotiation info extension. Vulnerable, as in the past. SSLSocket.SSL_RENEGOTIATE_REQUIRES_XTN - Only renegotiate if the peer's hello bears the TLS renegotiation_info extension. This is safe renegotiation. SSLSocket.SSL_RENEGOTIATE_TRANSITIONAL - Disallow unsafe renegotiation in server sockets only, but allow clients to continue to renegotiate with vulnerable servers. This value should only be used during the transition period when few servers have been upgraded.
      Throws:
      SocketException
    • enableRequireSafeNegotiation

      public void enableRequireSafeNegotiation(boolean enable) throws SocketException
      For this socket require that the peer must send Signaling Cipher Suite Value (SCSV) or Renegotiation Info (RI) extension in ALL handshakes. It is disabled by default, unless the default has been changed with SSLSocket.enableRequireSafeNegotiationDefault.
      Throws:
      SocketException
    • enableRequireSafeNegotiationDefault

      public static void enableRequireSafeNegotiationDefault(boolean enable) throws SocketException
      For this socket require that the peer must send Signaling Cipher Suite Value (SCSV) or Renegotiation Info (RI) extension in ALL handshakes. It is disabled by default.
      Throws:
      SocketException
    • enableRollbackDetection

      public void enableRollbackDetection(boolean enable) throws SocketException
      Enable rollback detection for this socket. It is enabled by default, unless the default has been changed with enableRollbackDetectionDefault.
      Throws:
      SocketException
    • enableRollbackDetectionDefault

      static void enableRollbackDetectionDefault(boolean enable) throws SocketException
      Sets the default rollback detection for all new sockets.
      Throws:
      SocketException
    • enableStepDown

      public void enableStepDown(boolean enable) throws SocketException
      This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites. If the server cert's public key is 512 bits or less this option is ignored because step-down keys don't need to be generated. If the server cert's public key is more than 512 bits, this option has the following effect: enable=true: generate step-down keys enable=false: don't generate step-down keys; disable export cipher suites This option is enabled by default; unless the default has been changed with SSLSocket.enableStepDownDefault.
      Throws:
      SocketException
    • enableStepDownDefault

      static void enableStepDownDefault(boolean enable) throws SocketException
      This option, enableStepDownDefault, is concerned with the generation of step-down keys which are used with export suites. This options will set the default for all sockets. If the server cert's public key is 512 bits of less, this option is ignored because step-down keys don't need to be generated. If the server cert's public key is more than 512 bits, this option has the following effect: enable=true: generate step-down keys enable=false: don't generate step-down keys; disable export cipher suites This option is enabled by default for all sockets.
      Throws:
      SocketException
    • enableFDX

      public void enableFDX(boolean enable) throws SocketException
      Enable simultaneous read/write by separate read and write threads (full duplex) for this socket. It is disabled by default, unless the default has been changed with enableFDXDefault.
      Throws:
      SocketException
    • enableFDXDefault

      static void enableFDXDefault(boolean enable) throws SocketException
      Sets the default to permit simultaneous read/write by separate read and write threads (full duplex) for all new sockets.
      Throws:
      SocketException
    • enableV2CompatibleHello

      public void enableV2CompatibleHello(boolean enable) throws SocketException
      Enable sending v3 client hello in v2 format for this socket. It is enabled by default, unless the default has been changed with enableV2CompatibleHelloDefault.
      Throws:
      SocketException
    • enableV2CompatibleHelloDefault

      static void enableV2CompatibleHelloDefault(boolean enable) throws SocketException
      Sets the default to send v3 client hello in v2 format for all new sockets.
      Throws:
      SocketException
    • enablePostHandshakeAuth

      public void enablePostHandshakeAuth(boolean enable) throws SocketException
      Enable or disable post-handshake auth for a single socket.
      Throws:
      SocketException
    • enablePostHandshakeAuthDefault

      public static void enablePostHandshakeAuthDefault(boolean enable) throws SocketException
      Sets the default to allow post-handshake auth globally.
      Throws:
      SocketException
    • getSSLOptions

      public String getSSLOptions()
      Returns:
      a String listing the current SSLOptions for this SSLSocket.
    • getSSLDefaultOption

      private static int getSSLDefaultOption(int option) throws SocketException
      Parameters:
      option -
      Returns:
      0 for option disabled 1 for option enabled.
      Throws:
      SocketException
    • getSSLDefaultOptions

      public static String getSSLDefaultOptions()
      Returns:
      a String listing the Default SSLOptions for all SSLSockets.
    • requireClientAuth

