Package org.mozilla.jss.ssl
Class SSLSocket
java.lang.Object
java.net.Socket
org.mozilla.jss.ssl.SSLSocket
- All Implemented Interfaces:
Closeable
,AutoCloseable
SSL client socket.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate SocketBase
private boolean
private Collection
<SSLHandshakeCompletedListener> private InetAddress
private boolean
private boolean
private boolean
private boolean
private int
private Object
private Collection
<SSLSocketListener> private SocketProxy
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
Note the following cipher-suites constants are not all implemented.static final int
static final int
static final int
Deprecated.Replaced with TLS_DH_anon_WITH_3DES_EDE_CBC_SHA.static final int
Deprecated.Replaced with TLS_DH_anon_WITH_DES_CBC_SHA.static final int
Deprecated.Replaced with TLS_DH_anon_WITH_RC4_128_MD5.static final int
static final int
Deprecated.Replaced with TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA.static final int
Deprecated.Replaced with TLS_DH_DSS_WITH_DES_CBC_SHA.static final int
static final int
Deprecated.Replaced with TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA.static final int
Deprecated.Replaced with TLS_DH_RSA_WITH_DES_CBC_SHA.static final int
static final int
Deprecated.Replaced with TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.static final int
Deprecated.Replaced with TLS_DHE_DSS_WITH_DES_CBC_SHA.static final int
static final int
Deprecated.Replaced with TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA.static final int
Deprecated.Replaced with TLS_DHE_RSA_WITH_DES_CBC_SHA.static final int
Deprecated.As of NSS 3.11, FORTEZZA is no longer supported.static final int
Deprecated.As of NSS 3.11, FORTEZZA is no longer supported.static final int
Deprecated.As of NSS 3.11, FORTEZZA is no longer supported.static final int
static final int
static final int
static final int
Deprecated.Replaced with TLS_RSA_WITH_3DES_EDE_CBC_SHA.static final int
Deprecated.Replaced with TLS_RSA_WITH_DES_CBC_SHA.static final int
Deprecated.Replaced with TLS_RSA_WITH_IDEA_CBC_SHA.static final int
Deprecated.Replaced with TLS_RSA_WITH_NULL_MD5.static final int
Deprecated.Replaced with TLS_RSA_WITH_NULL_SHA.static final int
Deprecated.Replaced with TLS_RSA_WITH_RC4_128_MD5.static final int
Deprecated.Replaced with TLS_RSA_WITH_RC4_128_SHA.static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
Deprecated.Replaced with TLS_DH_anon_WITH_AES_128_CBC_SHA.static final int
static final int
Deprecated.Replaced with TLS_DH_anon_WITH_AES_256_CBC_SHA.static final int
static final int
Deprecated.Replaced with TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA.static final int
static final int
Deprecated.Replaced with TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA.static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
private Object
-
Constructor Summary
ConstructorsModifierConstructorDescription(package private)
For sockets that get created by accept().Creates an SSL client socket and connects to the specified host and port.SSLSocket
(String host, int port, InetAddress localAddr, int localPort) Creates an SSL client socket and connects to the specified host and port.SSLSocket
(String host, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) Creates an SSL client socket and connects to the specified host and port.SSLSocket
(InetAddress address, int port) Creates an SSL client socket and connects to the specified address and port.SSLSocket
(InetAddress address, int port, InetAddress localAddr, int localPort) Creates an SSL client socket and connects to the specified address and port.SSLSocket
(InetAddress address, int port, InetAddress localAddr, int localPort, boolean stream, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) Deprecated.As of JSS 3.0.SSLSocket
(InetAddress address, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) Creates an SSL client socket and connects to the specified address and port.private
SSLSocket
(InetAddress address, String hostname, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) SSLSocket
(Socket s, String host, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) Creates an SSL client socket using the given Java socket for underlying I/O. -
Method Summary
Modifier and TypeMethodDescriptionprivate void
void
Adds a listener to be notified when an SSL handshake completes.void
addSocketListener
(SSLSocketListener listener) private static SSLVersionRange
boundSSLVersionRange
(int ssl_variant, int min, int max) Checks SSL Version Range against Defaultstatic SSLVersionRange
boundSSLVersionRange
(SSLProtocolVariant ssl_variant, SSLVersionRange range) void
close()
Closes this socket.void
enableFDX
(boolean enable) Enable simultaneous read/write by separate read and write threads (full duplex) for this socket.(package private) static void
enableFDXDefault
(boolean enable) Sets the default to permit simultaneous read/write by separate read and write threads (full duplex) for all new sockets.void
enablePostHandshakeAuth
(boolean enable) Enable or disable post-handshake auth for a single socket.static void
enablePostHandshakeAuthDefault
(boolean enable) Sets the default to allow post-handshake auth globally.void
enableRenegotiation
(int mode) Enables the mode of renegotiation that the peer must use on this socket.static void
enableRenegotiationDefault
(int mode) Set the mode of renegotiation that the peer must use for all new sockets.void
enableRequireSafeNegotiation
(boolean enable) For this socket require that the peer must send Signaling Cipher Suite Value (SCSV) or Renegotiation Info (RI) extension in ALL handshakes.static void
enableRequireSafeNegotiationDefault
(boolean enable) For this socket require that the peer must send Signaling Cipher Suite Value (SCSV) or Renegotiation Info (RI) extension in ALL handshakes.void
enableRollbackDetection
(boolean enable) Enable rollback detection for this socket.(package private) static void
enableRollbackDetectionDefault
(boolean enable) Sets the default rollback detection for all new sockets.void
enableSessionTickets
(boolean enable) Enables Session tickets on this socket.static void
enableSessionTicketsDefault
(boolean enable) Sets the default for Session Tickets for all new sockets.void
enableSSL2
(boolean enable) Enables SSL v2 on this socket.static void
enableSSL2Default
(boolean enable) Sets the default for SSL v2 for all new sockets.void
enableSSL3
(boolean enable) Enables SSL v3 on this socket.static void
enableSSL3Default
(boolean enable) Sets the default for SSL v3 for all new sockets.void
enableStepDown
