Class SSLOptions

    • Field Detail

      • DEFAULT_USE_ALPN

        public static final boolean DEFAULT_USE_ALPN
        Default use alpn = false
        See Also:
        Constant Field Values
      • DEFAULT_SSL_HANDSHAKE_TIMEOUT

        public static final long DEFAULT_SSL_HANDSHAKE_TIMEOUT
        The default value of SSL handshake timeout = 10
        See Also:
        Constant Field Values
      • DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT

        public static final TimeUnit DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT
        Default SSL handshake time unit = SECONDS
      • DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS

        public static final List<String> DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS
        The default ENABLED_SECURE_TRANSPORT_PROTOCOLS value = { "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" }

        SSLv3 is NOT enabled due to POODLE vulnerability http://en.wikipedia.org/wiki/POODLE

        "SSLv2Hello" is NOT enabled since it's disabled by default since JDK7

    • Constructor Detail

      • SSLOptions

        public SSLOptions()
        Default constructor
      • SSLOptions

        public SSLOptions​(SSLOptions other)
        Copy constructor
        Parameters:
        other - the options to copy
      • SSLOptions

        public SSLOptions​(JsonObject json)
        Create options from JSON
        Parameters:
        json - the JSON
    • Method Detail

      • init

        protected void init()
      • getKeyCertOptions

        public KeyCertOptions getKeyCertOptions()
        Returns:
        the key/cert options
      • setKeyCertOptions

        public SSLOptions setKeyCertOptions​(KeyCertOptions options)
        Set the key/cert options.
        Parameters:
        options - the key store options
        Returns:
        a reference to this, so the API can be used fluently
      • getTrustOptions

        public TrustOptions getTrustOptions()
        Returns:
        the trust options
      • setTrustOptions

        public SSLOptions setTrustOptions​(TrustOptions options)
        Set the trust options.
        Parameters:
        options - the trust options
        Returns:
        a reference to this, so the API can be used fluently
      • addEnabledCipherSuite

        public SSLOptions addEnabledCipherSuite​(String suite)
        Add an enabled cipher suite, appended to the ordered suites.
        Parameters:
        suite - the suite
        Returns:
        a reference to this, so the API can be used fluently
        See Also:
        getEnabledCipherSuites()
      • removeEnabledCipherSuite

        public SSLOptions removeEnabledCipherSuite​(String suite)
        Removes an enabled cipher suite from the ordered suites.
        Parameters:
        suite - the suite
        Returns:
        a reference to this, so the API can be used fluently
      • getEnabledCipherSuites

        public Set<String> getEnabledCipherSuites()
        Return an ordered set of the cipher suites.

        The set is initially empty and suite should be added to this set in the desired order.

        When suites are added and therefore the list is not empty, it takes precedence over the default suite defined by the SSLEngineOptions in use.

        Returns:
        the enabled cipher suites
      • getCrlPaths

        public List<String> getCrlPaths()
        Returns:
        the CRL (Certificate revocation list) paths
      • getCrlValues

        public List<Buffer> getCrlValues()
        Get the CRL values
        Returns:
        the list of values
      • isUseAlpn

        public boolean isUseAlpn()
        Returns:
        whether to use or not Application-Layer Protocol Negotiation
      • setUseAlpn

        public SSLOptions setUseAlpn​(boolean useAlpn)
        Set the ALPN usage.
        Parameters:
        useAlpn - true when Application-Layer Protocol Negotiation should be used
      • getEnabledSecureTransportProtocols

        public Set<String> getEnabledSecureTransportProtocols()
        Returns the enabled SSL/TLS protocols
        Returns:
        the enabled protocols
      • getSslHandshakeTimeout

        public long getSslHandshakeTimeout()
        Returns:
        the SSL handshake timeout, in time unit specified by getSslHandshakeTimeoutUnit().
      • setSslHandshakeTimeout

        public SSLOptions setSslHandshakeTimeout​(long sslHandshakeTimeout)
        Set the SSL handshake timeout, default time unit is seconds.
        Parameters:
        sslHandshakeTimeout - the SSL handshake timeout to set, in milliseconds
        Returns:
        a reference to this, so the API can be used fluently
      • setSslHandshakeTimeoutUnit

        public SSLOptions setSslHandshakeTimeoutUnit​(TimeUnit sslHandshakeTimeoutUnit)
        Set the SSL handshake timeout unit. If not specified, default is seconds.
        Parameters:
        sslHandshakeTimeoutUnit - specify time unit.
        Returns:
        a reference to this, so the API can be used fluently
      • getSslHandshakeTimeoutUnit

        public TimeUnit getSslHandshakeTimeoutUnit()
        Returns:
        the SSL handshake timeout unit.
      • setEnabledSecureTransportProtocols

        public SSLOptions setEnabledSecureTransportProtocols​(Set<String> enabledSecureTransportProtocols)
        Sets the list of enabled SSL/TLS protocols.
        Parameters:
        enabledSecureTransportProtocols - the SSL/TLS protocols to enable
        Returns:
        a reference to this, so the API can be used fluently
      • addEnabledSecureTransportProtocol

        public SSLOptions addEnabledSecureTransportProtocol​(String protocol)
        Add an enabled SSL/TLS protocols, appended to the ordered protocols.
        Parameters:
        protocol - the SSL/TLS protocol to enable
        Returns:
        a reference to this, so the API can be used fluently
      • removeEnabledSecureTransportProtocol

        public SSLOptions removeEnabledSecureTransportProtocol​(String protocol)
        Removes an enabled SSL/TLS protocol from the ordered protocols.
        Parameters:
        protocol - the SSL/TLS protocol to disable
        Returns:
        a reference to this, so the API can be used fluently
      • getApplicationLayerProtocols

        public List<String> getApplicationLayerProtocols()
        Returns:
        the list of application-layer protocols send during the Application-Layer Protocol Negotiation.
      • setApplicationLayerProtocols

        public SSLOptions setApplicationLayerProtocols​(List<String> protocols)
        Set the list of application-layer protocols to provide to the server during the Application-Layer Protocol Negotiation.
        Parameters:
        protocols - the protocols
        Returns:
        a reference to this, so the API can be used fluently
      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object
      • toJson

        public JsonObject toJson()
        Convert to JSON
        Returns:
        the JSON