      @Deprecated public void requireClientAuth(boolean require, boolean onRedo) throws SocketException
      Deprecated.
      use requireClientAuth(int)
      Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.
      Throws:
      SocketException
    • requireClientAuth

      public void requireClientAuth(int mode) throws SocketException
      Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself with the requirement that was set.
      Parameters:
      mode - One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR
      Throws:
      SocketException
    • requireClientAuthDefault

      @Deprecated public void requireClientAuthDefault(boolean require, boolean onRedo) throws SocketException
      Deprecated.
      use requireClientAuthDefault(int)
      Sets the default setting for requiring client authorization. All subsequently created sockets will use this default setting.
      Throws:
      SocketException
    • requireClientAuthDefault

      public static void requireClientAuthDefault(int mode) throws SocketException
      Sets the default setting for requiring client authorization. All subsequently created sockets will use this default setting This is only meaningful for the server end of the SSL connection.
      Parameters:
      mode - One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR
      Throws:
      SocketException
    • forceHandshake

      public void forceHandshake() throws SocketException
      Force an already started SSL handshake to complete. This method should block until the handshake has completed.
      Throws:
      SocketException
    • setUseClientMode

      public void setUseClientMode(boolean b)
      Determines whether this end of the socket is the client or the server for purposes of the SSL protocol. By default, it is the client.
      Parameters:
      b - true if this end of the socket is the SSL slient, false if it is the SSL server.
    • getUseClientMode

      public boolean getUseClientMode()
      Returns:
      true if this end of the socket is the SSL client, false if it is the SSL server.
    • resetHandshake

      public void resetHandshake() throws SocketException
      Resets the handshake state.
      Throws:
      SocketException
    • resetHandshakeNative

      private void resetHandshakeNative(boolean asClient) throws SocketException
      Throws:
      SocketException
    • getStatus

      public SSLSecurityStatus getStatus() throws SocketException
      Returns the security status of this socket.
      Throws:
      SocketException
    • setClientCertNickname

      public void setClientCertNickname(String nick) throws SocketException
      Sets the nickname of the certificate to use for client authentication. Alternately, you can specify an SSLClientCertificateSelectionCallback, which will receive a list of certificates that are valid for client authentication.
      Throws:
      SocketException
      See Also:
    • setClientCert

      public void setClientCert(X509Certificate cert) throws SocketException
      Sets the certificate to use for client authentication. Alternately, you can specify an SSLClientCertificateSelectionCallback, which will receive a list of certificates that are valid for client authentication.
      Throws:
      SocketException
      See Also:
    • requestClientAuth

      public void requestClientAuth(boolean b) throws SocketException
      Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.
      Throws:
      SocketException
      See Also:
    • setNeedClientAuth

      @Deprecated public void setNeedClientAuth(boolean b) throws SocketException
      Deprecated.
      As of JSS 3.0. This method is misnamed. Use requestClientAuth instead.
      Throws:
      SocketException
    • setNeedClientAuthNoExpiryCheck

      @Deprecated public void setNeedClientAuthNoExpiryCheck(boolean b) throws SocketException
      Deprecated.
      As of JSS 3.0. This method is misnamed. Use requestClientAuthNoExpiryCheck instead.
      Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.

      In addition, the client certificate's expiration will not prevent it from being accepted.

      Throws:
      SocketException
      See Also:
    • useCache

      public void useCache(boolean b) throws SocketException
      Enables/disables the session cache. By default, the session cache is enabled.
      Throws:
      SocketException
    • useCacheDefault

      public void useCacheDefault(boolean b) throws SocketException
      Sets the default setting for use of the session cache.
      Throws:
      SocketException
    • setSSLVersionRangeDefault

      public static void setSSLVersionRangeDefault(SSLProtocolVariant ssl_variant, SSLVersionRange range) throws SocketException
      Throws:
      SocketException
    • boundSSLVersionRange

      public static SSLVersionRange boundSSLVersionRange(SSLProtocolVariant ssl_variant, SSLVersionRange range) throws SocketException
      Throws:
      SocketException
    • setSSLVersionRangeDefault