(boolean enable) This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites.(package private) static void
enableStepDownDefault
(boolean enable) This option, enableStepDownDefault, is concerned with the generation of step-down keys which are used with export suites.void
enableTLS
(boolean enable) Enables TLS on this socket.static void
enableTLSDefault
(boolean enable) Sets the default for TLS for all new sockets.void
enableV2CompatibleHello
(boolean enable) Enable sending v3 client hello in v2 format for this socket.(package private) static void
enableV2CompatibleHelloDefault
(boolean enable) Sets the default to send v3 client hello in v2 format for all new sockets.protected void
finalize()
Deprecated.finalize() in Object has been deprecatedprivate void
private void
fireAlertSentEvent
(SSLAlertEvent event) void
Force an already started SSL handshake to complete.boolean
getCipherPreference
(int cipher) Returns whether this cipher is enabled or disabled on this socket.static boolean
getCipherPreferenceDefault
(int cipher) Returns the default for whether this cipher is enabled or disabled.static int[]
Returns a list of cipher suites that are implemented by NSS.Returns the input stream for reading from this socket.boolean
Returns the current setting of the SO_KEEPALIVE socket option.int
Returns the output stream for writing to this socket.int
getPort()
int
Returns the size (in bytes) of the receive buffer.int
Returns the size (in bytes) of the send buffer.int
Returns the current value of the SO_LINGER socket option.int
Returns the current value of the SO_TIMEOUT socket option.private static int
getSSLDefaultOption
(int option) static String
Returns the security status of this socket.boolean
Returns the current setting of the TCP_NO_DELAY socket option.boolean
void
Removes the current session from the session cache.static boolean
isFipsCipherSuite
(int ciphersuite) isFipsCipherSuiteprivate static boolean
isFipsCipherSuiteNative
(int ciphersuite) private void
(package private) int
read
(byte[] b, int off, int len) void
Causes SSL to begin a full, new SSL 3.0 handshake from scratch on a connection that has already completed one handshake.void
redoHandshake
(boolean flushCache) Causes SSL to begin a full, new SSL 3.0 handshake from scratch on a connection that has already completed one handshake.void
Removes a previously registered listener for handshake completion.void
removeSocketListener
(SSLSocketListener listener) void
requestClientAuth
(boolean b) Enables/disables the request of client authentication.void
requireClientAuth
(boolean require, boolean onRedo) Deprecated.use requireClientAuth(int)void
requireClientAuth
(int mode) Sets whether the socket requires client authentication from the remote peer.void
requireClientAuthDefault
(boolean require, boolean onRedo) Deprecated.use requireClientAuthDefault(int)static void
requireClientAuthDefault
(int mode) Sets the default setting for requiring client authorization.void
Resets the handshake state.private void
resetHandshakeNative
(boolean asClient) static void
Sets the SSL cipher policy.private static void
setCipherPolicyNative
(int policyEnum) void
setCipherPreference
(int cipher, boolean enable) Enables/disables the cipher on this socket.static void
setCipherPreferenceDefault
(int cipher, boolean enable) Sets the default for whether this cipher is enabled or disabled.void
setClientCert
(X509Certificate cert) Sets the certificate to use for client authentication.void
setClientCertNickname
(String nick) Sets the nickname of the certificate to use for client authentication.void
setKeepAlive
(boolean on) Enables or disables the SO_KEEPALIVE socket option.void
setNeedClientAuth
(boolean b) Deprecated.As of JSS 3.0.void
setNeedClientAuthNoExpiryCheck
(boolean b) Deprecated.As of JSS 3.0.void
setReceiveBufferSize
(int size) Sets the size (in bytes) of the receive buffer.void
setSendBufferSize
(int size) Sets the size (in bytes) of the send buffer.(package private) void
Should only be called by SSLServerSocket after a successful accept().void
setSoLinger
(boolean on, int linger) Sets the SO_LINGER socket option.void
setSoTimeout
(int timeout) Sets the SO_TIMEOUT socket option.private static void
setSSLDefaultOption
(int option, boolean on) private static void
setSSLDefaultOption
(int option, int on) Sets SSL Default options that have simple enable/disable values.private static void
setSSLDefaultOptionMode
(int option, int mode) Set SSL default options that have more modes than enable/disable.private static void
setSSLVersionRangeDefault
(int ssl_variant, int min, int max) Sets SSL Version Range Defaultstatic void
setSSLVersionRangeDefault
(SSLProtocolVariant ssl_variant, SSLVersionRange range) void
setTcpNoDelay
(boolean on) Enables or disables the TCP_NO_DELAY socket option.void
setUseClientMode
(boolean b) Determines whether this end of the socket is the client or the server for purposes of the SSL protocol.void
Shuts down the input side of the socket.private void
shutdownNative
(int how) void
Shuts down the output side of the socket.(package private) int
private void
socketConnect
(byte[] addr, String hostname, int port) private int
socketRead
(byte[] b, int off, int len, int timeout) private void
socketWrite
(byte[] b, int off, int len, int timeout) toString()
Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.void
useCache
(boolean b) Enables/disables the session cache.void
useCacheDefault
(boolean b) Sets the default setting for use of the session cache.(package private) void
write
(byte[] b, int off, int len) Methods inherited from class java.net.Socket
bind, connect, connect, getChannel, getLocalSocketAddress, getOOBInline, getOption, getRemoteSocketAddress, getReuseAddress, getTrafficClass, isBound, isClosed, isConnected, isInputShutdown, isOutputShutdown, sendUrgentData, setOOBInline, setOption, setPerformancePreferences, setReuseAddress, setSocketImplFactory, setTrafficClass, supportedOptions
-
Field Details
-
SSL2_RC4_128_WITH_MD5
public static final int SSL2_RC4_128_WITH_MD5Note the following cipher-suites constants are not all implemented. You need to call getImplementedCiphersuites.- See Also:
-
SSL2_RC4_128_EXPORT40_WITH_MD5
public static final int SSL2_RC4_128_EXPORT40_WITH_MD5- See Also:
-
SSL2_RC2_128_CBC_WITH_MD5
public static final int SSL2_RC2_128_CBC_WITH_MD5- See Also:
-
SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
public static final int SSL2_RC2_128_CBC_EXPORT40_WITH_MD5- See Also:
-
SSL2_IDEA_128_CBC_WITH_MD5
public static final int SSL2_IDEA_128_CBC_WITH_MD5- See Also:
-
SSL2_DES_64_CBC_WITH_MD5
public static final int SSL2_DES_64_CBC_WITH_MD5- See Also:
-
SSL2_DES_192_EDE3_CBC_WITH_MD5
public static final int SSL2_DES_192_EDE3_CBC_WITH_MD5- See Also:
-
TLS_NULL_WITH_NULL_NULL
public static final int TLS_NULL_WITH_NULL_NULL- See Also:
-
SSL3_RSA_WITH_NULL_MD5
Deprecated.Replaced with TLS_RSA_WITH_NULL_MD5.- See Also:
-
TLS_RSA_WITH_NULL_MD5
public static final int TLS_RSA_WITH_NULL_MD5- See Also:
-
SSL3_RSA_WITH_NULL_SHA
Deprecated.Replaced with TLS_RSA_WITH_NULL_SHA.- See Also:
-
TLS_RSA_WITH_NULL_SHA
public static final int TLS_RSA_WITH_NULL_SHA- See Also:
-
SSL3_RSA_EXPORT_WITH_RC4_40_MD5
public static final int SSL3_RSA_EXPORT_WITH_RC4_40_MD5- See Also:
-
TLS_RSA_EXPORT_WITH_RC4_40_MD5
public static final int TLS_RSA_EXPORT_WITH_RC4_40_MD5- See Also:
-
SSL3_RSA_WITH_RC4_128_MD5
Deprecated.Replaced with TLS_RSA_WITH_RC4_128_MD5.- See Also:
-
TLS_RSA_WITH_RC4_128_MD5
public static final int TLS_RSA_WITH_RC4_128_MD5- See Also:
-
SSL3_RSA_WITH_RC4_128_SHA
Deprecated.Replaced with TLS_RSA_WITH_RC4_128_SHA.- See Also:
-
TLS_RSA_WITH_RC4_128_SHA
public static final int TLS_RSA_WITH_RC4_128_SHA- See Also:
-
SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5
public static final int SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5- See Also:
-
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
public static final int TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5- See Also:
-
SSL3_RSA_WITH_IDEA_CBC_SHA
Deprecated.Replaced with TLS_RSA_WITH_IDEA_CBC_SHA.- See Also:
-
TLS_RSA_WITH_IDEA_CBC_SHA
public static final int TLS_RSA_WITH_IDEA_CBC_SHA- See Also:
-
SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final int SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final int TLS_RSA_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
SSL3_RSA_WITH_DES_CBC_SHA
Deprecated.Replaced with TLS_RSA_WITH_DES_CBC_SHA.- See Also:
-
TLS_RSA_WITH_DES_CBC_SHA
public static final int TLS_RSA_WITH_DES_CBC_SHA- See Also:
-
SSL3_RSA_WITH_3DES_EDE_CBC_SHA
Deprecated.Replaced with TLS_RSA_WITH_3DES_EDE_CBC_SHA.- See Also:
-
TLS_RSA_WITH_3DES_EDE_CBC_SHA
public static final int TLS_RSA_WITH_3DES_EDE_CBC_SHA- See Also:
-
SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
public static final int SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
public static final int TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
SSL3_DH_DSS_WITH_DES_CBC_SHA
Deprecated.Replaced with TLS_DH_DSS_WITH_DES_CBC_SHA.- See Also:
-
TLS_DH_DSS_WITH_DES_CBC_SHA
public static final int TLS_DH_DSS_WITH_DES_CBC_SHA- See Also:
-
SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA
Deprecated.Replaced with TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA.- See Also:
-
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
public static final int TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA- See Also:
-
SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final int SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final int TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
SSL3_DH_RSA_WITH_DES_CBC_SHA
Deprecated.Replaced with TLS_DH_RSA_WITH_DES_CBC_SHA.- See Also:
-
TLS_DH_RSA_WITH_DES_CBC_SHA
public static final int TLS_DH_RSA_WITH_DES_CBC_SHA- See Also:
-
SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA
Deprecated.Replaced with TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA.- See Also:
-
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
public static final int TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA- See Also:
-
SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
public static final int SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
public static final int TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
SSL3_DHE_DSS_WITH_DES_CBC_SHA
Deprecated.Replaced with TLS_DHE_DSS_WITH_DES_CBC_SHA.- See Also:
-
TLS_DHE_DSS_WITH_DES_CBC_SHA
public static final int TLS_DHE_DSS_WITH_DES_CBC_SHA- See Also:
-
SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Deprecated.Replaced with TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.- See Also:
-
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
public static final int TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA- See Also:
-
SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final int SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final int TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
SSL3_DHE_RSA_WITH_DES_CBC_SHA
Deprecated.Replaced with TLS_DHE_RSA_WITH_DES_CBC_SHA.- See Also:
-
TLS_DHE_RSA_WITH_DES_CBC_SHA
public static final int TLS_DHE_RSA_WITH_DES_CBC_SHA- See Also:
-
SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Deprecated.Replaced with TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA.- See Also:
-
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
public static final int TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA- See Also:
-
SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5
public static final int SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5- See Also:
-
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
public static final int TLS_DH_anon_EXPORT_WITH_RC4_40_MD5- See Also:
-
SSL3_DH_ANON_WITH_RC4_128_MD5
Deprecated.Replaced with TLS_DH_anon_WITH_RC4_128_MD5.- See Also:
-
TLS_DH_anon_WITH_RC4_128_MD5
public static final int TLS_DH_anon_WITH_RC4_128_MD5- See Also:
-
SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA
public static final int SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
public static final int TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA- See Also:
-
SSL3_DH_ANON_WITH_DES_CBC_SHA
Deprecated.Replaced with TLS_DH_anon_WITH_DES_CBC_SHA.- See Also:
-
TLS_DH_anon_WITH_DES_CBC_SHA
public static final int TLS_DH_anon_WITH_DES_CBC_SHA- See Also:
-
SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA
Deprecated.Replaced with TLS_DH_anon_WITH_3DES_EDE_CBC_SHA.- See Also:
-
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
public static final int TLS_DH_anon_WITH_3DES_EDE_CBC_SHA- See Also:
-
SSL3_FORTEZZA_DMS_WITH_NULL_SHA
Deprecated.As of NSS 3.11, FORTEZZA is no longer supported.- See Also:
-
SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA
Deprecated.As of NSS 3.11, FORTEZZA is no longer supported.- See Also:
-
SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA
Deprecated.As of NSS 3.11, FORTEZZA is no longer supported.- See Also:
-
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
public static final int SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA- See Also:
-
SSL_RSA_FIPS_WITH_DES_CBC_SHA
public static final int SSL_RSA_FIPS_WITH_DES_CBC_SHA- See Also:
-
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