      private static void setSSLVersionRangeDefault(int ssl_variant, int min, int max) throws SocketException
      Sets SSL Version Range Default
      Throws:
      SocketException
    • boundSSLVersionRange

      private static SSLVersionRange boundSSLVersionRange(int ssl_variant, int min, int max) throws SocketException
      Checks SSL Version Range against Default
      Throws:
      SocketException
    • setSSLDefaultOption

      private static void setSSLDefaultOption(int option, boolean on) throws SocketException
      Throws:
      SocketException
    • setSSLDefaultOption

      private static void setSSLDefaultOption(int option, int on) throws SocketException
      Sets SSL Default options that have simple enable/disable values.
      Throws:
      SocketException
    • setSSLDefaultOptionMode

      private static void setSSLDefaultOptionMode(int option, int mode) throws SocketException
      Set SSL default options that have more modes than enable/disable.
      Throws:
      SocketException
    • setCipherPreference

      public void setCipherPreference(int cipher, boolean enable) throws SocketException
      Enables/disables the cipher on this socket.
      Throws:
      SocketException
    • getCipherPreference

      public boolean getCipherPreference(int cipher) throws SocketException
      Returns whether this cipher is enabled or disabled on this socket.
      Throws:
      SocketException
    • setCipherPreferenceDefault

      public static void setCipherPreferenceDefault(int cipher, boolean enable) throws SocketException
      Sets the default for whether this cipher is enabled or disabled.
      Throws:
      SocketException
    • getCipherPreferenceDefault

      public static boolean getCipherPreferenceDefault(int cipher) throws SocketException
      Returns the default for whether this cipher is enabled or disabled.
      Throws:
      SocketException
    • socketAvailable

      int socketAvailable() throws IOException
      Throws:
      IOException
    • read

      int read(byte[] b, int off, int len) throws IOException, SocketTimeoutException
      Throws:
      IOException
      SocketTimeoutException
    • write

      void write(byte[] b, int off, int len) throws IOException, SocketTimeoutException
      Throws:
      IOException
      SocketTimeoutException
    • socketRead

      private int socketRead(byte[] b, int off, int len, int timeout) throws IOException
      Throws:
      IOException
    • socketWrite

      private void socketWrite(byte[] b, int off, int len, int timeout) throws IOException
      Throws:
      IOException
    • invalidateSession

      public void invalidateSession() throws SocketException
      Removes the current session from the session cache.
      Throws:
      SocketException
    • redoHandshake

      public void redoHandshake() throws SocketException
      Causes SSL to begin a full, new SSL 3.0 handshake from scratch on a connection that has already completed one handshake.

      Does not flush the SSL3 cache entry first, so a full handshake will not take place. Instead only the symmetric session keys will be regenerated.

      Throws:
      SocketException
    • redoHandshake

      public void redoHandshake(boolean flushCache) throws SocketException
      Causes SSL to begin a full, new SSL 3.0 handshake from scratch on a connection that has already completed one handshake.
      Parameters:
      flushCache - If true, this session will be flushed from the cache. This will force a complete SSL handshake with a private key operation. If false, only the session key will be regenerated.
      Throws:
      SocketException
    • finalize

      @Deprecated protected void finalize() throws Throwable
      Deprecated.
      finalize() in Object has been deprecated
      Overrides:
      finalize in class Object
      Throws:
      Throwable
    • setCipherPolicy

      public static void setCipherPolicy(CipherPolicy cp) throws SocketException
      Sets the SSL cipher policy. This must be called before creating any SSL sockets.
      Throws:
      SocketException
    • setCipherPolicyNative

      private static void setCipherPolicyNative(int policyEnum) throws SocketException
      Throws:
      SocketException
    • toString

      public String toString()
      Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.
      Overrides:
      toString in class Socket
    • isFipsCipherSuite

      public static boolean isFipsCipherSuite(int ciphersuite) throws SocketException
      isFipsCipherSuite
      Returns:
      true if the ciphersuite isFIPS, false otherwise
      Throws:
      SocketException
    • isFipsCipherSuiteNative

      private static boolean isFipsCipherSuiteNative(int ciphersuite) throws SocketException
      Throws:
      SocketException
    • getImplementedCipherSuites

      public static int[] getImplementedCipherSuites()
      Returns a list of cipher suites that are implemented by NSS. Each element in the array will be one of the cipher suite constants defined in this class (for example, TLS_RSA_WITH_AES_128_CBC_SHA).