public static final int TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA- See Also:
-
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
public static final int TLS_RSA_EXPORT1024_WITH_RC4_56_SHA- See Also:
-
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
public static final int TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA- See Also:
-
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
public static final int TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA- See Also:
-
TLS_DHE_DSS_WITH_RC4_128_SHA
public static final int TLS_DHE_DSS_WITH_RC4_128_SHA- See Also:
-
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA256- See Also:
-
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA256- See Also:
-
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA256- See Also:
-
TLS_RSA_WITH_AES_128_CBC_SHA
public static final int TLS_RSA_WITH_AES_128_CBC_SHA- See Also:
-
TLS_DH_DSS_WITH_AES_128_CBC_SHA
public static final int TLS_DH_DSS_WITH_AES_128_CBC_SHA- See Also:
-
TLS_DH_RSA_WITH_AES_128_CBC_SHA
public static final int TLS_DH_RSA_WITH_AES_128_CBC_SHA- See Also:
-
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA- See Also:
-
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA- See Also:
-
TLS_DH_ANON_WITH_AES_128_CBC_SHA
Deprecated.Replaced with TLS_DH_anon_WITH_AES_128_CBC_SHA.- See Also:
-
TLS_DH_anon_WITH_AES_128_CBC_SHA
public static final int TLS_DH_anon_WITH_AES_128_CBC_SHA- See Also:
-
TLS_RSA_WITH_AES_256_CBC_SHA
public static final int TLS_RSA_WITH_AES_256_CBC_SHA- See Also:
-
TLS_DH_DSS_WITH_AES_256_CBC_SHA
public static final int TLS_DH_DSS_WITH_AES_256_CBC_SHA- See Also:
-
TLS_DH_RSA_WITH_AES_256_CBC_SHA
public static final int TLS_DH_RSA_WITH_AES_256_CBC_SHA- See Also:
-
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA- See Also:
-
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA- See Also:
-
TLS_DH_ANON_WITH_AES_256_CBC_SHA
Deprecated.Replaced with TLS_DH_anon_WITH_AES_256_CBC_SHA.- See Also:
-
TLS_DH_anon_WITH_AES_256_CBC_SHA
public static final int TLS_DH_anon_WITH_AES_256_CBC_SHA- See Also:
-
TLS_RSA_WITH_NULL_SHA256
public static final int TLS_RSA_WITH_NULL_SHA256- See Also:
-
TLS_RSA_WITH_AES_128_CBC_SHA256
public static final int TLS_RSA_WITH_AES_128_CBC_SHA256- See Also:
-
TLS_RSA_WITH_AES_256_CBC_SHA256
public static final int TLS_RSA_WITH_AES_256_CBC_SHA256- See Also:
-
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA256- See Also:
-
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
public static final int TLS_RSA_WITH_CAMELLIA_128_CBC_SHA- See Also:
-
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
public static final int TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA- See Also:
-
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
public static final int TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA- See Also:
-
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
public static final int TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA- See Also:
-
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
public static final int TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA- See Also:
-
TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA
Deprecated.Replaced with TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA.- See Also:
-
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
public static final int TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA- See Also:
-
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
public static final int TLS_RSA_WITH_CAMELLIA_256_CBC_SHA- See Also:
-
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
public static final int TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA- See Also:
-
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
public static final int TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA- See Also:
-
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
public static final int TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA- See Also:
-
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
public static final int TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA- See Also:
-
TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA
Deprecated.Replaced with TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA.- See Also:
-
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
public static final int TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA- See Also:
-
TLS_RSA_WITH_SEED_CBC_SHA
public static final int TLS_RSA_WITH_SEED_CBC_SHA- See Also:
-
TLS_RSA_WITH_AES_128_GCM_SHA256
public static final int TLS_RSA_WITH_AES_128_GCM_SHA256- See Also:
-
TLS_RSA_WITH_AES_256_GCM_SHA384
public static final int TLS_RSA_WITH_AES_256_GCM_SHA384- See Also:
-
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
public static final int TLS_DHE_RSA_WITH_AES_128_GCM_SHA256- See Also:
-
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
public static final int TLS_DHE_RSA_WITH_AES_256_GCM_SHA384- See Also:
-
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
public static final int TLS_DHE_DSS_WITH_AES_128_GCM_SHA256- See Also:
-
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
public static final int TLS_DHE_DSS_WITH_AES_256_GCM_SHA384- See Also:
-
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
public static final int TLS_DHE_PSK_WITH_AES_128_GCM_SHA256- See Also:
-
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
public static final int TLS_DHE_PSK_WITH_AES_256_GCM_SHA384- See Also:
-
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
public static final int TLS_EMPTY_RENEGOTIATION_INFO_SCSV- See Also:
-
TLS_FALLBACK_SCSV
public static final int TLS_FALLBACK_SCSV- See Also:
-
TLS_ECDH_ECDSA_WITH_NULL_SHA
public static final int TLS_ECDH_ECDSA_WITH_NULL_SHA- See Also:
-
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
public static final int TLS_ECDH_ECDSA_WITH_RC4_128_SHA- See Also:
-
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
public static final int TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA- See Also:
-
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
public static final int TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA- See Also:
-
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
public static final int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA- See Also:
-
TLS_ECDHE_ECDSA_WITH_NULL_SHA
public static final int TLS_ECDHE_ECDSA_WITH_NULL_SHA- See Also:
-
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
public static final int TLS_ECDHE_ECDSA_WITH_RC4_128_SHA- See Also:
-
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
public static final int TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA- See Also:
-
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
public static final int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA- See Also:
-
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
public static final int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA- See Also:
-
TLS_ECDH_RSA_WITH_NULL_SHA
public static final int TLS_ECDH_RSA_WITH_NULL_SHA- See Also:
-
TLS_ECDH_RSA_WITH_RC4_128_SHA
public static final int TLS_ECDH_RSA_WITH_RC4_128_SHA- See Also:
-
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
public static final int TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA- See Also:
-
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
public static final int TLS_ECDH_RSA_WITH_AES_128_CBC_SHA- See Also:
-
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
public static final int TLS_ECDH_RSA_WITH_AES_256_CBC_SHA- See Also:
-
TLS_ECDHE_RSA_WITH_NULL_SHA
public static final int TLS_ECDHE_RSA_WITH_NULL_SHA- See Also:
-
TLS_ECDHE_RSA_WITH_RC4_128_SHA
public static final int TLS_ECDHE_RSA_WITH_RC4_128_SHA- See Also:
-
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
public static final int TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA- See Also:
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
public static final int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA- See Also:
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
public static final int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA- See Also:
-
TLS_ECDH_anon_WITH_NULL_SHA
public static final int TLS_ECDH_anon_WITH_NULL_SHA- See Also:
-
TLS_ECDH_anon_WITH_RC4_128_SHA
public static final int TLS_ECDH_anon_WITH_RC4_128_SHA- See Also:
-
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
public static final int TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA- See Also:
-
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
public static final int TLS_ECDH_anon_WITH_AES_128_CBC_SHA- See Also:
-
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
public static final int TLS_ECDH_anon_WITH_AES_256_CBC_SHA- See Also:
-
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
public static final int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256- See Also:
-
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
public static final int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384- See Also:
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
public static final int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256- See Also:
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
public static final int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384- See Also:
-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
public static final int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256- See Also:
-
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
public static final int TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384- See Also:
-
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
public static final int TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256- See Also:
-
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
public static final int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256- See Also:
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
public static final int TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384- See Also:
-
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
public static final int TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256- See Also:
-
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
public static final int TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256- See Also:
-
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
public static final int TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256- See Also:
-
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
public static final int TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256- See Also:
-
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
public static final int TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256- See Also:
-
TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
public static final int TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256- See Also:
-
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
public static final int TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256- See Also:
-
TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384
public static final int TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384- See Also:
-
TLS_AES_128_GCM_SHA256
public static final int TLS_AES_128_GCM_SHA256- See Also:
-
TLS_AES_256_GCM_SHA384
public static final int TLS_AES_256_GCM_SHA384- See Also:
-
TLS_CHACHA20_POLY1305_SHA256
public static final int TLS_CHACHA20_POLY1305_SHA256- See Also:
-
readLock
-
writeLock
-
isClosed
private boolean isClosed -
inRead
private boolean inRead -
inWrite
private boolean inWrite -
inetAddress
-
port
private int port -
sockProxy
-
open
private boolean open -
handshakeAsClient
private boolean handshakeAsClient -
base
-
SSL_REQUIRE_NEVER
public static final int SSL_REQUIRE_NEVER- See Also:
-
SSL_REQUIRE_ALWAYS
public static final int SSL_REQUIRE_ALWAYS- See Also:
-
SSL_REQUIRE_FIRST_HANDSHAKE
public static final int SSL_REQUIRE_FIRST_HANDSHAKE- See Also:
-
SSL_REQUIRE_NO_ERROR
public static final int SSL_REQUIRE_NO_ERROR- See Also:
-
SSL_RENEGOTIATE_NEVER
public static final int SSL_RENEGOTIATE_NEVER- See Also:
-
SSL_RENEGOTIATE_REQUIRES_XTN
public static final int SSL_RENEGOTIATE_REQUIRES_XTN- See Also:
-
SSL_RENEGOTIATE_UNRESTRICTED
public static final int SSL_RENEGOTIATE_UNRESTRICTED- See Also:
-
SSL_RENEGOTIATE_TRANSITIONAL
public static final int SSL_RENEGOTIATE_TRANSITIONAL- See Also:
-
socketListeners
-
handshakeCompletedListeners
-
-
Constructor Details
-
SSLSocket
SSLSocket()For sockets that get created by accept(). -
SSLSocket
Creates an SSL client socket and connects to the specified host and port.- Parameters:
host
- The hostname to connect to.port
- The port to connect to.- Throws:
IOException
-
SSLSocket
Creates an SSL client socket and connects to the specified address and port.- Parameters:
address
- The IP address to connect to.port
- The port to connect to.- Throws:
IOException
-
SSLSocket
Creates an SSL client socket and connects to the specified host and port. Binds to the given local address and port.- Parameters:
host
- The hostname to connect to.port
- The port to connect to.localAddr
- The local address to bind to. It can be null, in which case an unspecified local address will be chosen.localPort
- The local port to bind to. If 0, a random port will be assigned to the socket.- Throws:
IOException
-
SSLSocket
public SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort) throws IOException Creates an SSL client socket and connects to the specified address and port. Binds to the given local address and port.- Parameters:
address
- The IP address to connect to.port
- The port to connect to.localAddr
- The local address to bind to. It can be null, in which case an unspecified local address will be chosen.localPort
- The local port to bind to. If 0, a random port will be assigned to the socket.- Throws:
IOException
-
SSLSocket
public SSLSocket(String host, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) throws IOException Creates an SSL client socket and connects to the specified host and port. Binds to the given local address and port. Installs the given callbacks for certificate approval and client certificate selection.- Parameters:
host
- The hostname to connect to.port
- The port to connect to.localAddr
- The local address to bind to. It can be null, in which case an unspecified local address will be chosen.localPort
- The local port to bind to. If 0, a random port will be assigned to the socket.certApprovalCallback
- A callback that can be used to override approval of the peer's certificate.clientCertSelectionCallback
- A callback to select the client certificate to present to the peer.- Throws:
IOException
-
SSLSocket
@Deprecated public SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort, boolean stream, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) throws IOException Deprecated.As of JSS 3.0. The stream parameter is ignored, because only stream sockets are supported.Creates an SSL client socket and connects to the specified address and port. Binds to the given local address and port. Installs the given callbacks for certificate approval and client certificate selection.- Parameters:
address
- The IP address to connect to.port
- The port to connect to.localAddr
- The local address to bind to. It can be null, in which case an unspecified local address will be chosen.localPort
- The local port to bind to. If 0, a random port will be assigned to the socket.stream
- This parameter is ignored. All SSLSockets are stream sockets.certApprovalCallback
- A callback that can be used to override approval of the peer's certificate.clientCertSelectionCallback
- A callback to select the client certificate to present to the peer.- Throws:
IOException
-
SSLSocket
public SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) throws IOException Creates an SSL client socket and connects to the specified address and port. Binds to the given local address and port. Installs the given callbacks for certificate approval and client certificate selection.- Parameters:
address
- The IP address to connect to.port
- The port to connect to.localAddr
- The local address to bind to. It can be null, in which case an unspecified local address will be chosen.localPort
- The local port to bind to. If 0, a random port will be assigned to the socket.certApprovalCallback
- A callback that can be used to override approval of the peer's certificate.clientCertSelectionCallback
- A callback to select the client certificate to present to the peer.- Throws:
IOException
-
SSLSocket
private SSLSocket(InetAddress address, String hostname, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) throws IOException - Throws:
IOException
-
SSLSocket
public SSLSocket(Socket s, String host, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback) throws IOException Creates an SSL client socket using the given Java socket for underlying I/O. Installs the given callbacks for certificate approval and client certificate selection.- Parameters:
s
- The Java socket to use for underlying I/O.host
- The hostname of the remote side of the connection. This name is used to verify the server's certificate.certApprovalCallback
- A callback that can be used to override approval of the peer's certificate.clientCertSelectionCallback
- A callback to select the client certificate to present to the peer.- Throws:
IOException
-
-
Method Details
-
setSockProxy
Should only be called by SSLServerSocket after a successful accept(). -
getInetAddress
- Overrides:
getInetAddress
in classSocket
- Returns:
- The remote peer's IP address or null if the SSLSocket is closed.
-
getLocalAddress
- Overrides:
getLocalAddress
in classSocket
- Returns:
- The local IP address or null if the SSLSocket is closed.
-
getLocalPort
public int getLocalPort()- Overrides:
getLocalPort
in classSocket
- Returns:
- The local port or -1 if the SSLSocket is closed.
-
getPort
public int getPort() -
getInputStream
Returns the input stream for reading from this socket.- Overrides:
getInputStream
in classSocket
- Throws:
IOException
-
getOutputStream
Returns the output stream for writing to this socket.- Overrides:
getOutputStream
in classSocket
- Throws:
IOException
-
setTcpNoDelay
Enables or disables the TCP_NO_DELAY socket option. Enabling this option will disable the Nagle algorithm.- Overrides:
setTcpNoDelay
in classSocket
- Throws:
SocketException
-
getTcpNoDelay
Returns the current setting of the TCP_NO_DELAY socket option.- Overrides:
getTcpNoDelay
in classSocket
- Throws:
SocketException
-
setKeepAlive
Enables or disables the SO_KEEPALIVE socket option.- Overrides:
setKeepAlive
in classSocket
- Throws:
SocketException
-
getKeepAlive
Returns the current setting of the SO_KEEPALIVE socket option.- Overrides:
getKeepAlive
in classSocket
- Throws:
SocketException
-
shutdownInput
Shuts down the input side of the socket.- Overrides:
shutdownInput
in classSocket
- Throws:
IOException
-
shutdownOutput
Shuts down the output side of the socket.- Overrides:
shutdownOutput
in classSocket
- Throws:
IOException
-
shutdownNative
- Throws:
IOException
-
abortReadWrite
- Throws:
IOException
-
setSoLinger
Sets the SO_LINGER socket option. param linger The time (in seconds) to linger for.- Overrides:
setSoLinger
in classSocket
- Throws:
SocketException
-
getSoLinger
Returns the current value of the SO_LINGER socket option.- Overrides:
getSoLinger
in classSocket
- Throws:
SocketException
-
setSoTimeout
Sets the SO_TIMEOUT socket option.- Overrides:
setSoTimeout
in classSocket
- Parameters:
timeout
- The timeout time in milliseconds.- Throws:
SocketException
-
getSoTimeout
Returns the current value of the SO_TIMEOUT socket option.- Overrides:
getSoTimeout
in classSocket
- Returns:
- The timeout time in milliseconds.
- Throws:
SocketException
-
setSendBufferSize
Sets the size (in bytes) of the send buffer.- Overrides:
setSendBufferSize
in classSocket
- Throws:
SocketException
-
getSendBufferSize
Returns the size (in bytes) of the send buffer.- Overrides:
getSendBufferSize
in classSocket
- Throws:
SocketException
-
setReceiveBufferSize
Sets the size (in bytes) of the receive buffer.- Overrides:
setReceiveBufferSize
in classSocket
- Throws:
SocketException
-
getReceiveBufferSize
Returns the size (in bytes) of the receive buffer.- Overrides:
getReceiveBufferSize
in classSocket
- Throws:
SocketException
-
close
Closes this socket.- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceCloseable
- Overrides:
close
in classSocket
- Throws:
IOException
-
socketConnect
- Throws:
SocketException
-
addSocketListener
-
removeSocketListener
-
fireAlertReceivedEvent
-
fireAlertSentEvent
-
addHandshakeCompletedListener
Adds a listener to be notified when an SSL handshake completes. -
removeHandshakeCompletedListener
Removes a previously registered listener for handshake completion. -
notifyAllHandshakeListeners
private void notifyAllHandshakeListeners() -
enableSSL2
Enables SSL v2 on this socket. It is enabled by default, unless the default has been changed withenableSSL2Default
.- Throws:
SocketException
-
enableSSL2Default
Sets the default for SSL v2 for all new sockets.- Throws:
SocketException
-
enableSSL3
Enables SSL v3 on this socket. It is enabled by default, unless the default has been changed withenableSSL3Default
.- Throws:
SocketException
-
enableSSL3Default
Sets the default for SSL v3 for all new sockets.- Throws:
SocketException
-
enableTLS
Enables TLS on this socket. It is enabled by default, unless the default has been changed withenableTLSDefault
.- Throws:
SocketException
-
enableTLSDefault
Sets the default for TLS for all new sockets.- Throws:
SocketException
-
enableSessionTickets
Enables Session tickets on this socket. It is disabled by default, unless the default has been changed withenableSessionTicketsDefault
.- Throws:
SocketException
-
enableSessionTicketsDefault
Sets the default for Session Tickets for all new sockets.- Throws:
SocketException
-
enableRenegotiation
Enables the mode of renegotiation that the peer must use on this socket. Default is never renegotiate at all. Unless the default has been changed withSSLSocket.enableRenegotiationDefault
.- Parameters:
mode
- One of: SSLSocket.SSL_RENEGOTIATE_NEVER - Never renegotiate at all. SSLSocket.SSL_RENEGOTIATE_UNRESTRICTED - Renegotiate without restriction, whether or not the peer's hello bears the TLS renegotiation info extension. Vulnerable, as in the past. SSLSocket.SSL_RENEGOTIATE_REQUIRES_XTN - Only renegotiate if the peer's hello bears the TLS renegotiation_info extension. This is safe renegotiation. SSLSocket.SSL_RENEGOTIATE_TRANSITIONAL - Disallow unsafe renegotiation in server sockets only, but allow clients to continue to renegotiate with vulnerable servers. This value should only be used during the transition period when few servers have been upgraded.- Throws:
SocketException
-
enableRenegotiationDefault
Set the mode of renegotiation that the peer must use for all new sockets. The default is never renegotiate at all.- Parameters:
mode
- One of: SSLSocket.SSL_RENEGOTIATE_NEVER - Never renegotiate at all. SSLSocket.SSL_RENEGOTIATE_UNRESTRICTED - Renegotiate without restriction, whether or not the peer's hello bears the TLS renegotiation info extension. Vulnerable, as in the past. SSLSocket.SSL_RENEGOTIATE_REQUIRES_XTN - Only renegotiate if the peer's hello bears the TLS renegotiation_info extension. This is safe renegotiation. SSLSocket.SSL_RENEGOTIATE_TRANSITIONAL - Disallow unsafe renegotiation in server sockets only, but allow clients to continue to renegotiate with vulnerable servers. This value should only be used during the transition period when few servers have been upgraded.- Throws:
SocketException
-
enableRequireSafeNegotiation
For this socket require that the peer must send Signaling Cipher Suite Value (SCSV) or Renegotiation Info (RI) extension in ALL handshakes. It is disabled by default, unless the default has been changed withSSLSocket.enableRequireSafeNegotiationDefault
.- Throws:
SocketException
-
enableRequireSafeNegotiationDefault
For this socket require that the peer must send Signaling Cipher Suite Value (SCSV) or Renegotiation Info (RI) extension in ALL handshakes. It is disabled by default.- Throws:
SocketException
-
enableRollbackDetection
Enable rollback detection for this socket. It is enabled by default, unless the default has been changed withenableRollbackDetectionDefault
.- Throws:
SocketException
-
enableRollbackDetectionDefault
Sets the default rollback detection for all new sockets.- Throws:
SocketException
-
enableStepDown
This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites. If the server cert's public key is 512 bits or less this option is ignored because step-down keys don't need to be generated. If the server cert's public key is more than 512 bits, this option has the following effect: enable=true: generate step-down keys enable=false: don't generate step-down keys; disable export cipher suites This option is enabled by default; unless the default has been changed withSSLSocket.enableStepDownDefault
.- Throws:
SocketException
-
enableStepDownDefault
This option, enableStepDownDefault, is concerned with the generation of step-down keys which are used with export suites. This options will set the default for all sockets. If the server cert's public key is 512 bits of less, this option is ignored because step-down keys don't need to be generated. If the server cert's public key is more than 512 bits, this option has the following effect: enable=true: generate step-down keys enable=false: don't generate step-down keys; disable export cipher suites This option is enabled by default for all sockets.- Throws:
SocketException
-
enableFDX
Enable simultaneous read/write by separate read and write threads (full duplex) for this socket. It is disabled by default, unless the default has been changed withenableFDXDefault
.- Throws:
SocketException
-
enableFDXDefault
Sets the default to permit simultaneous read/write by separate read and write threads (full duplex) for all new sockets.- Throws:
SocketException
-
enableV2CompatibleHello
Enable sending v3 client hello in v2 format for this socket. It is enabled by default, unless the default has been changed withenableV2CompatibleHelloDefault
.- Throws:
SocketException
-
enableV2CompatibleHelloDefault
Sets the default to send v3 client hello in v2 format for all new sockets.- Throws:
SocketException
-
enablePostHandshakeAuth
Enable or disable post-handshake auth for a single socket.- Throws:
SocketException
-
enablePostHandshakeAuthDefault
Sets the default to allow post-handshake auth globally.- Throws:
SocketException
-
getSSLOptions
- Returns:
- a String listing the current SSLOptions for this SSLSocket.
-
getSSLDefaultOption
- Parameters:
option
-- Returns:
- 0 for option disabled 1 for option enabled.
- Throws:
SocketException
-
getSSLDefaultOptions
- Returns:
- a String listing the Default SSLOptions for all SSLSockets.
-
requireClientAuth
Deprecated.use requireClientAuth(int)Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.- Throws:
SocketException
-
requireClientAuth
Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself with the requirement that was set.- Parameters:
mode
- One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR- Throws:
SocketException
-
requireClientAuthDefault
@Deprecated public void requireClientAuthDefault(boolean require, boolean onRedo) throws SocketException Deprecated.use requireClientAuthDefault(int)Sets the default setting for requiring client authorization. All subsequently created sockets will use this default setting.- Throws:
SocketException
-
requireClientAuthDefault
Sets the default setting for requiring client authorization. All subsequently created sockets will use this default setting This is only meaningful for the server end of the SSL connection.- Parameters:
mode
- One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR- Throws:
SocketException
-
forceHandshake
Force an already started SSL handshake to complete. This method should block until the handshake has completed.- Throws:
SocketException
-
setUseClientMode
public void setUseClientMode(boolean b) Determines whether this end of the socket is the client or the server for purposes of the SSL protocol. By default, it is the client.- Parameters:
b
- true if this end of the socket is the SSL slient, false if it is the SSL server.
-
getUseClientMode
public boolean getUseClientMode()- Returns:
- true if this end of the socket is the SSL client, false if it is the SSL server.
-
resetHandshake
Resets the handshake state.- Throws:
SocketException
-
resetHandshakeNative
- Throws:
SocketException
-
getStatus
Returns the security status of this socket.- Throws:
SocketException
-
setClientCertNickname
Sets the nickname of the certificate to use for client authentication. Alternately, you can specify an SSLClientCertificateSelectionCallback, which will receive a list of certificates that are valid for client authentication.- Throws:
SocketException
- See Also:
-
setClientCert
Sets the certificate to use for client authentication. Alternately, you can specify an SSLClientCertificateSelectionCallback, which will receive a list of certificates that are valid for client authentication.- Throws:
SocketException
- See Also:
-
requestClientAuth
Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.- Throws:
SocketException
- See Also:
-
setNeedClientAuth
Deprecated.As of JSS 3.0. This method is misnamed. UserequestClientAuth
instead.- Throws:
SocketException
-
setNeedClientAuthNoExpiryCheck
Deprecated.As of JSS 3.0. This method is misnamed. UserequestClientAuthNoExpiryCheck
instead.Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.In addition, the client certificate's expiration will not prevent it from being accepted.
- Throws:
SocketException
- See Also:
-
useCache
Enables/disables the session cache. By default, the session cache is enabled.- Throws:
SocketException
-
useCacheDefault
Sets the default setting for use of the session cache.- Throws:
SocketException
-
setSSLVersionRangeDefault
public static void setSSLVersionRangeDefault(SSLProtocolVariant ssl_variant, SSLVersionRange range) throws SocketException - Throws:
SocketException
-
boundSSLVersionRange
public static SSLVersionRange boundSSLVersionRange(SSLProtocolVariant ssl_variant, SSLVersionRange range) throws SocketException - Throws:
SocketException
-
setSSLVersionRangeDefault
private static void setSSLVersionRangeDefault(int ssl_variant, int min, int max) throws SocketException Sets SSL Version Range Default- Throws:
SocketException
-
boundSSLVersionRange
private static SSLVersionRange boundSSLVersionRange(int ssl_variant, int min, int max) throws SocketException Checks SSL Version Range against Default- Throws:
SocketException
-
setSSLDefaultOption
- Throws:
SocketException
-
setSSLDefaultOption
Sets SSL Default options that have simple enable/disable values.- Throws:
SocketException
-
setSSLDefaultOptionMode
Set SSL default options that have more modes than enable/disable.- Throws:
SocketException
-
setCipherPreference
Enables/disables the cipher on this socket.- Throws:
SocketException
-
getCipherPreference
Returns whether this cipher is enabled or disabled on this socket.- Throws:
SocketException
-
setCipherPreferenceDefault
Sets the default for whether this cipher is enabled or disabled.- Throws:
SocketException
-
getCipherPreferenceDefault
Returns the default for whether this cipher is enabled or disabled.- Throws:
SocketException
-
socketAvailable
- Throws:
IOException
-
read
- Throws:
IOException
SocketTimeoutException
-
write
- Throws:
IOException
SocketTimeoutException
-
socketRead
- Throws:
IOException
-
socketWrite
- Throws:
IOException
-
invalidateSession
Removes the current session from the session cache.- Throws:
SocketException
-
redoHandshake
Causes SSL to begin a full, new SSL 3.0 handshake from scratch on a connection that has already completed one handshake.Does not flush the SSL3 cache entry first, so a full handshake will not take place. Instead only the symmetric session keys will be regenerated.
- Throws:
SocketException
-
redoHandshake
Causes SSL to begin a full, new SSL 3.0 handshake from scratch on a connection that has already completed one handshake.- Parameters:
flushCache
- If true, this session will be flushed from the cache. This will force a complete SSL handshake with a private key operation. If false, only the session key will be regenerated.- Throws:
SocketException
-
finalize
Deprecated.finalize() in Object has been deprecated -
setCipherPolicy
Sets the SSL cipher policy. This must be called before creating any SSL sockets.- Throws:
SocketException
-
setCipherPolicyNative
- Throws:
SocketException
-
toString
Returns the addresses and ports of this socket or an error message if the socket is not in a valid state. -
isFipsCipherSuite
isFipsCipherSuite- Returns:
- true if the ciphersuite isFIPS, false otherwise
- Throws:
SocketException
-
isFipsCipherSuiteNative
- Throws:
SocketException
-
getImplementedCipherSuites
public static int[] getImplementedCipherSuites()Returns a list of cipher suites that are implemented by NSS. Each element in the array will be one of the cipher suite constants defined in this class (for example,TLS_RSA_WITH_AES_128_CBC_SHA
).
-